Best Practice for Site-to-Site Multi-VLAN?
-
I currently have a single site warehouse with pfSense as the firewall/router. We are going to open another warehouse soon. The new location will have separate subnets which we can route over a VPN, however, we have one use case that is causing us some grief.
We want to use the new warehouse as a backup repository for off-site backups. We are also going to use it to replicate our critical VMware servers over to a warm rack. Therefore we'd want to keep the Main Office LAN interface subnet and have it extend to the new warehouse. In case of a failure at the main office, we would be able to either A) bring the warm server back to our original site without doing any reconfigurations to replicated servers, or B) spin up the replicated servers on the warm rack and have it take over until the main site is repaired.
Would it be a best practice in this instance to use a bridge such as OpenVPN (tap) mode and extend the LAN subnet over the VPN to remote site? Then create the additional VLAN's at Warehouse and have them routable to the main site over the tap tunnel?
The servers at Main Office that I want to replicate to remote warehouse are domain controllers, database servers, and application servers. So they should have the same subnet at both sites for that purpose while remaining VLAN's are routable over the VPN.
