I have a tunnel, well two tunnels, that I’m attempting to set up; the client on each is not VyOS but another router that does not support peer-to-peer mode, only server/client mode.
Also, it’s a tap tunnel with no additional bridge on either side. I’ve done this for a long time (including multicast) across networks, I’d simply assign the tunnel endpoints as interface and treat it as any other routed/
tun/L3 interface. It gets — if this would be pfSense for example (and pictured below) — its address from the tunnel network’s CIDR specified in the config, same that’s normally left blank in
tap tunnels. For all I know this might be a hack, though it has worked on other platforms as well.
This would be something like:
tuntunnel with support for L2)
The options (and documentation) are kind of ambiguous. It reminds of the subroles of ADCS.
Tunnel network is a very clear name for it, but instead in VyOS there’s client/server subnets, addresses, pools, topology which become in conflict in response to changes to the tunnel’s mode, device type, topology, and IDK… religion. It takes a lot of time to test each config like that specially if you don’t know which exactly is the one you’re looking for.
Would you give me at least a hint? Please?!
Merci ! =)