Greetings network guru's, I am new here and I signed up to purpose a network topology I have searched for hours online to no avail.
Id like to try and setup a dual router config (primary ddwrt, secondary pfsense) where both are on the same subnet and route only specific port traffic through vpn hosted by pfsense box. So far I have the basics mapped out, disable nat and dhcp on pfsense box, those being handled by the gateway router. Naturally set static ip on secondary within gateway lan subnet. I want it to just handle the openvpn client and route responses back to local gateway for lan clients. I have wondered if I need two physical interfaces on the pfsense box and vlan one on the gateway for proper packet flow, but I figure that because the tunnel isn't link layer the pfsense box could still route packets over the same Ethernet connection the tunnel is on just simply decrypted and re-framed?
I'm pretty sure I'm missing something though, otherwise this config should be much more ubiquitous (VPN dummy appliance wink wink). I know there is other ways around this problem but the main goal is to simply offload the VPN encryption calculations to a box better suited for high speed without complicating the net-worx or forcing all connections through the sublan/vpn. I'm open to hypothetical options. For the time being security of the VPN machine is not in the equation.
Any links, guides, advise, or suggestions will be appreciated. If I ever do get this project working the way I like I might do a right-up for it here. Thanks.
Id like to try and setup a dual router config (primary ddwrt, secondary pfsense) where both are on the same subnet and route only specific port traffic through vpn hosted by pfsense box. So far I have the basics mapped out, disable nat and dhcp on pfsense box, those being handled by the gateway router. Naturally set static ip on secondary within gateway lan subnet. I want it to just handle the openvpn client and route responses back to local gateway for lan clients. I have wondered if I need two physical interfaces on the pfsense box and vlan one on the gateway for proper packet flow, but I figure that because the tunnel isn't link layer the pfsense box could still route packets over the same Ethernet connection the tunnel is on just simply decrypted and re-framed?
I'm pretty sure I'm missing something though, otherwise this config should be much more ubiquitous (VPN dummy appliance wink wink). I know there is other ways around this problem but the main goal is to simply offload the VPN encryption calculations to a box better suited for high speed without complicating the net-worx or forcing all connections through the sublan/vpn. I'm open to hypothetical options. For the time being security of the VPN machine is not in the equation.
Any links, guides, advise, or suggestions will be appreciated. If I ever do get this project working the way I like I might do a right-up for it here. Thanks.