Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
VXLAN setup with IPsec same IP subnet
« previous
next »
Print
Pages: [
1
]
Author
Topic: VXLAN setup with IPsec same IP subnet (Read 237 times)
vgsinno
Newbie
Posts: 1
Karma: 0
VXLAN setup with IPsec same IP subnet
«
on:
April 10, 2024, 11:14:10 am »
Hi all,
I try to build a VPN tunnel with IPsec and VxLAN between 2 locations and bridge same IP subnet on both side.
At first i build a configuration like below and it worked just fine.
[PC 192.168.1.2]<->[192.168.1.1/24
Bridge
OPT1+VxLAN][
OPNsense A
][OPT2 10.1.0.2/16]<->{ ipsec tunnel}-INTERNET-{ipsec tunnel}-[10.2.0.2/16 OPT2][
OPNsense B
][192.168.2.1/24
Bridge
OPT1+VxLAN]<->[PC 192.168.2.2]
then I followed this instruction "Reply #4":
https://forum.opnsense.org/index.php?topic=37182.msg182040#msg182040
[PC 192.168.1.3]<->[192.168.1.1/24
Bridge
OPT1+VxLAN][
OPNsense A
][OPT2 10.1.0.2/16]<->{ ipsec tunnel}-INTERNET-{ipsec tunnel}-[10.2.0.2/16 OPT2][
OPNsense B
][192.168.1.2/24
Bridge
OPT1+VxLAN]<->[PC 192.168.1.4]
it didn't worked
VxLAN edited like this on A:
Source address: 10.1.0.2
Remote address: 10.2.0.2
Hypervisor: Proxmox
Now I have few questions
1.
Can it be the normal "IPsec"
The VTI route based
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html
or doesn't matter?
2.Does the OPNsense support such configuration, if yes, where is the mistake or where did i forgot something?
Thanks
«
Last Edit: April 10, 2024, 11:24:50 am by vgsinno
»
Logged
Saverio Loiacono
Newbie
Posts: 1
Karma: 0
Re: VXLAN setup with IPsec same IP subnet
«
Reply #1 on:
Today
at 05:02:56 pm »
I have the same problem.
Opnsense support this configuration ?
Thanks
Logged
Monviech
Hero Member
Posts: 896
Karma: 93
Re: VXLAN setup with IPsec same IP subnet
«
Reply #2 on:
Today
at 05:25:52 pm »
Yeah you can do it easily with ipsec and a small trick.
- Create loopback interfaces on both sides.
- Create a policy based IPsec tunnel between the loopback interfaces.
- Create the vxlan interfaces and make them use the loopback interfaces to connect with each other over the ipsec tunnel.
- Adjust the MTU and MSS because vxlan and ipsec create protocol overhead.
-Bridge the vxlan interfaces and the LAN interfaces, use that bridge assigned to an interface. The tutorial how to create a transparent filtering bridge helps here.
With a aetup like that I have connected opnsenses with vxlan, but also created raspberry pis that bridged the lan of the main OPNsense directly out of their ports. So its all doable with some effort and tests.
«
Last Edit:
Today
at 05:28:14 pm by Monviech
»
Logged
Reverse Proxy with automatic HTTPS and Dynamic Dns
os-caddy
,
Tutorial
,
Docs
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
VXLAN setup with IPsec same IP subnet