Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec and VLANs

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jits
      last edited by

      Hello.

      I'm using PFsense 2.0 and have successfully established IPSEC Site to Site tunnels including a VLan VOIP tunnel for site B.

      Now that the communication between Site A and Site B is established via IPSec. How can I now create a VLAN on Site b to isolate Site A VOIP VLan from Site B LAN?

      Wow..if you're confused after than one, believe me, we're in the same boat.

      I'll try again.

      Site A has a VLan for VOIP. I would like connect IP Phones at Site b via the VOIP vlan….BUT....I want to isolate the VOIP VLan at Site B on it's own VLan from the LAN at Site B.

      I can ping the VOIP VLan from Site B

      Am I making ANY sense?

      1 Reply Last reply Reply Quote 0
      • L
        louis-m
        last edited by

        ummm….
        as far as i'm aware you create vlans on you router and switches. your voip vlan will have it's own ip subnet which will have it's own ipsec tunnel.
        your normal traffic will have it's own ip subnet which will use another ipsec tunnel. so basically, 2 seperate tunnels.

        i could be wrong though as there may be another way.

        1 Reply Last reply Reply Quote 0
        • J
          jits
          last edited by

          This is true and that is what is currently going on. Both Networks have their own tunnel.

          But now, on Site B…how, or can I, create a vlan for the VOIP IPsec Tunnel coming from Site A?

          Do I now create a Vlan in PFsense at Site B and assign it to an interface? How to do that, in terms of getting the tunnel traffic over to the vlan interface on Site B?
          Am I on the right track, if I set up a vlan on site B and then initiate a ipsec tunnel from the VOIP vlan on site A to the VOIP vlan on site B? Does this sound about right?

          And what about DHCP assignments from Site A VOIP, will DHCP Relay work in this case across IPSec tunnels? Sip data traffic?
          thanks, Jits

          ummm….
          as far as i'm aware you create vlans on you router and switches. your voip vlan will have it's own ip subnet which will have it's own ipsec tunnel.
          your normal traffic will have it's own ip subnet which will use another ipsec tunnel. so basically, 2 seperate tunnels.

          i could be wrong though as there may be another way.

          1 Reply Last reply Reply Quote 0
          • L
            louis-m
            last edited by

            you have to have vlans at both sites:

            for example:

            Site A:
            vlan 100 - data = 192.168.100.0/24 using ipsec tunnel A
            vlan 101 - voice = 192.168.101.0/24 using ipsec tunnel B

            Site B
            vlan 102 - data = 192.168.102.0/24 using ipsec tunnel A
            vlan 103 - voice = 192.168.103.0/24 using ipsec tunnel B

            that's how i would approach it but as i say, i've not tried this. i'm not sure if the vlan headers would work via an ipsec.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.