"
Hi!
Are there any downsides to this?
I just wonder why every guide takes the first approach.
Are there any downsides to this?
I just wonder why every guide takes the first approach.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
23.1 Legacy Series / Re: OPNsense + KVM: Looking for VLAN best practices
June 29, 2023, 11:04:05 AM #2
23.1 Legacy Series / OPNsense + KVM: Looking for VLAN best practices
June 29, 2023, 10:48:34 AM
Hi,
I would like to run a OPNsense Firewall as a virtual guest on a Linux KVM Hypervisor.
The Hypervisor is connected with 2x 10G Fiber to a Switch.
Now the question is how to best configure VLANs:
I couldn't find many guides about the second approach, but it sounds better, because a new VLAN would not require a guest reboot and it doesn't create lots of interfaces on the hypervisor. So I wonder if there is any best practices for this?
Thanks.
I would like to run a OPNsense Firewall as a virtual guest on a Linux KVM Hypervisor.
The Hypervisor is connected with 2x 10G Fiber to a Switch.
Now the question is how to best configure VLANs:
- My first idea was to have a network bridge for each VLAN on the Hypervisor and this seems to work fine. But adding each VLAN to the firewall with a own interface creates a lot of interfaces. Also it will require to reboot the firewall guest and I would like to avoid this.
Example: Interface A+B (eth0/1) -> Team (team0) -> VLAN (team0.100) -> Bridge (br.team0.100) added to the VM for each VLAN - ChatGPT suggested to create a single bridge on the hypervisor and connect this bridge (without any VLANs)
Example: Interface A+B (eth0/1) -> Team (team0) -> Bridge (br.team0) added to the VM, VLANs configured in OPNsense
I couldn't find many guides about the second approach, but it sounds better, because a new VLAN would not require a guest reboot and it doesn't create lots of interfaces on the hypervisor. So I wonder if there is any best practices for this?
Thanks.
Pages1
