VXLAN over a VPN Tunnel

Attempting to extend a UDP data stream across the internet via a encrypted tunnel. I did stumble across vxlan and saw that GL.iNet devices support it. Thinking this might be a solution.

I recently picked up a GL.iNet GL-X3000 running OpenWrt 21.02. I did find a number of vxlan plug-ins that I was able to install on to the device.

Does anyone have any experience with setting something like this up?

No, you did not. There was no filogic 820 support available in 21.02.x (nor 22.03.x for that matter), and while there is SOC support in 23.05~ and master, this particular device isn't supported there either at this point. What you are currently running therefore can't be OpenWrt, but is most likely GL.Inet's semi-proprietary OEM firmware, which we don't know and can't help you with, please contact their support venues instead.

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

  1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
  2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
  3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

You should refresh yourself with the community guidelines.

There is nothing non-factual in the above, nor anything that could be remotely construed as an attack or unfriendliness. On the contrary, I explained the details, rather than just pasting the quoted part.

Honour where honour is due, GL.Inet has provided you with their OEM firmware, it's up to them to support it.

If its not supported by openwrt, its not supported.

Any experience with vxlan and suggestions on how to solve my question?

Vxlan is supported by Linux since ages and available on Openwrt at least since iirc previous stable releases .
You can setup vxlan manually, or with UCI/Luci and from NBD there is a mesh vxlan VPN package/service available... So plenty of options and it only depends on your personal preferences how you want to use it.
You can even use frr with evpn/vxlan if you like...

1 Like

Thank you for the suggestions!

Any one device that you can think of that does this? The use case is in a "hostile" environment, minimal is better.

For UDP any old VPN like OpenVPN or wireshark should do as you only want to push L3-traffic...

1 Like

I think more or less any device should do with 16 MB flash... Maybe even 8 MB. Have not checked in a while how large a current minimal Openwrt with some kernel modules and programs are getting.
However for "just" vxlan you only need iproute2 aka ip-full package and the vxlan kernel modules. The kernel documentation on how to setup vxlan manually is quiet good and with that you can follow the Openwrt settings with UCI.
Vxlan is only a quiet simple upd encapsulation so the CPU overhead is not that much, but as always a hand full or cores with some speed helps.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.