Simple VxLan between two subnets

[dphonov2]

Hi all,

I have two sites, connected via IPSEC VPNs. OPNSense does not terminate either of these VPNs.

Instead, at each site I have OPNSense deployed and exposed over IPSEC.

OPNSense LAN A <--> FW1    [INTERNET][IPSEC]     <--> FW2 <-->  OPNSense LAN B
Other LAN A Hosts <--> FW 1                                          FW2 <-->  Other LAN B Hosts

I'm attempting to use VxLan and have LAN A and LAN B be the same Layer2/broadcast domain.


I've successfully setup a VxLan route between the two and on the LAN B side I can even see all the broadcast/multicast traffic on FW2 I expect to see (from hosts that are "foreign" to it and exist on the otherside of the IPSEC tunnel).

On the LAN A side, using a different VM, if I attempt to ping TESTHOST1 in LAN B sharing the same /24, I get the correct arp from TESTHOST1's NIC!... But Im not routing.

And that's where I'm stuck.

I thought it could be because OPNSense is not the default gateway for these hosts. FW1 & FW2 are...
But it stops making sense since i'm not supposed to need a default gateway to route... to a local subnet. Just its MAC.

Would I need to proxy arp for each side?

Any insight appreciated

[dphonov2]

Update:

I reset and started again on the LAN A side and I got routing working!

Would like to solve this now:

In pinging from a host on LAN A to LAN B on the same /24 I get:

64 bytes from 192.168.5.251: icmp_seq=1 ttl=64 time=3.68 ms
64 bytes from 192.168.5.251: icmp_seq=1 ttl=64 time=4.62 ms (DUP!)
64 bytes from 192.168.5.251: icmp_seq=2 ttl=64 time=3.65 ms
64 bytes from 192.168.5.251: icmp_seq=2 ttl=64 time=4.57 ms (DUP!)
64 bytes from 192.168.5.251: icmp_seq=3 ttl=64 time=3.46 ms
64 bytes from 192.168.5.251: icmp_seq=3 ttl=64 time=4.76 ms (DUP!)



And I'm not sure why the duplicate packet?

As a note, I did have to bridge the VxLan interface that was created after I created an entry in the VXLAN menu to the LAN adapter in order to get this working.