Messages

1

23.1 Legacy Series / Re: OPNsense + KVM: Looking for VLAN best practices

« on: June 29, 2023, 11:04:05 am »

Hi!

Are there any downsides to this?

I just wonder why every guide takes the first approach.

2

23.1 Legacy Series / OPNsense + KVM: Looking for VLAN best practices

« on: June 29, 2023, 10:48:34 am »

Hi,

I would like to run a OPNsense Firewall as a virtual guest on a Linux KVM Hypervisor.
The Hypervisor is connected with 2x 10G Fiber to a Switch.

Now the question is how to best configure VLANs:

• My first idea was to have a network bridge for each VLAN on the Hypervisor and this seems to work fine. But adding each VLAN to the firewall with a own interface creates a lot of interfaces. Also it will require to reboot the firewall guest and I would like to avoid this.
  Example: Interface A+B (eth0/1) -> Team (team0) -> VLAN (team0.100) -> Bridge (br.team0.100) added to the VM for each VLAN
  
  
• ChatGPT suggested to create a single bridge on the hypervisor and connect this bridge (without any VLANs)
  Example: Interface A+B (eth0/1) -> Team (team0) -> Bridge (br.team0) added to the VM, VLANs configured in OPNsense

I couldn't find many guides about the second approach, but it sounds better, because a new VLAN would not require a guest reboot and it doesn't create lots of interfaces on the hypervisor. So I wonder if there is any best practices for this?

Thanks.