Transparent Bridging over OpenVpn Tunnels

From ImageStream Router Documentation

Contents 1 Introduction 2 Requirements 3 Configuration 4 Configuration Notes

Introduction

ImageStream routers support Ethernet bridging when combined with OpenVpn Tunnels it is possible to bridge Ethernet networks across a Ip Network. This document describes an example configuration of using Transparent Ethernet Bridging over OpenVpn tunnels.

Requirements

• The router must be running at least Imagestream Linux 4.2.0
• The Ip Address of both routers should be known

Configuration

Example configuration notes.

• This example uses static OpenVpn keys, other authentication methods can be used.
• The OpenVpn configuration below assumes static Ip addresses on the routers.
• This example bridges the Ethernet1 interfaces between Router A and Router B.
• This example is fully transparent. The hosts on the bridged Ethernet segment in this example will not be able to ping either router.

Router A

Network interface Configuration (Wan.conf)

!
interface bvi16
 description Bridge Group for the vpn
!
interface Ethernet1
 description Bridged Local Ethernet Segment 
 bridge-group 16 spanning-disabled
!
interface Tunnel0
 description Vpn from Router A to Router B 
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --dev-type tap
 tunnel source 10.0.0.1 5000
 tunnel destination 10.0.0.2 5000
 tunnel key 8cf4451bc8e576cd18b36eb2479435dd
 bridge-group 16 spanning-disabled
!

Router B

Network interface Configuration (Wan.conf)

!
interface bvi16
 description Bridge Group for the vpn
!
interface Ethernet1
 description Bridged Local Ethernet Segment 
 bridge-group 16 spanning-disabled
!
interface Tunnel0
 description Vpn from Router B to Router A 
 bandwidth 2512000
 tunnel mode openvpn
 tunnel options --dev-type tap
 tunnel source 10.0.0.2 5000
 tunnel destination 10.0.0.1 5000
 tunnel key 8cf4451bc8e576cd18b36eb2479435dd
 bridge-group 16 spanning-disabled
!

Configuration Notes

Important Details of this configuration.

• If hosts on bridged segment need to access the routers. Ip addresses can be added to the bridge interface. In this example on the "bvi16" interfaces on each of the routers.