Page MenuHomeVyOS Platform
Create Task
Maniphest T535

Ability to add tun interfaces to br groups
Closed, InvalidPublicFEATURE REQUEST
Actions

Description

Could we include the syntax to add tun interfaces to bridge groups?

vyos@vyos# show interfaces tunnel 
 tunnel tun0 {
    encapsulation gre-bridge
    local-ip 1.1.1.2
    multicast enable
    remote-ip 1.1.1.1
}
[edit]
vyos@vyos# set interfaces tunnel tun0 br

 Configuration path: interfaces tunnel tun0 [br] is not valid

It would be helpful in creating layer 2 bridges over gre tunnels as you can do with EdgeRouters.

I was able to easily make this happen for my local copy by doing -
sudo su
cp -r /opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet/node.tag/bridge-group /opt/vyatta/share/vyatta-cfg/templates/interfaces/tunnel/node.tag/
exit

Or simply -
sudo su
brctl addif br0 tun0
exit

vyos@vyos# set interfaces tunnel tun0 bridge-group bridge br0

vyos@vyos# show interfaces tunnel 
 tunnel tun0 {
     bridge-group {
         bridge br0
     }
     encapsulation gre-bridge
     local-ip 1.1.1.2
     multicast enable
     remote-ip 1.1.1.1
 }

If it was part of the distribution that'd be great.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

xrpixer created this task.Feb 4 2018, 9:42 PM
sebastianm awarded a token.Feb 11 2018, 10:26 PM
syncer triaged this task as Normal priority.Feb 27 2018, 2:21 PM
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 2.0.x.
Pretwolk added a subscriber: Pretwolk.Feb 27 2018, 3:07 PM

Hi, it has been a while since I did stuff with OpenVPN and bridging interfaces and I have no extended experience with openvpn in VyOS. But due to the way openvpn treats L3 traffic in a TUN interface, it isn't possible to bridge TUN interfaces. If you want to use the operating systems routing capabilities for openvpn traffic you need to use TAP interfaces as these interfaces are bridgable. Not sure how TAP interfaces work in VyOS though.

Pretwolk added a comment.Feb 27 2018, 3:08 PM
In T535#12315, @Pretwolk wrote:

Hi, it has been a while since I did stuff with OpenVPN and bridging interfaces and I have no extended experience with openvpn in VyOS. But due to the way openvpn treats L3 traffic in a TUN interface, it isn't possible to bridge TUN interfaces. If you want to use the operating systems routing capabilities for openvpn traffic you need to use TAP interfaces as these interfaces are bridgable. Not sure how TAP interfaces work in VyOS though.

Reading is key, as usual. Question isn't about openvpn. Im going for a coffee now :)

dmbaturin closed this task as Invalid.Nov 3 2018, 11:28 PM
dmbaturin added a subscriber: dmbaturin.

For the reference, the syntax is "set interfaces tunnel tun0 parameters ip bridge-group bridge br0". It wasn't me who designed it, and I see no reasons why it was designed that way, but that's what we've got for now. We should rework the tunnel interface CLI in general and this on in particular.

syncer edited projects, added Restricted Project; removed VyOS 1.3 Equuleus.Mar 16 2019, 7:05 PM
syncer added subscribers: rob, syncer.

@rob another one for KB