Setup Questions



  • First off I apologize if I placed this in the wrong forum subject.

    Currently have a setup that is pretty basic with a router with a default vlan and 2 other vlans for guest networks. (VLAN30 & VLAN40) Then that gets trunked to a switch which then has all the devices connect to it.

    We are wanting to add a transparent proxy that will only filter VLAN30 and VLAN40(Only pass vlan30 and 40 through pfsense and all others to the router). We also want a openvpn tunnel to do maintenance from home. We have installed pfsense on a Vmware esxi guest. I have set up a DynamicDNS and OpenVPN on the pfsense box and can connect to the vpn but it cannot access the devices in the other network. I have the VPN set to use 10.5.10.0/24 as the tunnel network and 10.5.0.0/24 as the local network. (Port is forwarded) I have attached screenshots to better demonstrate the network that we are trying to achieve.

    I do know that there is support plans that pfsense offers but this is for a non profit organization so the budget is very limited. Thank you in advance for any help that the community can provide.












  • @pparkcoc:

    I have set up a DynamicDNS and OpenVPN on the pfsense box and can connect to the vpn but it cannot access the devices in the other network. I have the VPN set to use 10.5.10.0/24 as the tunnel network and 10.5.0.0/24 as the local network.

    Have you set up your routing on both networks to route traffic to/from each network at the end of your tunnel? You won't be able to access any device on either end of the network unless you configure your switches at both ends to route traffic through the pipe to the other end.



  • Currently this is what I have setup
    Router(VlaninterfacesVlan30,40)>Pfsense>(Taggedvlan30&40)Switch
    I have attached the router vlan interface and the vlanconfig for the port on switch(Port24)

    Currently don't have any static routes or vlans configured yet on pfsense before I know that I can get this to work as it was a friend that said that I should be able to just configure the switchport on the switch that goes to the pfsense box to trunk vlans 30 and 40 and that essentially I should have anything for vlans 30 or 40 be forced through the pfsense box as an only option to reach their subnet gw. I have no idea how right that is.

    The old setup is bascially ISP>Router>Switch>Hosts and just trunking all Vlans.
    What it is trying to be is different routes for different vlans
    Vlan1 = ISP>Router>Switch>Host
    Vlan30 & Vlan40 = ISP>Router>Pfsense>Switch>Host






  • To avoid some confusion I drew up this to make it a little easier to understand.




  • So far, the only problem you've stated you're having is getting traffic to flow across your VPN to the 10.5.10.x/24 network, but your network plan doesn't show this at all. If that really is the problem, then it might help showing where the VPN pipe fits into all this. Unless you're having some other issue, in which case mentioning it might help too.