The Man With The VLAN Plan

Right now I have to vpn on the specific client that I want to protect. I don’t always browse on a vpn but sometimes it really comes in handy. So I had a crazy idea that maybe I could have my router connect to the vpn and then when a device is on a certain vlan, all their traffic will go through the vpn.

So here is the plan, I have a server running pfsense as my router and it has a 4 gig trunk to my switch and one of its remaining 2 ports is the WAN connection to my cable modem. I figure I can just use the remaining port to vlan into the switch. pfsense doesn’t appear to have a way of separating a physical interface into virtual ones so I can’t simply use the 4 gig trunk. I think I can then just have all my switch ports basically trunk all vlans, since the default vlan will just remain like I’m not using vlans at all and then anything tagged will do its thing.

This is mostly a way to learn a bit more about vlans and routing in general. I have a basic understanding of these things and as far as I know what I am planning is totally doable. I am not completely sure how to setup pfsense to route a vlan to another interface. Like I don’t know if it’s done with a routing rule, or with firewall rules. Another thing I’m not sure about is how to config pfsense to server separate dhcp and dns on the vlan. I also don’t know if just setting all the ports on the switch as trunks will work.

A after project would be trying to setup the docker host so I can put a container on the vpn network, for example, I run a pihole container right now, but with this new vlan I wouldn’t want to use that same one, but it might be nice to put another one on there just for that vlan.