Messages

Thanks for responding.

The switch etc configurations should be fine - they were working before. The only real difference other than the proxmox box is that I've moved it to the garage from inside the house.

The network looks like this:

Switch WIFI AP -- dual ethernet LACP -- switch -- bond -- proxmox .. opnsense.
|
|
WIFI AP

Before it looked like:

    Switch           -- dual ethernet LACP -- switch -- test servers
|                |
|                |
WIFI AP   opnsense router

I migrated an existing, working configuration over to a newly set up proxmox box.
Everything is as it was before other than modified interface names in the config file prior to loading it - VLAN configurations, WiFi access points etc. However, Nothing on the VLAN gets a lease.

The box has a quad intel network card and a realtek integrated interface. Only the quad is in use, with a 2 port bond and the other ports as WANs in a load balancing gateway group (as per the docs).

The untagged network is on 192.168.1.* and there is a VLAN at 192.168.5.*.
I can ping the opnsense router on the VLAN from the LAN, but anything connected to WiFi does not get a lease.

My /etc/network/interfaces on the proxmox host looks like this:

Code Select Expand

auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet manual

auto enp1s0f0
iface enp1s0f0 inet manual

auto enp1s0f1
iface enp1s0f1 inet manual

auto enp1s0f2
iface enp1s0f2 inet manual

auto enp1s0f3
iface enp1s0f3 inet manual

auto bond0
iface bond0 inet manual
bond-slaves enp1s0f0 enp1s0f1
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2+3

auto vmbr0
iface vmbr0 inet static
address 192.168.1.200/24
gateway 192.168.1.1
bridge-ports bond0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet static
address 192.168.1.201/24
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
#Realtek LAN

auto vmbr2
iface vmbr2 inet manual
bridge-ports enp1s0f2
bridge-stp off
bridge-fd 0

auto vmbr3
iface vmbr3 inet manual
bridge-ports enp1s0f3
bridge-stp off
bridge-fd 0


Gateway switching is turned on.

Some screenshots of the config:

I'm setting up an embedded box which has 2 integrated Intel gigabit ports. I have a gigabit local network and two WANs - 30mb 'FTTC' and circa 15 - 20mb 4G / LTE.

What would the best configuration be here?

Bond the ports and try setting up additional VLANs for the WANs?
Buy a USB3 network interface for the LTE WAN?

Thanks

[The NAT port forward rule looks like this:]

This one is a little strange, as I was copying a known working configuration from another opnsense box I have, but I can't get it working.

After a wasted day, I would really appreciate any advice...

Basically, I have a Raspberry Pi running on a dedicated VLAN I want to allow SSH access to.
The LAN network is 192.168.1.X/24, while the VLAN is 192.168.6.X, with the Pi at 192.168.6.100.

The NAT port forward rule looks like this:

   Interface   Proto   Address   Ports   Address   Ports    IP                   Ports   
        WAN           TCP           *           *   WAN net   46   192.168.6.100   22 (SSH)   

Firewall rules for VLAN 6 are:

Protocol                     Source   Port   Destination      Port   Gateway   Schedule   Description

IPv4+6 TCP/UDP.       VLAN net   *   VLAN address       53 (DNS)   *   *            allow DNS
IPv4+6 TCP/UDP   VLAN net   *   *                        *                   *   *            allow VLAN to WAN rule
IPv4     TCP           WAN net   *   192.168.6.100/24  22 (SSH)   *   *            allow remote SSH

Firewall rules for the WAN interface:

Protocol                     Source   Port   Destination      Port   Gateway   Schedule   Description

IPv4 TCP                          *   *   192.168.6.100    22 (SSH)        *                 *   

Thanks for reading.

Continued...

Client:

continued...

Following my previous problems, I am unable to get DNS resolution working over the tunnel. I'm trying to configure it with unbound dns.
I would really appreciate it if anyone could give any pointers.

Screenshots...

Server:

You're right. The wording on the details at the client side threw me. I've fixed this and it is now working perfectly after a reboot. Thanks very much for helping!

openvpn status:

Client-Specific-Override:

continued...

Without NAT, only the client OPNsense router can access the remote network/s. With the rule enabled, other network devices can also access the remote network/s.

OpenVPN Server config screenshots:

The output from the server was ridiculously long to screenshot, so I did it via netstat instead.

client:

Server side:

Network devices --> OPNsense --> FTTC modem --> Internet

Client side:

Network devices --> Opnsense --> FTTC modem --> Internet
                             |--Pi-Hole DNS

Screenshots: