OPNsense with IPsec VPN and DHCP relay

[bx2]

Hello everyone,

I'm working on building out the configuration for our new Deciso DEC2752 that will be going into a remote office.

Between HQ and remote office, I would really want to use DHCP relay inside the IPSec VPN tunnel so that the workstations and users at the remote office get IP addressing from our DHCP servers at HQ.

I came across past posts about some issues with this type of configuration but I'm not clear if it was a configuration issue or a problem within FreeBSD/OPNsense.

As I have the business license with our unit, I'm sure we will be using ISC DHCP.

Does anybody have any recent experience with the latest versions of OPNsense and DHCP relay inside IPSec VPN?


Thanks


Edit:
From reading this post: https://forum.opnsense.org/index.php?topic=39555.0

"We're moving to OpenBSD's dhcrelay (the development version migration is done) which can theoretically handle layer 2 and layer 3 relay, but there are no plans to start dashing out layer 3 relay support in OPNsense. We did always require a layer 2 device to relay from."

My remote site would be:

OPNsense FW --> Aruba L2 2530 Switch.

The aruba switch allows me to set ip helper-addresses on each vlan.

So if I set my DHCP server IP for each VLAN ip helper-address entry per vlan on the switch, does this sound like it would work? This way I don't have to configure DHCP relay in OPNsense and use my L2 switch for that instead.

The remote site is about 2 hours away so I'm trying to understand how to make this work, test it and deploy it.