Site-to-Site and Remote Access VPNs on one appliance running pfSense

Currently have a Remote Access VPN running on a Windows Server (L2TP/IPsec) which requires port forwarding on routers. Want to add a site-to-site VPN to connect to Azure for additional features like file services. Problem is that would be same ports to single IP address, and one IP address that can change.

Watched videos on adding Ubiquity APs and have separate VLans for “business” and “guest” Wifi. Now have 2 routers serving the 2 VLANs working as needed and connected through a 3 rd router for the ISP (not really needed.) The catch is noticed in the video the use of pfSense firewall likely could replace the routers (simplification) while adding an intentional firewall.

Looking at “What else can pfSense do?”, gets back to the VPN question of how can the pfSense be configured to have a Site-to-Site and Remote Access VPNs concurrently? Just starting to glance through the doc it looks like the Site-to-Site could be L2TP/ipsec right in pfSense, and the Remote Access could be configured in OpenVPN as it looks like different ports.

How would you approach the VPNs on pfSense?

Are there any features to look for when selecting a Netgate appliance?

You could always spin up a Linux box and have it initiate the IPSec tunnel to Azure and then make sure you NAT all the traffic through it. This would let you use the same single IP.

With PFSense, you can have all VPN - L2TP, OpenVPN, Wireguard running on the same device.

With OpenVPN and Wireguard you specify the port used - you could have one port for site to site, and another port for client vpn access

Search youtube , various video on setting vpn’s on PFSense