Hi to all,
I'm currently, having issues with my OPNSense installation on Proxmox. I have VM and OPNSense installed in Proxmox. I used Proxmox SDN simple Lan config to connect to interconnect both the VM and OPNSense
VM<==Simple SDN LAN==>OPNsense(NAT)<===>PCIEbypass<==>Internet
The issue i'm facing right now is that, whenever the VM is restarted, it always loose its connection to the Internet. The Internet connection won't get back but have ping on the direct interface(gw) ip of OPNsense. I I need to restart the OPNSense Interface assigned for that SDN LAN. After restarting the Interface in OPNSense, internet connection will be back again. I already adjusted the MTU as well on the SDN interface but still no luck. Whenever a VM who use OPNSense as Internet GW, always looses its connection to the internet. I've already check the logs but no information can be found for the reason.
Hope someone can help, who experience the same thing.
OPNsense 24.1.10_2-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.14
Proxmox-VE 8.2.2
Thank you,
Mike
Not sure if this is the same, but your temp fix aligns with a behaviour I also experienced setting up a similar network being new to both OPNSense and Proxmox.
This is what I had done:
In Proxmox I had created a VNet within my Simple Zone, and within the VNet a Subnet to sit behind the OPNSense firewall.
eg.
Edit: Subnet -> General
Subnet: 10.0.0.0/24
Gateway: 10.0.0.1
SNAT: unchecked
DNS Zone Prefix: blank
No DHCP Ranges, I planned to let OPNSense take care of that.
In OPNSense, my LAN interface within the Simple SDN was statically set to: 10.0.0.1
When configured this way I experienced the same problem you describe and found that when I restarted the LAN interface on the OPNSense VM connectivity would return for the VM inside the subnet.
The thing I did to resolve it was edit the Subnet again in Proxmox and remove the Gateway.
Admittedly I haven't yet dug through the docs to confirm, but I suspect setting the Gateway to an IP on the subnet in proxmox creates a virtual router/dhcp server which was contesting the IP address.
I didn't think of it until after I'd resolved the problem but I should have used arp on the OPNSense VM and internal VM to confirm.
When the network is working after you restart the interface use both the OPNSense VM and internal VM to ping the LAN OPNSense IP (10.0.0.1 in my case), then do arp -a for both, they should display the same mac address for the IP.
Then when the network isn't working correctly, repeat test again and see if the internal VM now reports a different mac address for that LAN IP.
yes, the very same issue. I no longer use SDN LAN, I just use the Linux Bridging. I just create new Linux Bridge and member the VM and OPNSense GW interface on that.
VM<==Linux Bridge(VMBR)==>OPNsense(NAT)<===>PCIEbypass<==>Internet
Thanks,
Mike
I had the exact same issue before, but it happened on pfSense.
Turns out that there was conflict of DHCP between the pfSense and Proxmox SDN.
If setting up Subnet, Gateway, DHCP range in VNet and automatic DHCP in Zone. Then the SDN will become a DHCP too.
After restarting the firewall, the guest VMs get IP from pfSense DHCP, but if restarting the guest VMs, the VMs go to get IP from SDN DHCP.
Assume that the gateway IP settings are the same for both the firewall and SDN. You never know which DHCP is used by the VMs unless you go to check the lease record.
When you found that the VMs couldn't access the Internet, you tried to ping the gateway and it was successful. However, at that moment in time, you were actually pinging the gateway of SDN.
I think your OPNSense had set up NAT for VMs to access the Internet, but not the SDN. That was why when the VMs get their IP from OPNSense can go to the Internet but failed when they got the IPs from SDN.