How do I do this? 4 port pfsense router, VLAN to VPN

[ZeusXI]

So I have this device https://www.amazon.com/dp/B09PHHXN9V?psc=1&ref=ppx_yo2ov_dt_b_product_details

 

It has 4 Ethernet ports on the back. Port 0 in which I am using as a WAN (in) and the other 3 are normal LAN. 

This is using pfSense.

 

I would like Port 0 being the wan, Port 1 being LAN for normal day to day stuff like gaming PC, wifi AP, TVs, etc

I would like Port 1 to be a VPN, which I will be using ProtonVPN for, and have a wifi AP dedicated for wifi VPN devices.

 

Not the best drawing in Paint, but kinda what I had in mind. I think there is going to be something with VLANs, but I really don't know how to set those up. 

 

Any help would be appreciated. The Normal Wifi AP is going to be Ubiquiti so there is a switch with the cloud key on it with the AP hooked up as well. Its not a managed switch. 

the VPN AP is a TP-Link router I just had laying around which is going to be in AP mode and DHCP is done on the pfSense.

 

[Bombastinator]

You opened it up and put memory and storage in it yet?

[ZeusXI]

6 minutes ago, Bombastinator said:

You opened it up and put memory and storage in it yet?

Of course. It already has pfsense installed onto it as well as ProtonVPN set up with the certificates. 

[Bombastinator]

16 minutes ago, ZeusXI said:

Of course. It already has pfsense installed onto it as well as ProtonVPN set up with the certificates. 

So you also loaded an OS and you need instruction on how to set up the OS.

[ZeusXI]

1 minute ago, Bombastinator said:

So you also loaded an OS and you need instruction on how to set up the OS.

The OS is already set up. I am not sure how to use VLANs if that is what I need. I just want normal LAN on Port 1, and then VPN to go through port 2. 

[LIGISTX]

39 minutes ago, ZeusXI said:

The OS is already set up. I am not sure how to use VLANs if that is what I need. I just want normal LAN on Port 1, and then VPN to go through port 2. 

You only need vlans if you have and plan on using managed switches… I would possibly google vlans and read up on what they are… it would be easier for you to find a video to watch on YouTube then me to try and explain it. But the shirt version is, they are virtual subnets that ride the same wire as each other. You don’t need this if your going to use a dedicated AP for this separate subnet. 
 

If you have AP’s that are vlan aware, you can have multiple SSID’s each with different sunsets, all from the same IP. But this doesn’t sound like what you have nor what your trying to do.

 

You need to set up a subnet on port 2 like you did for port 1, make sure the firewall rules are set up as you would like (likely something like deny all, and only allow traffic out the WAN), plug in your AP, and your basically done. Just have to set up DHCP and such on that new subnet. 
 

Although, I just re-read this. You will be using UniFi…. Which is vlan aware. You don’t need a second AP, the 1 AP can have multiple SSID’s, each with s vlan tag (and this different subnets). 
 

Go on YouTube and look up lawrence systems. He had many pfsense videos on how to do this specifically with UniFi gear. And he has videos on how to pipe specific things out over a VPN. I have a similar setup to what you want and I got there from his videos. 

[ZeusXI]

14 hours ago, LIGISTX said:

 

Go on YouTube and look up lawrence systems. He had many pfsense videos on how to do this specifically with UniFi gear. And he has videos on how to pipe specific things out over a VPN. I have a similar setup to what you want and I got there from his videos.

 

 

Thank you very much. This seems like what I may be looking for. I will work on this when I get out of work today! Thanks a bunch!