Show Posts
1
General Discussion / Standby server in VM
« on: November 04, 2020, 11:09:29 pm »
Hi!
I am a newbie on OPNsense, I managed to install in the past on a mini pc (qotom) and set up with a simple config so that everything that I want is running fine (I need very few firewall, nat or port forwarding rules).
Now, I also have a proxmox server that I would like to make a VM for running a new OPNsense instance. My idea is to export the config from the main server and import in the VM, and so that I can:
- Play around with it (but leaving the LAN and WAN interfaces physically disconnected)
- Also leaving the VM as a standby solution (if I have a problem in the qotom, I want to connect the cables to the server and power on the VM)
I do not intend to have a live HA kinda solution (overkill to what I want).
Now, since I do not want to have 2 router running at all times (huge problems on DHCP, and IP conflicts), I had the idea of having the OPT1 interface as the "management" interface, so that this can be connected on the VM, and I can connect on the HTTP interface and play around (the LAN will not be reachable).
I thought about having a separate IP range for the OPT1, but then I may have to add some routes to be able to reach it from my PC (which only as the main IP). I tried doing it but did not succeed.
Maybe there is a cleaner way to do it..
Any ideas or inputs?
Thank you a lot!
Eddie
I am a newbie on OPNsense, I managed to install in the past on a mini pc (qotom) and set up with a simple config so that everything that I want is running fine (I need very few firewall, nat or port forwarding rules).
Now, I also have a proxmox server that I would like to make a VM for running a new OPNsense instance. My idea is to export the config from the main server and import in the VM, and so that I can:
- Play around with it (but leaving the LAN and WAN interfaces physically disconnected)
- Also leaving the VM as a standby solution (if I have a problem in the qotom, I want to connect the cables to the server and power on the VM)
I do not intend to have a live HA kinda solution (overkill to what I want).
Now, since I do not want to have 2 router running at all times (huge problems on DHCP, and IP conflicts), I had the idea of having the OPT1 interface as the "management" interface, so that this can be connected on the VM, and I can connect on the HTTP interface and play around (the LAN will not be reachable).
I thought about having a separate IP range for the OPT1, but then I may have to add some routes to be able to reach it from my PC (which only as the main IP). I tried doing it but did not succeed.
Maybe there is a cleaner way to do it..
Any ideas or inputs?
Thank you a lot!
Eddie