VXLAN setup

Started by opnsense@dkeith.com, November 23, 2023, 08:13:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 23, 2023, 08:13:55 PM
OK I have tried and not got very far. have not found any documentation on how to implement on opnsense.

As a starter I have working L3 Can ping between PC
[PC 192.168.1.2]-192.168.1.1/24-LAN[opnsese A]-{10.1.1.1 ipsec tunnel}-INTERNET-{10.1.1.2 ipsec tunnel}-[opnsense B]LAN-192.168.2.1/24-[PC 192.168.2.2]

Im looking to use vxlan to extend a layer 2 network from Site A to Site B
[PC 192.168.1.2]-192.168.1.0/24-VxLAN[opnsense A]-{10.1.1.1 ipsec tunnel}-INTERNET-{10.1.1.2 ipsec tunnel}-[opnsense B]VxLAN-192.168.1.0/24-[PC 192.168.1.3]

I am using a bridge to  [lan and vxlan]
im using the ip address of the  ipsec tunnel for vxlan.

Has anyone got a guide on setup ?

thanks
November 23, 2023, 11:19:11 PM #1
November 24, 2023, 01:01:56 PM #2
I have looked at the that post numerus times. :(

Dose the vxlan need an ip address, if so in what subnet? Im assuming not as it should be a L2 tunnel ?
How is the vxlan connected to the physical port on the firewall? Do I use a bridge?

At some some point there will need at be an interface with an address to allow external connectivity in/out of the  L2 vxlan network. 
would carp be available?

I can use as a know starter position i can use https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html
How can the network have Vxlan overlaid to have Site B PC be in the same L2 network as site A PC

November 24, 2023, 05:38:57 PM #3
think iv have cracked it.
will wright up the notes. but lets just blame vmware port security stuff in the meantime.
November 28, 2023, 10:44:53 AM #4
1. If doing this on VMware check the port security on the ports connecting to the firewall.
2. OPT1 Physical interface will be for the connection of VXLAN


Router A
Add interface>Other types>VXLAN
VNI=1
Source address= local L3 Interface facing Router B
Remote address= remote L3 Interface on Router B

Interface> Assignments
Add OPT1( where the l2 network will connect)
Add new vxlan interface.

Interface > VXLAN
Enable Interface
No IP address

Interface > OPT1
Enable Interface
No IP address

Add interface>Other types>Bridge
members= OPT1 + vxlan

Interface> Assignments
Add Bridge

Interface > Bridge
Enable Interface
Add the l3 network gateway IP address here for the l2 subnet

System > Tunables
net.link.bridge.pfil_bridge   (Set to 1 to enable filtering on the bridge interface) = 1
net.link.bridge.pfil_member (Set to 0 to disable filtering on the incoming and outgoing member interfaces.   ) = 0

REBOOT!!!!!!!

Firewall Rules > Bridge
Do the firewall rules here :)

Repeat for Router B
swap the IP address on the vxlan device

If it not working check the device that you are plugging the firewall into for security at layer 2 eg vmware port security



Print
Go Up Pages1
User actions