Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense-on-a-Stick | Adding VLAN for VPN only

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 510 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcgrenoa
      last edited by

      Hi everyone,

      I am currently running a pfSense-on-a-stick into a Cisco switch with 3 VLANs configured:
      VLAN 10: Wireless
      VLAN 20: Servers
      VLAN 30: IoT

      I would like to add VLAN 40 with one port for isolated virtual machine hosting. As of now, I have set up the new VLAN 40 in pfSense and on the switch and also set up DHCP on that interface. The machine is able to get an IP from the DHCP server, but cannot access any other VLAN, the LAN, or the internet. I have added a temporary allow all rule as shown in the screenshot, but that still does not help. 0bf24412-1461-4c46-b35d-89d0ce7cf0de-image.png

      Eventually I would like the VLAN to only be accessible through a VPN server on the pfSense box. I set up the OpenVPN server to access the VLAN 40 network, but no traffic routing from VLAN 40 network as mentioned above.

      Any help is appreciated.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Floating block rule?

        Routing conflict?

        Bad subnet mask?

        Can the client in VLAN40 ping the pfSense interface in VLAN40? Can it ping any of the other pfSense interfaces? Can it resolve addresses against unbound in pfSense?

        Steve

        1 Reply Last reply Reply Quote 1
        • M
          mcgrenoa
          last edited by

          I'm going to try to change the addressing scheme that I used. Perhaps it is a routing conflict, but I am not sure. The client can ping the all pfSense interface from VLAN 40, but cannot ping beyond that. It stops at the router for some reason.

          1 Reply Last reply Reply Quote 0
          • M
            mcgrenoa
            last edited by

            No go... Its super flaky. Sometimes I am able to ping to other VLANs, but now I have no communication with any device besides pfSense. No idea as to what is going on. The new addressing scheme is 192.168.40.0/24, but even that does the same thing.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Start a continuous ping from a client on VLAN 40.
              Run packet captures on each interface to see where the pings are going and what's coming back.

              It's almost certainly a conflict of some sort with symptoms like that though.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.