Pfsense VPN test environment

I am looking for help to set up a test environment to set up pfsense routers for site-to-site VPN.

I currently have an SG-2100 at my office with a peer to peer shared key VPN to my home and the home of an employee. I know shared key is being phased out and I need to convert to TLS.

I am trying to set up an SG-1100 for a new employee and struggling with the TLS set up. I will call this router the SG-1100e for employee. Both the SG-1100e and SG-2100 see each other but I am not able to ping.

To set this up, I have the WAN port on the SG-1100e leasing an IP address from the SG-1100 I use for my home router. I will call my home router SG-1100h. Before I ask for assistance with getting the site-to-site VPN set up, I would like to make sure my test environment is not contributing to my problem getting the SG-1100e set up. Essentially, I hope to have my SG1100h pass Internet traffic to the SG-1100e such that it would act as if the SG-1100e were at another location connected directly to the Internet via a modem.

I welcome your thoughts and suggestions.

I think that while it could work, it’s going to be a bit problematic and a bit tricky to work with. Any chance you have a L2-capable switch floating around that you could use to build a simple lab environmnet?

I have some Unifi managed switches waiting for deployment and some plain Jane
TP-link switches.

If any are L2-capable, I would probably set up a quick lab. Create a pair of VLANs each with a subnet. Plug each pfsense into one VLAN using that VLAN’s subnet as the WAN. Set routes on the switch to route one VLAN to the other. Voila, instant mini-internet. You can configure your VPN, then when you’re ready just change the WAN IPs and VPN “remote” IPs as appropriate.