Hello all,
I am trying to virtualize my home OPNsense server on VMware ESXi 8. I have been able to spin up the vm, but when I begin to enable my vlans over their interfaces my OPNsense hangs up and goes dead. I then reboot it and lose all communication with it. I can no longer login to it via GUI and IP of LAN interface does not ping any longer.
Are there any gotchas in what I am trying to do? My hardware based OPNsense is all vlan, and I need this setup with my WiFi especially(multiple SSIDs). Is there a good forum or document that describes the process of implementing a solid virtualized firewall with vlans? I am able to deploy it using standard LAN and WAN interfaces but not with VLANs.
Thanks,
Steve
I recommend doing all vSwitch and VLAN management in ESXi and passing a sufficient number of virtual interfacesto OPNsense. Or, if you have free ports available, consider PCIe pass through.
I have 3 physical NICs I have allocated to this virtual firewall, not including the outside Internet interface. I use 6 vlans on my hardware firewall and wish to do the same on the virtualized firewall.
Are you advocating for 6 virtual interfaces presented to OPNsense, one for each vlan? As mentioned I have WiFi SSIDs as separate vlans, so I would assume present one interface to OPNsense, and configure the 3 vlans over that interface, but from the ESXi perspective I would have to configure the port group as vlan 0 correct?
One additional thing...
I can pass through all 3 physical interfaces.
Then use pass through. Most stable way to operate, no spontaneous reordering of interfaces, to name one problem that occasionally occurs. I'd go with 2. One for WAN and one for all the VLANs. If you have an LACP capable switch, you could run two bundled interfaces for the VLANs. That's exactly my setup.
I do have a LACP enabled switch but LACP is not supported on a standard vSwitch. Its only supported on a distributed vSwitch, so how did you do this?
If you use PCIe pass through OPNsense is connected directly to your switch. There is no vswitch involved.
Ahhhh....got it!
So last question for you. This is about my Internet connection. On my hardware firewall I connected the ISP ethernet cable directly to a NIC in the firewall, since this is DHCP. I have never been able to get the Internet to work with a switch in between. How do you do it and do you passthrough that interface also?
With your three interfaces I already suggested pass through. So you could plug right in without the switch.
Making good progress...but new question.
I have hardware firewall operating while I am building my virtualized firewall. I have enabled my first vlan on the virtualized firewall, and it's static IP is one up from the original vlan on the hardware firewall. I cannot ping the new static IP on the virtualized firewall from my PC.
Did you have to build a new firewall while keeping the original one operational?