Comment on Opnsense and one ethernet port
anamethatisnt@lemmy.world 9 months ago
Your opnsense will have WAN (ethernet port) and your LAN side will be all virtualized. There’s no problem having VLAN 10 with 192.168.10.0/24 for your main vms and then VLAN 20 with 192.168.20.0/24 for your VPN machine. Setup deny rules in the firewall top stop the VLANs from communicating.
If this is inside your current home network you will end up with double NAT though.
mangaskahn@lemmy.world 9 months ago
If the opnsense interface on the WAN VLAN has a public routable IP address there shouldn’t be a problem with double NAT. Double NAT should only be a problem if they have a crappy ISP that’s using CGNAT.