Site2Site TAP Bridge How to do ?

[gtrdriver]

Hello

I have the Need to Bridge (Layer2) using TAP and OpenVPN two Networks with same IP Range.

Example:

Lan1 (192.168.0.0/24) <> OpnSense  <> WanIP --- Openvpn Tunnel TAP ---WanIP <> OpnSense <> Lan2 (192.168.0.0/24)

I think this sould be possible using opnSense and OpenVPN in TAP Mode - but i dont find any working Tutorial for this Config.

One of the best Conftigs i found was on Pfsense for Site2Client using TAP but not S2S

Is here anyone who successfully made a S2S Bridge with TAP using OpnSense ?

Im Thankfull for every Help !

Best REgards

[Demusman]

Hello,
I don't use OpnSense yet but I do the same thing you want on pfSense. (just looking at OpnSense at the moment)
Assuming the OpenVPN settings are the same as pfSense, you can follow this:

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html

But first you'll need to create your certificates. Do that by following this:

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html

Once you assign the OpenVPN virtual port to a physical port, you do have available physical ports on both sides I hope, you can connect it to your LAN switch. This will send your LAN over the tunnel.

On the client side you will import the certificates needed, then create a client using peer to peer (SSL/TLS).
Then assign the OpenVPN interface on that side, bridge it with a physical interface and assign it an address on the LAN. I would suggest breaking the LAN into virtual /25's on both sides if possible, so assign the virtual interface on the client with 192.168.0.128. You might also want to create a new DHCP pool for the remote side but not necessary.

That should do it. I just recently took down my tap VPN so I'm going from memory but I think that's it.