Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do I create a VPN to tunnel from one VLAN to another?

    IPsec
    1
    2
    334
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thearamadon
      last edited by

      I have two main VLAN's: LAN and Management. I want to create an access controlled VPN that would allow me to tunnel from LAN to Management. The key is that I want to be able to do this with the built in Windows VPN client.

      The thing that's getting me is that I already have a mobile IPsec VPN set up which authenticates via RADIUS against my Windows AD, and tunnels from the internet to my LAN. In theory I could use another Phase 2 to set up the second tunnel, but the AD Group that controls mobile VPN access is different from the one that controls LAN->Management access, so this won't work. Unfortunately it doesn't appear that I can create another mobile client Phase 1 to use a different RADIUS network policy.

      So the other thing I've tried is using the unencrypted L2TP server. This would be fine for the LAN->Management use case because all traffic is encrypted at the application layer (https). Unfortunately, I can't seem to get Windows' VPN to connect to it. Firewall rules are allowing the traffic through, but I think it only really supports L2TP/IPSec, so it's getting "intercepted" by the mobile IPSec VPN.

      Does anyone have any ideas on what I could try next?

      1 Reply Last reply Reply Quote 0
      • T
        thearamadon
        last edited by

        Bump. Still haven't been able to figure this out.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.