Openvpn bridge

General questions
1

Hi,

I have a problem with openvpn in bridge mode. I wanted connect to remote site in 2 layer with encryption, and i spend 2 days and my brain blow up…

Ok, some fact:

  1. I wanted connect site-to-site with totaly transparent mode and no gateway in site B.
  2. I Have a fibrelink via Site A - Site B and work ok.
  3. I don’t want use ipsec (3 layer)
  4. Gateway from site B must move to Site A
  5. In site B i must using edgeRouter PRO
  6. In site A i must using Vyos with vmware.

So generaly Site B must “think” is was connected to “switch” in site A via encrypted link (fibrelink via 2 office)

I tried configure in bridge mode, but no effect (traffic not working),
My config:
SITE A:

set interfaces bridge br0
set interfaces bridge br0 address 10.99.99.1/30
set interfaces openvpn vtun0
set interfaces openvpn vtun0 bridge-group bridge br0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 remote-host 10.99.99.2
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/keys
set interfaces eth0 bridge br0 (this is interlink)
set interfaces eth1 address 192.168.5.1/24

SITE B:

set interfaces bridge br0
set interfaces bridge br0 address 10.99.99.2/30
set interfaces openvpn vtun0
set interfaces openvpn vtun0 bridge-group bridge br0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 remote-host 10.99.99.1
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/keys
set interfaces eth0 bridge br0 (this is interlink)

Also I set next-interface static route, but no effect.

From openvpn log, tunnel is up in both site.

Bump topic,

My config from one of site:

[quote]ubnt@ubnt:~$ show configuration interfaces { bridge br0 { address 192.168.88.1/24 aging 300 bridged-conntrack disable hello-time 2 max-age 20 priority 32768 promiscuous disable stp false } ethernet eth0 { duplex auto speed auto } ethernet eth1 { duplex auto speed auto } ethernet eth2 { duplex auto speed auto } ethernet eth3 { duplex auto speed auto } ethernet eth4 { bridge-group { bridge br0 } duplex auto speed auto } ethernet eth5 { bridge-group { bridge br0 } duplex auto speed auto } ethernet eth6 { duplex auto speed auto } ethernet eth7 { duplex auto speed auto } loopback lo { } openvpn vtun0 { bridge-group { bridge br0 } device-type tap local-host 192.168.88.1 mode site-to-site protocol udp remote-host 192.168.88.2 shared-secret-key-file /config/auth/kluczyk } } protocols { static { interface-route 192.168.99.0/24 { next-hop-interface vtun0 { } } } } [/quote]

When vtun is up in both site…i got loop, and my link is dead. When I ping from site A to B, or B to A, got loop and canno’t ping anything.

Any advice ?