VPN with TAP question
Hi all
I am about to attempt and setup a client to site VPN which will utilize a TAP interface to allow devices connected to the Site B (client) - ideally on only ONE of the ethernet ports using a VLAN - router to be accessible (on the same subnet) from the Site A router and receive an IP address from the Site A router. The specific network device I'm needing to connect needs to be on the same subnet and requires multicast support. A VPN cannot be directly installed on the device, so I'm doing this at router level.
My first attempt will be two Banana Pi R3 routers with OpenWRT and OpenVPN as demonstrated in the following YouTube video:
I believe this specific protocol operates on level 2 (data link layer).
However, I'm reading more and more that OpenVPN, specifically with a TAP interface, will be significantly slow. I'm interested in if perhaps investing in higher quality routers, such as a ZYXEL router, and if it will be a more responsible investment.
ISP on both sides are gigabit fiber, and I'd like to try and utilize as much of that bandwidth as possible.
Does ZYXEL offer a modestly priced router with applicable protocols and configuration to achieve this? WiFi is necessary, as these routers will replace my two existing routers in both locations.
I have read ZYXEL routers offer IGMP and multicast support - I'm more concerned about the TAP/bridging ability.
Thank you for your help.
All Replies
-
Hi @thisisliam
Thanks for your inquiry.
Regarding your requirement, you can consider our ATP100W or USG Flex 100W.Those two products both support site-to-site VPN, remote VPN scenarios, WiFi, and SFP interface. If you don't how to configure our products, you can refer to our FAQ article, user guide, handbook, and CLI Reference Guide on Download Library or post questions on the forum to let us know it. Thanks😀.
See how you've made an impact in Zyxel Community this year!
0 -
Thanks, @Zyxel_Jeff! I have read up quite a bit on the Flex 100W and think that is the ideal choice given my needs. Are any subscriptions required to utilize the VPN protocols?
1 -
Also, @Zyxel_Jeff - if you have a moment, can you point me in a direction of any helpful documentation on how to configure the bridged multicast VPN?
I found this article on these boards.
My setup is going to be as follows:
Site "A" is on a 192.168 range. Site "B" is on a 10.0 range. Ethernet LAN port 1 on Site "B" needs to obtain a 192.168 IP address from site A with multicast. I realize I'll have to setup a VTI interface on both sides and use VLAN tagging to assign the LAN port on the B side to the tunnel.
1 -
Attaching a rudimentary diagram here to help explain my explanation :)
Edit: Media Device #2 should be on the same subnet as Location A - 192.168.1.X
1 -
Hello @thisisliam
Our VPN services are part of our basic features, so you won't need to purchase an extra license and can use them.
See how you've made an impact in Zyxel Community this year!
0 -
Hello @thisisliam
Regarding your requirement, you could refer to that article. Additionally, you can refer to other forum discussions for further references:
Hope those discussions are helpful for you as well, thanks.
See how you've made an impact in Zyxel Community this year!
0 -
@Zyxel_Jeff - thank you! These all seem to be viable solutions. My only concern is the lack of a TAP interface or bridge. The network devices will not talk if the same subnet isn’t present.
0 -
Hi @thisisliam
Once you establish site-to-site VPN between two sites and ensure those local/remote subnet ranges can be assessed with each other on the VPN phase1/phase2, the security policy then you can communicate with different subnets. Thanks.
See how you've made an impact in Zyxel Community this year!
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
