Show Posts
1
24.1 Legacy Series / Re: Problematic Proxmox simple SDN LAN towards OPNSense
« on: August 12, 2024, 01:27:22 pm »
Not sure if this is the same, but your temp fix aligns with a behaviour I also experienced setting up a similar network being new to both OPNSense and Proxmox.
This is what I had done:
In Proxmox I had created a VNet within my Simple Zone, and within the VNet a Subnet to sit behind the OPNSense firewall.
eg.
Edit: Subnet -> General
Subnet: 10.0.0.0/24
Gateway: 10.0.0.1
SNAT: unchecked
DNS Zone Prefix: blank
No DHCP Ranges, I planned to let OPNSense take care of that.
In OPNSense, my LAN interface within the Simple SDN was statically set to: 10.0.0.1
When configured this way I experienced the same problem you describe and found that when I restarted the LAN interface on the OPNSense VM connectivity would return for the VM inside the subnet.
The thing I did to resolve it was edit the Subnet again in Proxmox and remove the Gateway.
Admittedly I haven't yet dug through the docs to confirm, but I suspect setting the Gateway to an IP on the subnet in proxmox creates a virtual router/dhcp server which was contesting the IP address.
I didn't think of it until after I'd resolved the problem but I should have used arp on the OPNSense VM and internal VM to confirm.
When the network is working after you restart the interface use both the OPNSense VM and internal VM to ping the LAN OPNSense IP (10.0.0.1 in my case), then do arp -a for both, they should display the same mac address for the IP.
Then when the network isn't working correctly, repeat test again and see if the internal VM now reports a different mac address for that LAN IP.
This is what I had done:
In Proxmox I had created a VNet within my Simple Zone, and within the VNet a Subnet to sit behind the OPNSense firewall.
eg.
Edit: Subnet -> General
Subnet: 10.0.0.0/24
Gateway: 10.0.0.1
SNAT: unchecked
DNS Zone Prefix: blank
No DHCP Ranges, I planned to let OPNSense take care of that.
In OPNSense, my LAN interface within the Simple SDN was statically set to: 10.0.0.1
When configured this way I experienced the same problem you describe and found that when I restarted the LAN interface on the OPNSense VM connectivity would return for the VM inside the subnet.
The thing I did to resolve it was edit the Subnet again in Proxmox and remove the Gateway.
Admittedly I haven't yet dug through the docs to confirm, but I suspect setting the Gateway to an IP on the subnet in proxmox creates a virtual router/dhcp server which was contesting the IP address.
I didn't think of it until after I'd resolved the problem but I should have used arp on the OPNSense VM and internal VM to confirm.
When the network is working after you restart the interface use both the OPNSense VM and internal VM to ping the LAN OPNSense IP (10.0.0.1 in my case), then do arp -a for both, they should display the same mac address for the IP.
Then when the network isn't working correctly, repeat test again and see if the internal VM now reports a different mac address for that LAN IP.