Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Vlan Tag on all connected Openvpn Users

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      supergicko
      last edited by

      Hi guys, my first post here - i already searched and did not really find something useful (at least to me).

      I configured pfsense (2.3) with an openvpn server - everything works fine.

      The ip Pool is: 10.100.5.1/24
      The "accessible network" of the OpenVPN config are: 10.0.0.0/8

      However, i would like add a VLAN tag to every requests made by a client (10.100.5.1/24) TO the accessible network at 10.0.0.0/8.

      My setup has 3 NICs

      • em0 (wan),
      • em1(lan just for the web view)
      • em2 (this should be the vlan tagged one with openvpn))

      I gave em2 an interface with static ipv4 configuration.
      I created a VLAN Tag for em2

      I saw that OpenVPN server does create a virtual interface (or port?) (at the assign interfaace tab), but i really do not know how to use it.

      As i mentioned, i want OpenVPN to be "connected" to the em2, vlan tagged interface.

      Any ideas or documentation on how to do that?

      Thank you in advance

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        i think this will need some more detail….

        remember vlans are layer2 / ip is layer3. mixing them generally isn't done / can't be done / serves no purpose

        1 Reply Last reply Reply Quote 0
        • S Offline
          supergicko
          last edited by

          updated this, hope the setup is and my intention is clearer now.

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            You cannot put 10.0.0.0/8 on an interface and use 10.100.5.1/24 to give to OpenVPN clients. Those subnets overlap.

            If you, for example, assign the IP address 10.23.56.34/8 to a host on em2 and it has traffic for 10.100.5.1 it is going to think it's on the same subnet and not send the traffic back to the firewall to be forwarded to the OpenVPN client.

            To tag traffic on a pfSense interface, you must first create a VLAN on the interface Interfaces > (assign), VLANs tab, then assign the interface to VLAN XXX on em2 in Interfaces > (assign). Then connect em2 to a switch port or device that expects traffic tagged on VLAN XXX.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.