I have a Peplink Balance 710 acting as both DHCP and LT2P VPN router for our office.
Our default untagged VLAN is used by our servers, and VLAN 16 is used by our normal workstations.
VPN only works if I enable DHCP on the untagged VLAN. This allows outsiders to VPN into our network, but it also causes workstations that are supposed to be on VLAN 16 to accidentally get an IP on the untagged VLAN subnet, which breaks their internet access.
I’m trying to find a workaround. I was going to simply make the DHCP IP range for the untagged VLAN just large enough for the VPN clients to all fit at once, and create a reservation for each one, but VPN clients do not pass MAC address information, so there is no way to make a reservation for them. Redoing the whole network’s VLAN setup to workaround the issue would be extremely involved right now.
Does anyone know if there’s a way to:
A) Create a reservation by the VPN client’s hostname or otherwise find a way to pass it’s MAC address to the Peplink?
B) Allow the Peplink to place VPN clients on a VLAN besides the untagged VLAN (Peplink says the Balance is currently limited to only putting VPN clients on the untagged VLAN)
C) Explain to the DHCP server portion of the Balance that it should be advertising the untagged DHCP server to VPN clients only?