Routing and pfsense



  • Hello everyone,

    I have some general questions on how to make this work and wondering if someone can point me in a general direction
    or possibly give me some suggestions.

    I am in the process of installing cabling in my home and wanted to take the opportunity to set up a nice organized network.

    I am confused on what terminology I should be searching for when using a vpn as I have drawn in the diagram (attached).

    I am looking to segment my network into separate vlans to help with congestion. I have a plex server, ip cameras voip…basically
    the most disorganized mess of a slow network.

    The basic vlan stuff I think I have a pretty firm grasp on.

    The confusing part is the home to work vpn. What I would like to do is setup a site to site vpn, that only allows traffic to one certain vlan
    at home. I dont want any traffic whatsoever on my main home network.

    The purpose is to allow my wife to have a voip phone and pc, that basically sit in her office as a remote extension to her workplace.

    I have been trying to research this vpn-vlan setup but havent had much luck. Most likely because I dont know what it is called.

    There are many more devices on the network, I wanted to show everyone what I was asking.

    Any suggestions?




  • The one issue you don't describe is what type of VPN you hope to setup from the office environment to the pfSense box.
    Is this going to be a single link from your wife's work desktop and/or phone (using say, OpenVPN)?
    Or are you going to try and get the Sonicwall to connect the entire office subnet via one of its VPN options (shudder)?

    What I expect you'll find is that the establishment of the VPN link will require you to specify rules allowing the traffic you want.
    Anything you don't allow will be blocked by default so the isolation you require is pretty simple.
    VPN with VLANs really isn't any different than with different NICs for multiple subnets.

    IMHO, the biggest issue will be dealing with the Sonicwall.
    I would suggest either bypassing it (setup OpenVPN on the devices that wish to connect) or replacing it (preferably with pfSense  ;) )
    Unless you're good with Sonicwall devices or know someone who is (that's not me) my advice is avoid the things wherever possible.

    OpenVPN under pfSense works well and will easily handle the scenario you've outlined.



  • Well, I was hoping to connect the entire office subnet.  :'(

    I think you are right thou….it may be a bit painful.
    I can fumble through most sonicwall settings but
    Not so sure about this one.

    I am also hoping to get a pf sense system there, and if I can pull
    This off, it's a good possibility.

    I would like to just install openvpn on the phone and PC but, she still needs access
    To other network resources.

    I believe we have IPSec setup right now, and some sslvpn users too,



  • Ipsec may be a more hopeful possibility with the TZ210.
    You might post a question in the IPSEC forum about creating a connection with Sonicwall.

    I would like to just install openvpn on the phone and PC but, she still needs access
    To other network resources.

    If you create a RoadWarrior setup and install the client on your wife's PC she can have access to anything at work and at home as necessary.

    One useful piece of information - the TZ210 is now EOL as of 2015-06-01.
    Might be another reason to switch to a better supported firewall (hint hint).