Not quite sure if this is the right section to post this in - I failed to locate posting guidelines in the forum. Please redirect if I am off course here.
We are a small media company adjusting to a primarily WFH reality and with the powers that be deciding to make this change permanent regardless of what the future might look like, I have been given quite free hands to set up a more permanent solution to our current very-temporary "solution".
I am looking to set up a Proxmox install with a couple of pfSense virtualized containers handling our network isolation and VPNs, but as I am quite new to these tools (previous solution involves a number of interconnected routers barely running NAT and OpenVPN), I would like some feedback on the viability of my plan. If you don't mind, I have outlined it in the attached illustration.
Notes:
We are a small media company adjusting to a primarily WFH reality and with the powers that be deciding to make this change permanent regardless of what the future might look like, I have been given quite free hands to set up a more permanent solution to our current very-temporary "solution".
I am looking to set up a Proxmox install with a couple of pfSense virtualized containers handling our network isolation and VPNs, but as I am quite new to these tools (previous solution involves a number of interconnected routers barely running NAT and OpenVPN), I would like some feedback on the viability of my plan. If you don't mind, I have outlined it in the attached illustration.
Notes:
- Ethernet 1-4 represent physical ports on the server.
- All VPNs are TAP.
- Solid connections represent actual wires to physical devices.
- Dashed lines represent virtual connections in Proxmox/pfSense configuration.
- Dotted lines represent implicit/automatic connections from one network to a VPN'ed network.
- Is that even a thing? I would like to avoid asking the team connecting to VPN 5 to also have to separately connect to VPN 6 and VPN 7. Not an absolute, but it would definitely make the setup easier to sell to them.
- While this would run on a single Proxmox install, I would assume that each firewall/NAT node (and optional VPN module) needs to be a separate pfSense install.
Attachments
-
164.3 KB Views: 23