Hey, unfortunately I can't get a VXLAN setup with the OpenWRT to work as expected. The setup looks like this:
[ Laptop ]==Ethernet==[ Router with OpenWRT [ WAN interface ]==[ VXLAN interface ]==[ 5G interface ] ]=[ USB-5G-Dongle ]==5G==[ 5G network ]==5G==[ 5G Router with VXLAN ]==Ethernet==[ PC ]
From the command line in OpenWRT I can ping the PC / 5G router THROUGH the VXLAN tunnel. But the PC cannot reach the laptop through the VXLAN tunnel while OpenWRT is reachable via VXLAN tunnel.
My conclusion is that we need an L2 bridge in OpenWRT between the interface VXLAN and WAN, which passes all L2 traffic unfiltered. I have tried this with an OpenWRT bridge device but unfortunately have not succeeded.
I have just gone through this when adding optional vxlan support to the mesh11sd package (v 5.0.0 currently in beta testing).
I found that although the vxlan package is fully up to date, the OpenWrt uci config has not been. Many of the config parameters are redundant or do not work, and it does not work at all on ipv6 (although vxlan itself does)
First, you need to make sure you have installed ip-full. It looks like you have if you can ping through the tunnel.
Run ip -d addr
On my working test system I get this for the vxlan interface:
23: vxlan69: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-tun69 state UNKNOWN group default qlen 1000
link/ether 96:83:c4:b5:8e:cb brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 68 maxmtu 65535
vxlan id 69 group ff02::69 local fe80::9683:c4ff:fea2:8ecb dev br-lan srcport 0 0 dstport 4789 ttl 5 ageing 300 udpcsum noudp6zerocsumtx noudp6zerocsumrx
bridge_slave state forwarding priority 32 cost 4 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 7fff.96:83:C4:B5:8E:CB designated_root 7fff.96:83:C4:B5:8E:CB hold_timer 0.00 message_age_timer 0.00 forward_delay_timer 0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on bcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off locked off numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
You should get similar, only with ipv4 addresses.
If you don't, you will be left with creating the vxlan interface manually with the ip utility (the only way if you want ipv6 as the tunnel transport).
Yes.
I am using vxlan to support a guest/iot type network over wireless.
Here is the relevant part of my network config:
config device 'vtunnel'
option name 'br-tun69'
option type 'bridge'
option ports 'vxlan69'
config interface 'vtunlan'
option device 'br-tun69'
option ipaddr '192.168.168.1'
option netmask '255.255.255.0'
option proto 'static'
option ip6assign '60'
As you can see, I added a bridge for the tunnel traffic for the guest/iot traffic and added the vxlan interface to it.
@bluewavenet Thank you very much for your fast response.
I see you are using a vxlan device. Did you do the configuration via uci? I cannot create a vxlan-based device via LuCI but only a network interface. Therefore I have to use the vxlan network alias@vxlantest for the network interface l2vpn to assign a static ip address.
Next to the device/interface difference, did tunneling L2 traffic work for Ethernet connected hosts on your side?