I'm trying an experiment. I want to see if I can backup my physical OPNsense setup (still running 24.7.12) with a hyperv guest.
First step was just to get opnsense running there, and I'm completely stuck.
My LAN interface VLAN (1) is untagged. The other VLAN's are tagged.
I cannot get the LAN interface to respond to an arp (or of course thus a ping) when the HyperV VM is set to pass VLAN 1 as native as below. I set a ubuntu VM this way and it works fine, an untaged ethernet interface works fine, so I don't think it is my VM setup.
VMName : OPNsense
VMId : ed48f3f0-d5e0-41d1-af84-f3df9a701a81
AdapterName : Network Adapter
AdapterId : Microsoft:ED48F3F0-D5E0-41D1-AF84-F3DF9A701A81\58C90972-3220-4045-89AC-D22295476BC7
OperationMode : Trunk
NativeVlanId : 1
AllowedVlanIdList : 1,131,134,136-137
If I set up other VLANs in OPNSense, I can ping from them to devices on those vlan's, so the tagged interfaces work.
If I set the LAN interface to be tagged though (even the same as one I just used) it won't work so long as it is the LAN interface.
When it books it shows the LAN interface as hn0 and with the right V4 IP address. Pinging from it appears to arp (I can see packets on the target system) but the response never appears as the "who has" arp is never answered. It's just a switch in between, no routing is involved. This is the same basic configuration I use with a separate, physical OPNSense configuration with real nic's, and same switch configuration feeding its ports (obviously HyperV is not in the middle).
I'm thinking there is something odd about the combination of untagged and "LAN" but I do not know what I'm looking for, and since I cannot get to the GUI at all I can't explore there. TCPDUMP from the shell command line never show the ARP "who has" reaching the NIC, so my GUESS is it's being filtered, or the lack of a tag is confusing it.
I don't know enough about opnsense/linux from the shell command to know where to go from here.
I've reinstalled 3 times. I'm using the older version as that is what I have running physically, but I do not think that's relevant.
I CAN get it to work if I un-trunk the LAN interface, but while that might work it won't mirror my physical machine, and I hope to be able to transfer configs between.
Any thoughts?
Linwood
PS. I do HyperV configs all the time for windows and linux. It's always possible I missed something but I think the issue is in my OPNSense setup not HyperV.
So I rebuilt this so that the interface that becomes LAN is an untagged (access) port, and trunked all VLAN's into another interface from which I build the other OPNsense VLAN's, in that case not using the native (untagged, PVID) VLAN on that trunked port.
That works. It's not a good mirror for the physical OPNsense, but it works.
It seems like, on HyperV, something about the LAN interface (specific to the LAN) is not happy on a trunked interface at least with the LAN VLAN native.
Which is weird. Ubuntu works perfectly fine in that setup. And OPNSense (same version) works perfectly fine in that setup on physical hardware.
I remain confused. But I guess I can work around this by just using LAN as a separate access/untagged virtual interface.