2 quite different VPN configs, can they be combined on one machine?

  • I'm trying to set this up, but don't know if I can pull it off with one machine or if I need two.

    One pfsense machine, 2 interfaces. One interface in a DMZ, with a public address, the other on an internal lan with private addresses. pfsense is not used for internal routing or NAT for the site with regards to intra-site traffic or towards the Internet.

    Some machines need to reach another network, for which they have set up an OpenVPN connection. I want pfsense to set up that tunnel as a client and NAT all traffic routed to it as if the other side of the connection was an Internet connection.

    The other part is that I want the public address in the DMZ to allow people to connect with OpenVPN and with a tap connection connect them to the lan, where they'll get IPv4 and IPv6 addresses through DHCP and it is like they are connected directly to the lan.

    So even traffic coming in from an external client connected to the psense machine that is now in the lan, might come back to connect to the vpn'd network behind the NAT.

    So in short, part 1:
    anyone in lan, can connect through NAT to external site, connected to by pfsense with OpenVPN as a client.

    part 2:
    Anyone (with OpenVPN client and correct credentials) can connect to public address op pfsense and set up a tap tunnel to lan (getting addresses and routing like anyone else in lan)

    part 2b: that person connected like in part 2 can connect (through NAT) to external site. (basically traffic loops back into the pfsense machine)

    Is this possible or do I split the two parts and simply make two pfsense machines?