HELP routing VLAN devices through OpenVPN client connection
-
Ok, I have what I feel like should be an easy thing to do but after days of trying I just can’t get it to work.
I have an OpenVPN server running on a TP-link Archer A6 in Louisiana.
I have my pfSense box connected to a Dell PowerConnect 5524 in Georgia.
In Georgia, I have a Cisco phone and a Dell thin client connected to my Dell switch. Currently I use a single cable to go to the Cisco phone, then the pass through port on the phone to go to the Dell switch (if necessary I can use a cable to phone and another cable to thin client).
What I want to do is this:
-
Have all of my normal traffic, WiFi, etc going through the regular PFSense LAN interface. So basically all of that traffic appears to be coming out of Georgia, because it is.
-
Have the traffic from the Cisco phone and Dell thin client going through the OpenVPN client running on PFSense. So in other words Cisco VOIP traffic and Dell thin client traffic appears to be coming from Louisiana.
What I was thinking would be setting up an untagged VLAN on the Dell switch and connect the thin client/phone to that port.
So what I believe I need to do is set up an OpenVPN client on the PFSense box (I’ve succeeded in doing this) and having a DHCP server on VLAN 301 (my OpenVPN VLAN). Have any traffic connected to VLAN 301 route to OpenVPN. Plug phone/thin client into untagged VLAN301 port.
This is where I’ve failed. I’ve managed to create the tunnel to Louisiana on PFSense via OpenVPN, but when I have that up it kills all non-VLAN Internet traffic, and also the VLAN301 cannot go out to the Internet.
I’ve read a bunch of guides on how to do this, what firewall rules to use, etc. And for the life of me I just cannot get this to work. Some of the guides use outdated PFSense versions, others don’t use firewall or NAT rules. So I ask your help! I need a step by step guide like I’m an idiot, or something similar (a basic way of what to do, like create OpenVPN client with what interface and if I need to do subnets, etc).
If this makes it easier I can run two separate OpenVPN clients, one for phone and one for thin client, with each one using a different VLAN, etc.
Help!!
-
-
You can't pass VLANs through a VPN, at least not in TUN mode. VLANs pass layer 3 traffic and VLANs are layer 2(.5). What you have to do is route each subnet through the VPN and put them back in the appropriate VLAN at the other end.
-
@jbvpfsense You will need to assign the OpenVPN tunnel to an interface so it creates a gateway and then policy route traffic sourced from the phone and thin client over the tunnel. Then you'd also need to route the appropriate subnets over the tunnel on the remote end.
Also, I'd dump that TP-Link asap... it'll only cause issues ;)
-
@marvosa said in HELP routing VLAN devices through OpenVPN client connection:
Also, I'd dump that TP-Link asap... it'll only cause issues ;)
I forgot to mention that, even though I thought about it when I read that message. I ditched my TP-Link AP a couple of weeks ago, for that reason.