1 PC access to different VLAN's VPN



  • Hello, I have a network, and I also have an IPsec Site to Site VPN, this VPN is on its own VLAN (VLAN 2) for security. None of the network needs access to that VPN except for one PC. The PC is on VLAN 1.

    I would like to somehow give access to all of VLAN 1 and VLAN 2's VPN network.

    I tried adding Firewall rules so that it can access the VLAN, but it couldn't access the VPN IP's

    I was going to set up a static route, but the gateway for the VPN was not present there (only physical gateways).

    I am assuming this is not possible, mainly because the remote VPN does not know my VLAN 1's IP address.

    Would it work if I gave my PC a second IP address from the VLAN 2 even though it is not on VLAN 2? Assuming not.

    Is there any other way to do this?

    Right now, I have two NIC's, but this seems like a waste of a NIC.

    Also note, that I do have the VPN on a different network for security, but also because I do use this VLAN over wifi.


  • Netgate Administrator

    If it's a policy based IPSec tunnel it will only carry traffic between the subnets defined in the Phase 2 configs.

    If the tunnel is between your local VLAN2 subnet and some other remote subnet then clients in a different local subnet cannot use it. You would need to add additional P2s to carry the traffic. That could be for just the one IP address in the other subnet.

    Steve



  • Thank you @stephenw10, I fully understand now! So I could give it a /32 address in Phase 2 on both sides and that should do the trick right?


  • Netgate Administrator

    Yes, that will then carry only traffic between those specific hosts.

    Steve


Log in to reply