Specific Type of VPN Tunnel
-
So, I'm about 99% sure this is possible with pfSense, but it's rather complex and I'm not sure where to start.
I have a dedicated server in a data center with a /29 IPv4 block (5 IP's) on a system running VMWare ESXi 6.5. The server has a single NIC with a single drop. It is currently running the latest version of pfSense as a VM. 1 IP is assigned to the host (VMWare ESXi) and another IP is assigned to pfSense, leaving me with 3 available IP's.
I have a pfSense box at another location. It is not running in a VM and is running on dedicated hardware. It has a total 5 Gigabit Ports. This location does not have a Static IP, simply DHCP from the ISP. I have several managed switches that support vLAN's.
I'll try and explain this as best as I can. The short of it is, I'd like to setup a site-to-site VPN tunnel with a vLAN and assign that vLAN to a port on the physical pfSense box that has a direct link (over the VPN tunnel) to the external network that the dedicated server is connected to. I'd like to have a 2nd router at the other location connected to that port and be able to set one of those 3 to said router. So, a physical port here as if I was connecting to a physical port (or virtual switch) where the dedicated server is.
The only way I would know to do this is to setup a site-to-site VPN tunnel (I've always used OpenVPN as it always worked best for me) and configure another NIC on the pfSense VM connected to the virtual switch and give it a vLAN ID and have that vLAN travel over the tunnel and on the other side, assign the vLAN as primary to one of the 5 ports... or if that isn't possible, I could simply tag the vLAN on my switch and make it primary so anything plugged into that port on my switch is using that vLAN.
I know there are probably better and eaiser ways of doing this such as static routes, port forwarding, DMZ, etc... but it's really like to be able to physically assign one of the IP's to a piece of equipment at the other location.
Does that make sense? If so, how can this be done? Thanks in advance as always.
-
No, you can't put a VLAN on a VPN. You're mixing L2 & L3. What you do is just route whatever subnets over the VPN.
-
@JKnott said in Specific Type of VPN Tunnel:
No, you can't put a VLAN on a VPN. You're mixing L2 & L3. What you do is just route whatever subnets over the VPN.
How would I route the external subnets over the VPN though?
-
The same way as you'd route over any IP interface. Go into System>Routing and go from there. You might also have to consider firewall filters.