Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
IPSEC and VLAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC and VLAN (Read 5224 times)
swingline
Newbie
Posts: 36
Karma: 1
IPSEC and VLAN
«
on:
May 08, 2018, 11:05:54 am »
I currently run pfSense but I have recently ran into a limitation of pfSense and I am looking for an alternative and I hope that Opnsense will be a good fix.
Because of some local changes regarding VPN usage, I am no longer able to utilise OpenVPN protocol. With my current setup, I route all LAN except a few devices in an alias over VPN.
Here is a diagram of my current network.
What I would like to do is:
Create a VLAN 10.0.100.1 for Server VM(s)/Docker
IPsec connection for LAN 10.0.0.1 covering unmanaged switch and AP(s)
Allow LAN to VLAN traffic while connected to IPsec
Currently, pfSense is unable to accomplish this, is this something that I could achieve with Opnsense?
Logged
GPz1100
Newbie
Posts: 18
Karma: 1
Re: IPSEC and VLAN
«
Reply #1 on:
May 09, 2018, 06:52:54 am »
Vlan's are a level 2 concept. IP addresses are level 3.
You need to define your vlans in your unifi switch. They can be port based of tag based. IE, you can define a set of ports (say 1-5) to be on vlan 5. You can define any subnet on that vlan you wish.
Or you can define multiple vlans on a single port. To do so, you must use vlan tags. The whole vlan concept can be confusing at first, but it's really not. It's mainly a way of separating your network on a switch level. You can even have same subnet on different vlans (not sure why you'd want to, but it's possible). Each would be it's own isolated network.
Logged
swingline
Newbie
Posts: 36
Karma: 1
Re: IPSEC and VLAN
«
Reply #2 on:
May 09, 2018, 05:48:30 pm »
Thanks for the reply but I have the VLAN up and working with pfsense and the unifi switch. The problem is with PFsense when I enable the IPsec tunnel on the LAN subnet the VLAN subnet stops routing outbound over wan.
Logged
GPz1100
Newbie
Posts: 18
Karma: 1
Re: IPSEC and VLAN
«
Reply #3 on:
May 09, 2018, 09:02:00 pm »
I've only started to explore opnsense. On sophos utm, routes were automatically created with any new interface but were not operational until creation of firewall rules allowing traffic from/to one interface to another. I'm still figuring out opnsense but maybe this is somehow applicable too.
Just to clarify, the issue is accessing internet from the vlan when the ipsec tunnel is enabled?
Logged
swingline
Newbie
Posts: 36
Karma: 1
Re: IPSEC and VLAN
«
Reply #4 on:
May 10, 2018, 02:22:15 pm »
Quote
Just to clarify, the issue is accessing internet from the vlan when the ipsec tunnel is enabled?
Correct, I have LAN to VLAN communication but it's like PFsense cant split LAN and VLAN traffic when dealing with IPSEC. But I'm starting my weekend now so I think I will install opnsense when the family is asleep and see if I can get it to work without having to get new hardware.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
IPSEC and VLAN
