Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
VXLAN setup
« previous
next »
Print
Pages: [
1
]
Author
Topic: VXLAN setup (Read 3671 times)
opnsense@dkeith.com
Newbie
Posts: 12
Karma: 0
VXLAN setup
«
on:
November 23, 2023, 08:13:55 pm »
OK I have tried and not got very far. have not found any documentation on how to implement on opnsense.
As a starter I have working L3 Can ping between PC
[PC 192.168.1.2]-192.168.1.1/24-LAN[opnsese A]-{10.1.1.1 ipsec tunnel}-INTERNET-{10.1.1.2 ipsec tunnel}-[opnsense B]LAN-192.168.2.1/24-[PC 192.168.2.2]
Im looking to use vxlan to extend a layer 2 network from Site A to Site B
[PC 192.168.1.2]-192.168.1.0/24-VxLAN[opnsense A]-{10.1.1.1 ipsec tunnel}-INTERNET-{10.1.1.2 ipsec tunnel}-[opnsense B]VxLAN-192.168.1.0/24-[PC 192.168.1.3]
I am using a bridge to [lan and vxlan]
im using the ip address of the ipsec tunnel for vxlan.
Has anyone got a guide on setup ?
thanks
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: VXLAN setup
«
Reply #1 on:
November 23, 2023, 11:19:11 pm »
have you looked at this post:
https://forum.opnsense.org/index.php?topic=36205.0
Logged
opnsense@dkeith.com
Newbie
Posts: 12
Karma: 0
Re: VXLAN setup
«
Reply #2 on:
November 24, 2023, 01:01:56 pm »
I have looked at the that post numerus times.
Dose the vxlan need an ip address, if so in what subnet? Im assuming not as it should be a L2 tunnel ?
How is the vxlan connected to the physical port on the firewall? Do I use a bridge?
At some some point there will need at be an interface with an address to allow external connectivity in/out of the L2 vxlan network.
would carp be available?
I can use as a know starter position i can use
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html
How can the network have Vxlan overlaid to have Site B PC be in the same L2 network as site A PC
Logged
opnsense@dkeith.com
Newbie
Posts: 12
Karma: 0
Re: VXLAN setup
«
Reply #3 on:
November 24, 2023, 05:38:57 pm »
think iv have cracked it.
will wright up the notes. but lets just blame vmware port security stuff in the meantime.
Logged
opnsense@dkeith.com
Newbie
Posts: 12
Karma: 0
Re: VXLAN setup
«
Reply #4 on:
November 28, 2023, 10:44:53 am »
1. If doing this on VMware check the port security on the ports connecting to the firewall.
2. OPT1 Physical interface will be for the connection of VXLAN
Router A
Add interface>Other types>VXLAN
VNI=1
Source address= local L3 Interface facing Router B
Remote address= remote L3 Interface on Router B
Interface> Assignments
Add OPT1( where the l2 network will connect)
Add new vxlan interface.
Interface > VXLAN
Enable Interface
No IP address
Interface > OPT1
Enable Interface
No IP address
Add interface>Other types>Bridge
members= OPT1 + vxlan
Interface> Assignments
Add Bridge
Interface > Bridge
Enable Interface
Add the l3 network gateway IP address here for the l2 subnet
System > Tunables
net.link.bridge.pfil_bridge (Set to 1 to enable filtering on the bridge interface) = 1
net.link.bridge.pfil_member (Set to 0 to disable filtering on the incoming and outgoing member interfaces. ) = 0
REBOOT!!!!!!!
Firewall Rules > Bridge
Do the firewall rules here
Repeat for Router B
swap the IP address on the vxlan device
If it not working check the device that you are plugging the firewall into for security at layer 2 eg vmware port security
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
VXLAN setup