Forwarding VLANs through OpenVPN
On Keenetic, it is possible to use an OpenVPN connection as a transport for transmitting multiple VLANs, which are then forwarded to specified router ports in access mode and linked to Wi-Fi access points.
Let us consider an example involving two routers with GigabitEthernet network ports, connected via OpenVPN tunnels in TAP mode. The use of TAP mode is mandatory in this case, as it allows Ethernet frames to be transmitted at Layer 2 with tags.
Suppose we need to virtually connect port 3 of the first router to port 3 of the second router via Vlan 30, and port 4 of the first router to port 4 of the second router via Vlan 40, using OpenVPN. Both VLANs will pass through a single, already-configured OpenVPN0 TAP connection.
Let’s configure Vlan 30 on the GigabitEthernet interface using CLI commands:
(config)> interface GigabitEthernet0/Vlan30 Network::Interface::Repository: "GigabitEthernet0/Vlan30" interface created. (config-if)> up Network::Interface::Base: "GigabitEthernet0/Vlan30": interface is up. (config-if)> exit Core::Configurator: Done.
Next, Vlan 30 on the OpenVPN0 interface:
(config)> interface OpenVPN0/Vlan30 Network::Interface::Repository: "OpenVPN0/Vlan30" interface created. (config-if)> up Network::Interface::Base: "OpenVPN0/Vlan30": interface is up. (config-if)> exit Core::Configurator: Done.
Let’s perform similar operations for vlan 40:
(config)> interface GigabitEthernet0/Vlan40 Network::Interface::Repository: "GigabitEthernet0/Vlan40" interface created. (config-if)> up Network::Interface::Base: "GigabitEthernet0/Vlan40": interface is up. (config-if)> exit Core::Configurator: Done.
and
(config)> interface OpenVPN0/Vlan40 Network::Interface::Repository: "OpenVPN0/Vlan40" interface created. (config-if)> up Network::Interface::Base: "OpenVPN0/Vlan40": interface is up. (config-if)> exit Core::Configurator: Done.
Now let’s configure Vlan 30 on port 3 (GigabitEthernet0/2) in access mode (untagged):
(config)> interface GigabitEthernet0/2 Core::Configurator: Done. (config-if)> switchport mode access Network::Interface::Switch: "GigabitEthernet0/2": access mode enabled. (config-if)> switchport access vlan 30 Network::Interface::Switch: "GigabitEthernet0/2": set access VLAN ID: 30. (config-if)> exit Core::Configurator: Done.
And Vlan 40 on port 4 (GigabitEthernet0/3) in access mode (untagged):
(config)> interface GigabitEthernet0/3 Core::Configurator: Done. (config-if)> switchport mode access Network::Interface::Switch: "GigabitEthernet0/3": access mode enabled. (config-if)> switchport access vlan 40 Network::Interface::Switch: "GigabitEthernet0/3": set access VLAN ID: 40. (config-if)> exit Core::Configurator: Done.
All that's left is to create bridges to link the interfaces we've set up. The Bridge30 bridge to bind together GigabitEthernet0/Vlan30 and OpenVPN0/Vlan30:
(config)> interface Bridge30 Network::Interface::Repository: "Bridge30" interface created. (config-if)> include GigabitEthernet0/Vlan30 Network::Interface::Bridge: "Bridge30": GigabitEthernet0/Vlan30 included. (config-if)> include OpenVPN0/Vlan30 Network::Interface::Bridge: "Bridge30": OpenVPN0/Vlan30 included. (config-if)> up Network::Interface::Base: "Bridge30": interface is up. (config-if)> exit Core::Configurator: Done.
And Bridge40 to link GigabitEthernet0/Vlan40 and OpenVPN0/Vlan40:
(config)> interface Bridge40 Network::Interface::Repository: "Bridge40" interface created. (config-if)> include GigabitEthernet0/Vlan40 Network::Interface::Bridge: "Bridge40": GigabitEthernet0/Vlan40 included. (config-if)> include OpenVPN0/Vlan40 Network::Interface::Bridge: "Bridge40": OpenVPN0/Vlan40 included. (config-if)> up Network::Interface::Base: "Bridge40": interface is up. (config-if)> exit Core::Configurator: Done.
Similar settings are configured on the router located on the other side of the tunnel.
Wireless access points can also be included in the bridges we have created. For example, if you need to forward traffic received via VPN Vlan 30 to the 2.4 GHz (WifiMaster0/AccessPoint2) and 5 GHz (WifiMaster1/AccessPoint2) access points, simply include these access points in the existing bridges using the following commands:
(config)> interface Bridge30 Core::Configurator: Done. (config-if)> include WifiMaster0/AccessPoint2 Network::Interface::Bridge: "Bridge30": WifiMaster0/AccessPoint2 included. (config-if)> include WifiMaster1/AccessPoint2 Network::Interface::Bridge: "Bridge30": WifiMaster1/AccessPoint2 included. (config-if)> exit Core::Configurator: Done.
We will forward Vlan 40 to the 2.4 GHz (WifiMaster0/AccessPoint3) and 5 GHz (WifiMaster1/AccessPoint3) access points:
(config)> interface Bridge40 Core::Configurator: Done. (config-if)> include WifiMaster0/AccessPoint3 Network::Interface::Bridge: "Bridge30": WifiMaster0/AccessPoint3 included. (config-if)> include WifiMaster1/AccessPoint3 Network::Interface::Bridge: "Bridge30": WifiMaster1/AccessPoint3 included. (config-if)> exit Core::Configurator: Done.
On devices with FastEthernet network ports, the only difference will be in the names of the Ethernet interfaces — GigabitEthernet is replaced by FastEthernet.