Vlan Tag on all connected Openvpn Users
-
Hi guys, my first post here - i already searched and did not really find something useful (at least to me).
I configured pfsense (2.3) with an openvpn server - everything works fine.
The ip Pool is: 10.100.5.1/24
The "accessible network" of the OpenVPN config are: 10.0.0.0/8However, i would like add a VLAN tag to every requests made by a client (10.100.5.1/24) TO the accessible network at 10.0.0.0/8.
My setup has 3 NICs
- em0 (wan),
- em1(lan just for the web view)
- em2 (this should be the vlan tagged one with openvpn))
I gave em2 an interface with static ipv4 configuration.
I created a VLAN Tag for em2I saw that OpenVPN server does create a virtual interface (or port?) (at the assign interfaace tab), but i really do not know how to use it.
As i mentioned, i want OpenVPN to be "connected" to the em2, vlan tagged interface.
Any ideas or documentation on how to do that?
Thank you in advance
-
i think this will need some more detail….
remember vlans are layer2 / ip is layer3. mixing them generally isn't done / can't be done / serves no purpose
-
updated this, hope the setup is and my intention is clearer now.
-
You cannot put 10.0.0.0/8 on an interface and use 10.100.5.1/24 to give to OpenVPN clients. Those subnets overlap.
If you, for example, assign the IP address 10.23.56.34/8 to a host on em2 and it has traffic for 10.100.5.1 it is going to think it's on the same subnet and not send the traffic back to the firewall to be forwarded to the OpenVPN client.
To tag traffic on a pfSense interface, you must first create a VLAN on the interface Interfaces > (assign), VLANs tab, then assign the interface to VLAN XXX on em2 in Interfaces > (assign). Then connect em2 to a switch port or device that expects traffic tagged on VLAN XXX.
