Layer 2 bridge between two GL-A1300

I am trying to configure two new GL-A1300’s into a layer 2 bridge. It looks like it should be possible with OpenVPN, but I am unable to select bridge mode in the OpenVPN server configuration. The only choice is TUN. I am running firmware version 4.1.0. Any help would be appreciated.

This is the third time in a week someone has asked to do this - I’m kind of curious about why. The previous two ended up realizing that TUN was actually want they wanted to do. Is there a specific reason you need layer 2/TAP?

The use case is for a remote location to be able to connect to home location and watch TV. In my case I want to install a FIOS TV One Mini in my daughter’s college apartment and have it connect to the FIOS TV One at my house. In order to do that they have to be on the same subnet and the FIOS TV One Mini needs to get its IP via DHCP from my FIOS Gateway Router.

1 Like

It does not have to be OpenVPN. I am open to any solution that would make this work.

Someone who actually does need TAP! It’s a miracle! :slight_smile:

You’re probably going to need to edit the config file yourself manually (or create one manually). You’ll also probably want to manually set things up to use CHACHA20-POLY1305 as a cipher on the A1300 instead of AES, as it’ll buy you about 15mbps using OpenVPN.

:rofl: We could make a fortune if we could create an easy solution for this use case. Most universities no longer offer TV service in the dorms and why should we pay for service twice anyway. They expect everyone to buy 10 different streaming services to get the equivalent. Verizon etc only let you use their streaming TV service inside the house without restrictions. You can use it outside the house but reduced channels and or you have to cast from iphone etc to tv. Not a very elegant solution and quality suffers.

1 Like

Or, more likely, watch on a tablet, said to be legal, rather than this with a TV which…

You can try TAP if you do have some skills to configure openvpn in TAP mode.

It is just too complicated when it is related to routing and I don’t know if could solve your issue.

We do have a client who is doing Layer2 SD-WAN. But the price is very costly and cannot solve the price issue you mentioned.

I am a network engineer and could easily do this with a pair multi thousand dollar Cisco routers. At that point I might as well just pay for the service though. I was looking for a less expensive alternative. I would like to give TAP mode a try but the option is not available in the current firmware of the GL-A1300. Is that something that can you can provide an update for or do I have to manually configure it. If it is manual I do not think I want to spend the holidays messing with it.

1 Like

The easiest way to do that is probably going to be installing stock versions of OpenWRT for both of the routers, then configuring as you normally would with OpenVPN. The A1300 is supported in snapshot now.

(I would note that the standard versions don’t always compile openssl with speed optimizations, which you’re going to want on that router. So the best thing to do would be to actually build your own… I have a build env set up, so I don’t mind shooting you a build either, though lots of people have trust issues there, and rightfully so).

https://firmware-selector.openwrt.org/?version=SNAPSHOT&target=ipq40xx%2Fgeneric&id=glinet_gl-a1300

1 Like

What about just luci-app-openvpn? Never used it, so curious.

It’s… not great, imo.

1 Like

Has any one got this to work yet?

I know openvpn is layer 2, but why the difficult path?

Wireguard is not layer 2 by default, but you have also protocols to encapsulate layer 2 through a tunnel inside wireguard.

Currently i run a setup like this and it works flawless, and much easier to configurate than openvpn.

My main headaces with it, is knowing the deprecated config nodes which has to match with a newer server config nodes or vice versa the other way around once the config is complicated.

Wireguard is very simple, and using luci-proto-vxlan works also very nice, you only need some knowledge how to configurate it with DSA but if you get it, its much easier.

Heres some screenshots:

click to expand

the vxlan interface:

I point the tunnel addresses to each other.

And here i vlan tag it on br-lan see vlan 50:

and here the bridge device itself:

Also if you like the terminal, there is also a new tool which combines wireguard with vxlan called unetd.