Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
OPNsense on VMware ESXi
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense on VMware ESXi (Read 7050 times)
quinc
Newbie
Posts: 4
Karma: 0
OPNsense on VMware ESXi
«
on:
June 16, 2021, 05:40:41 pm »
Hi there folks,
Hoping someone will be able to help me with some networking configuration on ESXi.
We have one physical server, running VMware ESXi 6.7 or 6.5 (can't remember which).
This server hosts the virtualised OPNsense firewall we are using, as well as around 5 or 6 VMs.
These VMs are connected to the VMNetwork default network on VSwitch0, as is the LAN interface on the OPNsense firewall. The physical uplink on vswitch0 is to a physical switch on vmnic0. WAN connection from modem is to vmnic1, with a dedicated vswitch and port group, assigned to WAN interface on OPNsense.
Where I'm running into problems, is there is now a need to add a further VM, that is in a separate VLAN from the other VMs.
What I have done so far;
Created new VLAN, using the LAN interface as parent interface. Specified VLAN tag (20), and specified subnet and DHCP information. I then added a portgroup to the default vswitch, specified VLAN tag 20, and assigned as interface to new VM. However when I boot the VM - it is not receiving any DHCP information, and cannot reach the firewall using the VLAN gateway IP.
If I understand what is happening, the VLAN tags are not being passed by the physical switch.
If I understand this correctly, I could configure a new vswitch with no uplink external to the VMware instance and add the OPNsense VM and the new VM to portgroups on this switch. Going forward, would I need to create a new interface on the firewall for any future VLANs, or could I configure a VLAN trunk to the vSwitch (it has no "uplink" as such)?
Logged
opn_nwo
Jr. Member
Posts: 70
Karma: 0
Re: OPNsense on VMware ESXi
«
Reply #1 on:
June 16, 2021, 05:54:33 pm »
Create a new vswitch and tag the uplink. Do not tag it in OPNsense, let ESXi do the tagging and add the new vswitch port as regular interface to OPNsense.
Logged
quinc
Newbie
Posts: 4
Karma: 0
Re: OPNsense on VMware ESXi
«
Reply #2 on:
June 16, 2021, 06:22:27 pm »
How do I tag the uplink when the new vSwitch will have no connectivity outside of VMware? Ie it will have no uplink as far as vmware is concerned. Or do you mean tag the port group that corresponds to the interface on the OPNsense VM?
Logged
opn_nwo
Jr. Member
Posts: 70
Karma: 0
Re: OPNsense on VMware ESXi
«
Reply #3 on:
June 16, 2021, 07:08:38 pm »
If you don't need connectivity outside ESXi then don't bother with VLANs. Just create a vswitch and add it to the OPNsense VM then assign and configure it like you would with a new interface. That's all.
«
Last Edit: June 16, 2021, 07:25:28 pm by opn_nwo
»
Logged
quinc
Newbie
Posts: 4
Karma: 0
Re: OPNsense on VMware ESXi
«
Reply #4 on:
June 16, 2021, 07:32:56 pm »
Thanks - thats what I was thinking - just was wondering if there is a way I could do it with a VLAN trunk to the OPNsense VM, so that I can use multiple VLANs across the switch. Sounds like an external physical switch would be required to do that, with a physical NIC acting as a trunk uplink on the vSwitch. Is that correct?
Either way for now I will just spin up a vswitch/port groups and add a new interface to the firewall.
Logged
opn_nwo
Jr. Member
Posts: 70
Karma: 0
Re: OPNsense on VMware ESXi
«
Reply #5 on:
June 16, 2021, 08:07:16 pm »
You can setup VLANs within VMs if you really want to. Look for "Virtual Guest VLAN tagging (VGT)" in the ESXi documentation. It uses a special VLAN (4095) to do some clever tricks. You can read more about it, but IMO it would be an unnecessary complication in your specific scenario, especially if you are not well versed with managing VLANs in a virtual environment.
Logged
sorano
Full Member
Posts: 153
Karma: 21
Re: OPNsense on VMware ESXi
«
Reply #6 on:
June 17, 2021, 12:42:01 am »
Just wanted to chime in that I use a vmnic from a trunked dswitch and tag my vlans inside the virtual OPNsense.
It works great, feels very smooth to be able to add new vlans to the VM without having to do anything in vCenter.
Logged
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover
--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
OPNsense on VMware ESXi