Multiple subnets on same interface issue
-
Hi,
I've been learning ESXI and pfsense in a homelab recently and made my first silly mistake tonight. ESXI was getting an IP from my router via DHCP but I changed it to have a static IP on the same subnet as my pfsense tunnel. I have pfsense running on a VM within ESXI and was trying to emulate an environment where being VPN'd into pfsense would be the only way to access ESXI.
At the time I changed the ESXI IP my pfsense was configured like this:
pfsense: 192.168.1.1
ipv4 local network: 192.168.1.0/24
ipv4 tunnel network 192.168.2.0/24After setting ESXI to 192.168.2.10, I'm no longer able to access it while VPN'd into pfsense. I tried adding ",192.168.2.0/24" to local network, push routes for 192.168.1.0 and 192.168.2.0, changing tunnel network to 192.168.3.0/24, etc. but nothing seems to work. Is there a way I can access both the 192.168.1.x and 192.168.2.x subnets at the same time on a single interface? I only have one network card. My home network is 172.16.x.x so I've ruled a subnet conflict between my home and VPN out.
Any help would be much appreciated!
-
"Is there a way I can access both the 192.168.1.x and 192.168.2.x subnets at the same time on a single interface?"
For why do you want to do this - to fix your esxi? Running multiple layer 3 on the same layer 2 is not good idea.. Just console into your esxi and fix its vmkern IP to be on the network its connected too.
You can put the vmkern on any network you want in your setup, and then limit its access. But you wouldn't put in your vpn tunnel network.. It inside the tunnel now is it ;) Put it on its own vlan and then firewall it off so you can only access from where you want to access it from.. But I don't see why you would restrict local access to it? Sure allow access from your vpn, but how exactly did you plan on access it when your on the local network already?
-
Thanks for the response and help.
I set my homelab up to practice for colocating the server eventually so I'd like to fix this (just temporarily) within pfsense if possible. I want to pretend it would be remote hands work to change the ESXI vmkern IP at this point.
I didn't mean to put ESXI it within the tunnel network (192.168.2.x) but once I realized the mistake it was too late. Also I didn't mean to restrict local access to it as I'm the only user of the VPN.
Could I change the pfsense IP from 192.168.1.1 to 192.168.2.1, local network from 192.168.1.0/24 to 192.168.2.0/24, and then VPN tunnel network from 192.168.2.0/24 to 192.168.3.0/24? Essentially just using 3.x for tunnel and 2.x for everything else so I could reach ESXI and then put on it's own VLAN and firewall like you suggest?
-
Again you can put the vmkern on any network you want, be it a native untagged network or a vlan via tagging.
How many interfaces do you have on the esxi box, how many interfaces do you have on the pfsense box. Is pfsense running on the esxi box?
Do you have a managed or "smart" switch that does vlans?
Can you draw up how you have everything connected now?
