I have a network as follows:
main router (AX86U Pro) 192.168.x.x
AI Node (2nd AX86U pro)
Have guest network pros with 2 current vlans of 52, 53
Have about 30 clients in general (don't know if that mattes)
My issue is we now need to add some clients all wired to a IPSEC VPN and the AX86U PRO doesn't support this so I have made a opnsense/pfsense box out of a GK41 miniforums. The wan will come into this and the AX86U pro will get the lan port. I have successfully tested the wan coming into a OpenVPN connection and then through a vlan made on the gk41. My question is is there a way to get the asus wan port to see this tagged traffic, and if not my plan is to use hardware I already got atm which is a tp link smart switch off the gk41 lan port to put the vpn client devices on a tagged port (10) and the asus on another tagged port (11). I need one device in the IPSEC VLAN (tagged 10) to see the lan (tagged11) of the asus though, I am trying to figure out if this is possible with a rule in pfsense?
EDIT: Also if I were to just ditch the ASUS as the router it self and use the pfsense as the only router and put my main asus into AP mode It would no longer be able to make an AImesh right and I would just have to have two separate AP routers which is not ideal?
main router (AX86U Pro) 192.168.x.x
AI Node (2nd AX86U pro)
Have guest network pros with 2 current vlans of 52, 53
Have about 30 clients in general (don't know if that mattes)
My issue is we now need to add some clients all wired to a IPSEC VPN and the AX86U PRO doesn't support this so I have made a opnsense/pfsense box out of a GK41 miniforums. The wan will come into this and the AX86U pro will get the lan port. I have successfully tested the wan coming into a OpenVPN connection and then through a vlan made on the gk41. My question is is there a way to get the asus wan port to see this tagged traffic, and if not my plan is to use hardware I already got atm which is a tp link smart switch off the gk41 lan port to put the vpn client devices on a tagged port (10) and the asus on another tagged port (11). I need one device in the IPSEC VLAN (tagged 10) to see the lan (tagged11) of the asus though, I am trying to figure out if this is possible with a rule in pfsense?
EDIT: Also if I were to just ditch the ASUS as the router it self and use the pfsense as the only router and put my main asus into AP mode It would no longer be able to make an AImesh right and I would just have to have two separate AP routers which is not ideal?
