Hi all,
I am trying to find solution to have openwrt as vpn server using L2TP. So far I tried:
Zerotier: used allow bridging but cannot see other devices remotely
Tailscale: seems like no Layer 2 bridging
Softether: slow
Right now I'm looking at StrongSwan but it does not seem to work when it is behind CGNAT.
L2TP needs ALG on cgnat gateway, it does not work as is over any NAT. You can ask your provider to enable it, but dont expect them to feed insecure vpn in any way.
Zerotier and tailscale use wireguard.
Try OpenVPN? At least that you did not mention.
Can openvpn provide layer 2? Reason i did not try setting up in my openwrt was openvpn android version is unable to handle tap device when i tried with softether. I loaded the openvpn config into my phone and it did not load the config
Yes.
Another option is Ethernet over IP (or any Layer 2 based protocol) that is tunneled via Wireguard (or via any other Layer 3 VPN).
I will try openvpn as a server and search for ethernet over ip. Thanks for the suggestion! Sounds promising which gives me hope
OpenVPN Layer 2 Bridging Mode: Use only with on-premise hardware. It is deprecated and not supported. See here
You can encap gretap
What problem are you trying to solve with Layer2?
Will check this one too. Thanks!
I can access all my devices when I was using L2TP before but now because of CGNAT, Some of my devices are not seen through zerotier and tailscale which i believe are operating as Layer 3.
Just an idea how about IPV6, do you have it ?
Will be no NAT on it
I use Tailscale, it works behind Double NAT, CGNAT, supports IPv4 and IPv6.
Can you be more specific about which devices you can no longer access?
L2TP is IP UDP on the outside of tunnel. It was originally intended for use directly on the Internet, but since the contents of the packets are not encrypted it is almost always sent through another tunnel which is a true VPN. Any VPN tunnel supporting layer 3 inside would work. It doesn't need to be a L2 bridge.
Maybe for others Layer 3 is fine but in my case it does not. My device needs to be on the same subnet when connecting to work some devices remotely. Even if i set the device to static on the same subnet to the device connecting remotely or vice versa, still does not work. Only way to connect is when I am connected to the same router
You can tunnel L2 over ant L3 tunnel witl L2TP or gretap. If you need full frames most vpns dont need to encapsulated in single packet, so at some added latency you get "local subnet" across the internet.
Does OpenWrt support VXLAN?
Yes, and appletalk, and telnet, and dns.
Interesting sense of humor, what about free stake knives?
In all seriousness why would you need vxlan? Are you encapsulating >4095 x 4095 sdn networks in same tunnel?
The response seems serious to me.
Quite a few users have provided L2 solutions. Is the OP still seeking more ideas?