Text only | Text with Images

OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: opx on February 21, 2022, 09:46:22 PM

Title: [Solved] DHCPv6 & Can't get Host as Part of private Network
Post by: opx on February 21, 2022, 09:46:22 PM
Hello,

first hello everyone - and I hope it's the right section - I'm completely new here and to OPNsense :)

I have a dedicated Server with one physical NIC (used with vmbr0), running Proxmox and there I created a VM with OPNsense [two NICs, vmbr0 (WAN) - vmbr1 (LAN)]. My Plan would be to have a private network like 10.10.25.0/24 on vmbr1 where I place multiple VMs, the OPNsense exposes services which should be public, other services get accessed via Wiregard (provided via OPNsnese).

What's working so far? OPNsense setup, LAN/WAN setup (DualStack), Connected VMs get an v4-IP via DHCP from the OPNsense-VM (v6 sadly - and I don't find the problem so far)

What's not working: I also try to get an IP via DHCP (any v4/v6) for vmbr1 on the host so that the host can also communicate to the VMs like ping/ssh/etc. But DHCP is running constantly into timeout.

interfaces (host):
Code Select

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
address 31.xxx.xxx.57/24
gateway 31.xxx.xxx.1
bridge-ports eno1
bridge-stp off
bridge-fd 0

iface vmbr0 inet6 static
address 2a0a:xxxx:0:xxx::57/64
gateway 2a0a:xxxx:0:xxx::1

auto vmbr1
iface vmbr1 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0


I'm happy to provide more details/OPNsense configs but I'm currently not really sure what would help - so please let me know :)

Stay safe, best wishes!
Title: Re: DHCPv6 & Can't get Host as Part of private Network
Post by: opx on February 21, 2022, 11:57:34 PM
I got it working with some help, there are two possible solutions as the problem was you can't use an empty bridge to communicate:

1. Dummy-Interface

Code Select

auto lo
iface lo inet loopback

auto dummy0
iface dummy0 inet manual
pre-up /sbin/modprobe dummy

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
address 31.xxx.xxx.57/24
gateway 31.xxx.xxx.1
bridge-ports eno1
bridge-stp off
bridge-fd 0


iface vmbr0 inet6 static
address 2a0a:xxxx:0:xxx::57/64
gateway 2a0a:xxxx:0:xxx::1

auto vmbr1
iface vmbr1 inet static
address 10.10.25.2/24
network 10.10.25.0
bridge-ports dummy0
bridge-stp off
bridge-fd 0
pre-up /sbin/modprobe dummy


You need to load mod "dummy" and possibly (for me) needed a reboot.

2. VLANs

Code Select

auto eno1
iface eno1 inet manual
        bridge-access 90

auto vmbr0
iface vmbr0 inet manual
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 10 90

auto vmbr0.10
iface vmbr0.10 inet manual
        address 10.10.25.2/24

auto vmbr0.90
iface vmbr0.90 inet manual
        address 31.xxx.xxx.57/24
        gateway 31.xxx.xxx.1

auto vmbr0.90
iface vmbr0.90 inet6 manual
        address 2a0a:xxxx:0:xxx::57/64
        gateway 2a0a:xxxx:0:xxx::1


Then you can assign two times vmbr0 to the VM and set VLAN-ID 90 for the WAN interface, and VLAN-ID 10 for the LAN one.
Text only | Text with Images