VLAN over VPN

viragomann

@juniper
So simply forward the concerned IPs (NAT).
That's possible, but it needs some rules to obey.

juniper

@viragomann said in VLAN over VPN:

@juniper
So simply forward the concerned IPs (NAT).
That's possible, but it needs some rules to obey.

Yes but i Need to assign public ip directly on some server....

JKnott

@juniper

You can have as many subnets as you want routed over the same VPN. It doesn't matter what they do. Routing is routing is routing. I assume you already have your main LAN routed over the VPN. The VLANs are handled in the same way.

JKnott

@viragomann said in VLAN over VPN:

So simply forward the concerned IPs (NAT).

He doesn't need NAT. If he has a subnet on the VLAN then it can be routed to another VLAN at the other end. Talking about NAT only adds to the confusion.

One thing to bear in mind is that a VPN is simply another IP connection and can be used like any other IP connection.

JKnott

@juniper said in VLAN over VPN:

Yes but i Need to assign public ip directly on some server....

If you're using NAT for that, then it would be handled like any other. The only difference is it has to be routed from one system to the other.

Go back to understanding how IP works on a LAN. The destination IP address is examined to see if it belongs on the directly connected subnet. If it does, then the MAC address of the destination is determined and the packet sent out across the LAN. If it's for another subnet, then routing is used to send it to the destination subnet, in this case through the VPN.

juniper

@jknott said in VLAN over VPN:

@juniper said in VLAN over VPN:

Yes but i Need to assign public ip directly on some server....

If you're using NAT for that, then it would be handled like any other. The only difference is it has to be routed from one system to the other.

Go back to understanding how IP works on a LAN. The destination IP address is examined to see if it belongs on the directly connected subnet. If it does, then the MAC address of the destination is determined and the packet sent out across the LAN. If it's for another subnet, then routing is used to send it to the destination subnet, in this case through the VPN.

Ok, i don't want to use NAT...

i need to use addresses of the same subnet (for example 8x.xx.xx.128/25) on both pfsense box linked by a VPN, is there a way to do?

viragomann

@juniper said in VLAN over VPN:

Yes but i Need to assign public ip directly on some server....

Any plausible reason for that?

Possibly it's doable, but make thing very complicated.

juniper

@viragomann said in VLAN over VPN:

@juniper said in VLAN over VPN:

Yes but i Need to assign public ip directly on some server....

Any plausible reason for that?

Possibly it's doable, but make thing very complicated.

I need for using with NDI and some camera

viragomann

@juniper said in VLAN over VPN:

I need for using with NDI and some camera

Don't know that.

@juniper said in VLAN over VPN:

i need to use addresses of the same subnet (for example 8x.xx.xx.128/25) on both pfsense box linked by a VPN, is there a way to do?

No, you can route over a whole subnet, which is routed to your IP before though, even with public IPs, but you cannot pick some IPs out of it.

JKnott

@juniper said in VLAN over VPN:

i need to use addresses of the same subnet (for example 8x.xx.xx.128/25) on both pfsense box linked by a VPN, is there a way to do?

You'd need a TAP VPN, not TUN.