Hi there,
Just wondering does anyone of you have such setup?
So far the main entry point for my DMZ/LAN is by using my main 2FA (FreeRADUS) enabled OpenVPN. Although this setup is quite secure it has some limitations, so to say:
- When I lose internet connectivity it is hard to get there, because my public IP address is changed/not working/does not exist
- I can’t bind the OpenVPN to internal network, because there is no such functionality, OpenVPN can be bound only to one interface (in my case WAN)
Probably there are more, but the two mentioned above are enough I think 
From this point we have a million ways to go, for instance:
- Add one switch port to management VLAN and allow all traffic to pass through
- Create new OpenVPN or Wireguard and use it to access pfSense and the rest of the secure network management
- Back to the good old times and try something like PPPoE (not secure enough)
- Try something new (for me) like 802.1X
To be hones I’m keen to learn more about 802.1X and even try to configure WPA-Enterprise and Port-Security.
Back to the question, does anyone of you have such setup?