OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: jstrebel on November 10, 2015, 04:31:49 pm

Title: VLAN Trunk / tagging with VirtualBox
Post by: jstrebel on November 10, 2015, 04:31:49 pm
Hi, I am trying to set up my OPNsense as a virtual appliance in VirtualBox. (VirtualBox 5.0.8 on OS X 10.11.1)
The WAN IF traffic should reside in VLAN 10 and the LAN traffic in VALN 20.
But i am not able to "teach" VirtualBox to do VLAN tagging. ( at least I do not see with Wireshark that the traffic leaving  the MAC has VLAN Tags. ( Wireshark runs on other PC and captures the traffic on a mirrored switch port)
One of my suspicion is the Type of Adapter I need to select.
There are two PCnet Am79C973 and Am79C970A and Intel PRO/1000 MT Desktop,  Intel PRO/1000 T Server,  Intel PRO/1000 MT Server.
Googling around indicates that running under WIN requires a special driver. But I can't find anything which helps me with OS X.

Thank you for your advises Jakob

Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: domg on November 10, 2015, 08:43:40 pm
Hi Jakob,

I think you can create vlan interface directly in Mac OS X
http://www.ogris.de/howtos/macosx-tagged-vlans.html

I just tried and I can select interface vlan0 in bridge mode in VirtulBox VM
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: franco on November 11, 2015, 09:27:37 am
Yes, the VLAN is terminated in the host, but not assigned. These VLAN devices are bridged into WAN and LAN of the guest. That way VirtualBox does not need any VLAN configuration.
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: jstrebel on November 11, 2015, 12:02:41 pm
Thank you for your advises. What is the best path to my goal.
Define the VLAN's in the MAC as recommended by "domg" or define it in the VM/OPnsense.
I am looking for a portable solution which runs also on WIN(Server) using Virtual Box.
Thanks for your help. I promise I will document it and publish it on OPNsene.
Jakob
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: franco on November 11, 2015, 02:58:32 pm
I was also suggesting VLANs in the host for fear they will be dropped by the host (OSX) because the VLAN is not known to it. Then there's no way for the guest (OPNsense) to get to the VLAN.
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: jstrebel on November 17, 2015, 03:06:19 pm
Did a new try.
First I configured a physical box assigned to Interface (em1) tree VLAN's
LAN VLAN ID 10, WAN VLAN ID 20, and OPT VLAN ID 30. Conncted this to my VLAN switch.
I verified that LAN traffic goes to VLAN 10 WAN to 20 and OPT to 30. This confirms that my external settings is ok.

Test1:
Now I go Virtual Box and Create one bridged Ethernet Interface (Intel PRO/1000MT Server(82545EM)
Now I OPNsense and create the VLAN and assign it like above.
-> OPNsense does not seem to Tag VLAN ID's to the Trunk Interface.
-> A PC connected to the assigned switch LAN Port which should communicate on VLAN 10 does not get a IP address. (DHCP for LAN is configured of course)

Test2:
I create in the MAC under Networks 3 VLANs (10,20,30) for the physical Ethernet Interface.
There is no VLAN tagged traffic on the trunk interface.

Test 3:
I configure 3 Bridged Interfaces in Virtualbox.
Then assign each of this interfaces to a different VLAN, which where previously configured in the OS X Network settings. Same I did for test 2 above.

Q: what I am doing wrong?
Jakob
 
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: franco on November 19, 2015, 12:21:25 am
After you create the 3 VLANs on the MAC (host), the traffic on those VLANs is *untagged*. This means the VLANs are bridged to OPNsense (guest), where you don't use VLAN configuration at all. Or did I miss something?
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: jstrebel on November 19, 2015, 08:17:52 am
Franco, thank you for taking this issue.
My understanding is (with this configuration) that I create the VLAN's in the OPNsense. Then this tagged traffic should pass the VBOX VM interfaces and finally leave the MAC Ethernet adapter as ( VLAN tagged traffic) to the external VLAN switch port configured as a trunk interface. This Trunk IF has 3VLAN's configured. (10,20,30) This VLANS go to different physical ports on the switch. I have put my wireshark (running) on a separate PC on the Trunk IF of the switch. I don't see at this point any tagged traffic. This means either Virtual Box or the OS of the PC removes the tags. I have to assume its removing. Because the traffic exchange I see on the trunk with wireshark indicate the OPNsense send packet which leave the physical PC Interface.

In the mean time I installed Virtual Box also on a WIN7 PC and tried to do the same. I see the same results. The issue I have seems not to be OSX specific. In my opinion I do something wrong. What?
Jakob
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: franco on November 19, 2015, 07:45:26 pm
VLANs in OPNsense are not needed and are likely discarded by the parent interface in the host.

Can you post your ifconfig for OSX and OPNsense?
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: jstrebel on November 20, 2015, 08:21:32 am
Franco, thank you.
wich instance in this chain from OPNsense --> VirtualBox --> PCos --> Network adapter should apply the required VLAN Tags. Attached  the screen shot from Win7
Jakob
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: franco on November 24, 2015, 10:27:22 pm
I'm not seeing a VLAN Adapter in the Windows 7 Host? If you add one, you can bridge it to virtual box. Anything else will likely not work.

http://www.heise.de/netze/artikel/Windows-224006.html
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: jstrebel on November 24, 2015, 11:17:15 pm
Franco, thank you. I have read this article.
This would require the WIN PC must have a physical Intel Ethernet card. There are other sources in the web which indcate Win7 driver pass VLAN tags if QoS is activatet. My wireshark traces on the other hand indicate that the outgoing traffic to the switch are tagged. There is a lot of confusing stuff around vlan. Acording administrator.de virtual router appliances should work. There is a very active person called aqui who states this. I am wondering what i do wrong?
Jakob


Gesendet von iPhone mit Tapatalk
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: franco on November 25, 2015, 07:26:49 am
Conceptually there is nothing wrong with this setup. It could be anything from bridge not being in promiscuous mode to VLAN-ignore in Virtual Box's network core code. Since you're using Windows now... have you tried Hyper-V instead? We have some experts here that use this and I'd be surprised if it doesn't work there.

http://www.it-administrator.de/themen/virtualisierung/fachartikel/123225.html
Title: Re: VLAN Trunk / tagging with VirtualBox
Post by: jstrebel on November 25, 2015, 08:41:31 am
Hmm, promiscous mode was all the time on.


Gesendet von iPhone mit Tapatalk