VLAN over VPN
-
Hi,
is it possible to transport VLAN over VPN?
VLAN is layer 2 and i think only possibilities are L2TP or OpenVPN tap interface...
Someone has a experience about?
Thanks in advance
-
Since the VLAN would have it's own subnet, just route it over the VPN to a VLAN at the other end. Basic routing. It doesn't even have to be the same VLAN ID.
-
@jknott said in VLAN over VPN:
Since the VLAN would have it's own subnet, just route it over the VPN to a VLAN at the other end. Basic routing. It doesn't even have to be the same VLAN ID.
Ok, i need to propagate public subnet i have on first pfsense on vpn connected pfsense box... Do you mean i have to divide public subnet?
-
@juniper
I'm wondering, what the VLAN has to do with a public subnent. Maybe we're missing things.
Can you describe more details, possibly with a drawing, what you want to achieve? -
@viragomann said in VLAN over VPN:
@juniper
I'm wondering, what the VLAN has to do with a public subnent. Maybe we're missing things.
Can you describe more details, possibly with a drawing, what you want to achieve?Yes... in that network there is a VLAN for public subnet and i need to share with other site with a VPN (if is it possibile);
for example 8x.xx.xx.128/25 in first pfsense box and i need some addresses of 8x.xx.xx.128/25 on second remote pfsense box vpn connected...
-
@juniper
So simply forward the concerned IPs (NAT).
That's possible, but it needs some rules to obey. -
@viragomann said in VLAN over VPN:
@juniper
So simply forward the concerned IPs (NAT).
That's possible, but it needs some rules to obey.Yes but i Need to assign public ip directly on some server....
-
You can have as many subnets as you want routed over the same VPN. It doesn't matter what they do. Routing is routing is routing. I assume you already have your main LAN routed over the VPN. The VLANs are handled in the same way.
-
@viragomann said in VLAN over VPN:
So simply forward the concerned IPs (NAT).
He doesn't need NAT. If he has a subnet on the VLAN then it can be routed to another VLAN at the other end. Talking about NAT only adds to the confusion.
One thing to bear in mind is that a VPN is simply another IP connection and can be used like any other IP connection.
-
@juniper said in VLAN over VPN:
Yes but i Need to assign public ip directly on some server....
If you're using NAT for that, then it would be handled like any other. The only difference is it has to be routed from one system to the other.
Go back to understanding how IP works on a LAN. The destination IP address is examined to see if it belongs on the directly connected subnet. If it does, then the MAC address of the destination is determined and the packet sent out across the LAN. If it's for another subnet, then routing is used to send it to the destination subnet, in this case through the VPN.
-
@jknott said in VLAN over VPN:
@juniper said in VLAN over VPN:
Yes but i Need to assign public ip directly on some server....
If you're using NAT for that, then it would be handled like any other. The only difference is it has to be routed from one system to the other.
Go back to understanding how IP works on a LAN. The destination IP address is examined to see if it belongs on the directly connected subnet. If it does, then the MAC address of the destination is determined and the packet sent out across the LAN. If it's for another subnet, then routing is used to send it to the destination subnet, in this case through the VPN.
Ok, i don't want to use NAT...
i need to use addresses of the same subnet (for example 8x.xx.xx.128/25) on both pfsense box linked by a VPN, is there a way to do?
-
@juniper said in VLAN over VPN:
Yes but i Need to assign public ip directly on some server....
Any plausible reason for that?
Possibly it's doable, but make thing very complicated.
-
@viragomann said in VLAN over VPN:
@juniper said in VLAN over VPN:
Yes but i Need to assign public ip directly on some server....
Any plausible reason for that?
Possibly it's doable, but make thing very complicated.
I need for using with NDI and some camera
-
@juniper said in VLAN over VPN:
I need for using with NDI and some camera
Don't know that.
@juniper said in VLAN over VPN:
i need to use addresses of the same subnet (for example 8x.xx.xx.128/25) on both pfsense box linked by a VPN, is there a way to do?
No, you can route over a whole subnet, which is routed to your IP before though, even with public IPs, but you cannot pick some IPs out of it.
-
@juniper said in VLAN over VPN:
i need to use addresses of the same subnet (for example 8x.xx.xx.128/25) on both pfsense box linked by a VPN, is there a way to do?
You'd need a TAP VPN, not TUN.
