WireGuard, gretap(Layer2) and Multipoint (4 routers)? [Almost Solved]

Hey,

I would like to create one local (virtual) network (layer 2) for 4 routers in different localization. The best way will be to have VAP on each router and only this network will be as "one" LAN. I found that best way to connect point to point is gretap. What about multipoint ? Can you just point me to any article or topic on forum.

I have a wg tunnel between these 4 OpenWRT routers. The tunnel works, I can ping each other tunnel IPs and have access to all other pcs when routing is enabled.

I can't really help you with the specifics here, but I would be very careful about L2 traffic traversing the tunnels -- there can be a lot of 'chatter' at L2 levels and it only gets worse as the network gets larger (that's one reason why VLANs are a thing -- reducing the size of a given broadcast domain can be really beneficial to network performance). So if you do find a solution, you may want to figure out if it is possible to limit the L2 traffic to the systems that actually need to leverage such methods.

1 Like

I found a solution maybe it will be useful for someone. But I have a question:
Is it possible to add vxlan configuration to /etc/config/network ?

Initial assumptions: wireguard connection are working.
Node1 addresses: 10.4.4.1 (wireguard) and 192.168.111.1(new local lan)
Node2 addresses: 10.4.4.2 (wireguard) and 192.168.111.2(new local lan)

First I have to install

opkg install ip-bridge
opkg install ip-full

Then add new bridge:

/etc/config/network

config interface 'LanVPN'
        option proto 'static'
        option type 'bridge'
        option netmask '255.255.255.0'
        option ipaddr '192.168.111.2'

Add new VAP and assign to new bridge
/etc/config/wireless

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option encryption 'psk2'
        option key 'password'
        option network 'LanVPN'
        option ssid 'WifiVPN'

After that I execute manually(How to add it to /etc/config/network ?):

ip link add vxlan0 type vxlan id 42 dstport 0
brctl addif br-LanVPN vxlan0

on Node1
bridge fdb append to 00:00:00:00:00:00 dst 10.4.4.2 dev vxlan0
on Node2
bridge fdb append to 00:00:00:00:00:00 dst 10.4.4.1 dev vxlan0

and ping using local address to both local sites is OK

I play a little bit it this and raise an issue:
https://bugs.openwrt.org/index.php?do=details&task_id=2743

for vxlan in /etc/config/network:
node1:

config interface 'vxlan0'
        option proto 'vxlan'
        option port '8472'
        option vid '42'
        option ipaddr '10.4.4.1'
        option peeraddr '10.4.4.2'

node2:

config interface 'vxlan0'
        option proto 'vxlan'
        option port '8472'
        option vid '42'
        option ipaddr '10.4.4.2'
        option peeraddr '10.4.4.1'
1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.