1
17.1 Legacy Series / DHCP relay over IPSEC VPN?
« on: July 12, 2017, 11:03:16 am »
Hey everyone!
I'm a new user of OPNsense (been using PFsense for years though ) and have a question:
I need to replace a hardware router (Netgear ProSafe) that's missing a feature required for its purpose: Sending DHCP relay packets through an IPSEC VPN tunnel while using VLANs.
The router is operating directly behind a DSL modem as primary router of two VLAN networks. One VLAN is a "classical on-site" network, router plays DHCP server, as Internet gateway for a number of PCs.
The router also establishes an IPSEC VPN to a remote site. A number of thin clients it connected to a second VLAN. That VLAN needs to operate in DHCP Relay mode. The DHCP server to forward requests to is reachable over the VPN (has a VPN IP).
The Netgear router does not support the latter: DHCP relay always gets forwarded through the public interface, and not through the VPN.
Can OPNsense do better here? Does it forward DHCP relay packets through an IPSEC VPN tunnel if the relay target IP has an IP from the tunnel range?
I'm a new user of OPNsense (been using PFsense for years though ) and have a question:
I need to replace a hardware router (Netgear ProSafe) that's missing a feature required for its purpose: Sending DHCP relay packets through an IPSEC VPN tunnel while using VLANs.
The router is operating directly behind a DSL modem as primary router of two VLAN networks. One VLAN is a "classical on-site" network, router plays DHCP server, as Internet gateway for a number of PCs.
The router also establishes an IPSEC VPN to a remote site. A number of thin clients it connected to a second VLAN. That VLAN needs to operate in DHCP Relay mode. The DHCP server to forward requests to is reachable over the VPN (has a VPN IP).
The Netgear router does not support the latter: DHCP relay always gets forwarded through the public interface, and not through the VPN.
Can OPNsense do better here? Does it forward DHCP relay packets through an IPSEC VPN tunnel if the relay target IP has an IP from the tunnel range?