I am trying to configure two new GL-A1300’s into a layer 2 bridge. It looks like it should be possible with OpenVPN, but I am unable to select bridge mode in the OpenVPN server configuration. The only choice is TUN. I am running firmware version 4.1.0. Any help would be appreciated.
This is the third time in a week someone has asked to do this - I’m kind of curious about why. The previous two ended up realizing that TUN was actually want they wanted to do. Is there a specific reason you need layer 2/TAP?
The use case is for a remote location to be able to connect to home location and watch TV. In my case I want to install a FIOS TV One Mini in my daughter’s college apartment and have it connect to the FIOS TV One at my house. In order to do that they have to be on the same subnet and the FIOS TV One Mini needs to get its IP via DHCP from my FIOS Gateway Router.
1 Like
It does not have to be OpenVPN. I am open to any solution that would make this work.
Someone who actually does need TAP! It’s a miracle! 
You’re probably going to need to edit the config file yourself manually (or create one manually). You’ll also probably want to manually set things up to use CHACHA20-POLY1305 as a cipher on the A1300 instead of AES, as it’ll buy you about 15mbps using OpenVPN.
We could make a fortune if we could create an easy solution for this use case. Most universities no longer offer TV service in the dorms and why should we pay for service twice anyway. They expect everyone to buy 10 different streaming services to get the equivalent. Verizon etc only let you use their streaming TV service inside the house without restrictions. You can use it outside the house but reduced channels and or you have to cast from iphone etc to tv. Not a very elegant solution and quality suffers.
1 Like
Or, more likely, watch on a tablet, said to be legal, rather than this with a TV which…
You can try TAP if you do have some skills to configure openvpn in TAP mode.
It is just too complicated when it is related to routing and I don’t know if could solve your issue.
We do have a client who is doing Layer2 SD-WAN. But the price is very costly and cannot solve the price issue you mentioned.
I am a network engineer and could easily do this with a pair multi thousand dollar Cisco routers. At that point I might as well just pay for the service though. I was looking for a less expensive alternative. I would like to give TAP mode a try but the option is not available in the current firmware of the GL-A1300. Is that something that can you can provide an update for or do I have to manually configure it. If it is manual I do not think I want to spend the holidays messing with it.
1 Like
The easiest way to do that is probably going to be installing stock versions of OpenWRT for both of the routers, then configuring as you normally would with OpenVPN. The A1300 is supported in snapshot now.
(I would note that the standard versions don’t always compile openssl with speed optimizations, which you’re going to want on that router. So the best thing to do would be to actually build your own… I have a build env set up, so I don’t mind shooting you a build either, though lots of people have trust issues there, and rightfully so).
https://firmware-selector.openwrt.org/?version=SNAPSHOT&target=ipq40xx%2Fgeneric&id=glinet_gl-a1300
1 Like
What about just luci-app-openvpn? Never used it, so curious.
It’s… not great, imo.
1 Like
Has any one got this to work yet?
I know openvpn is layer 2, but why the difficult path?
Wireguard is not layer 2 by default, but you have also protocols to encapsulate layer 2 through a tunnel inside wireguard.
Currently i run a setup like this and it works flawless, and much easier to configurate than openvpn.
My main headaces with it, is knowing the deprecated config nodes which has to match with a newer server config nodes or vice versa the other way around once the config is complicated.
Wireguard is very simple, and using luci-proto-vxlan works also very nice, you only need some knowledge how to configurate it with DSA but if you get it, its much easier.
Heres some screenshots:
click to expand
the vxlan interface:
I point the tunnel addresses to each other.
And here i vlan tag it on br-lan see vlan 50:
and here the bridge device itself:
Also if you like the terminal, there is also a new tool which combines wireguard with vxlan called unetd.
Need help setting my routers
Can you explain a little more what you want?
I assume you want also wireguard with vxlan?
Can you show me what you already have done so i can help 
I need the contents of:
ubus call system board
cat /etc/config/network
Please mask all mac addresses and private information like vpn keys.
You can paste it like this markup:
[details="i.e ubus output, or network config"]
```
//insert code here
```
[/details]
1 Like
The same setup up as the 1st post by kaufmg
GL-SFT1200 is in site A GL-axt1800 is in site B I have a fios mini on site B and it can not communicate with site A. GL-SFT1200 firmware is at 4.7.2 and have a option with TAP mode.
Can you tell me step by step with pictures on how you setup with wire gaurd and or open vpn
I think this video is straight forwarded:
The part of the qr code has also a tab to copy the configuration, this is the configuration you want to add to your other router
Wether you need vxlan here depends if you need layer2 capabilities such as vlans, in many cases you don't need it.
If you want to reach a device on lan, you can allow that by the settings here:
optional:
You can also portforward to your wireguard peers from the server and to lan.
If you for example use a server or application, and want to hide the ports for being open under a layer of encryption this is possible, also the open port the wireguard server hosts on appears to be closed from port scanners due to it is using udp, and wireguard does not respond to unsolicitated connections.
You can do that like this:
I have setup up vpn server on site A and vpn client on site B there are able to connect.
Now on site B i have a Fios TV mini connected to the ethernet port on the GL net router to connect to site A where the Verizon FIOS Tv is. Fios TV mini on Site B not Able to connect to Site A