VMWare VPN Configuration

[demazter]

Hello,
I have a VMWare cluster and am using VLAN for segregation between different collections of VM's.

Each collection of VM's has a distributed port group and a VLAN is assigned to this port group.
When attaching VM's to this port group I can ping between VM's without any problems.

When I add OpnSense with a LAN interface on this port group the VM's are not able to communicate with it.  There is separate port groups for the WAN interface on OpnSense to provide internet access.

If I remove the VLAN tag from the LAN port group communication between client VM's and OpnSense is restored.

How do I get the VLAN configuration to work to allow me to segregate the LAN VM groups.

Each LAN group has it's own OpnSense.

I have tried adding a VLAN interface to the appropriate NIC but this does not help.

There are no logs in the OpnSense indicating the client devices are even getting to the OpnSense interface.

[MakaHomes]

it seems like there might be an issue with how the VLAN interfaces are configured on OpnSense. Here are a few steps you can try:

Verify VLAN Configuration on OpnSense: Ensure that the VLAN interface on OpnSense is correctly configured. Double-check the settings. Make sure the VLAN tag matches the one assigned to the port group.

Check NIC Settings: Ensure that the NIC on OpnSense is set to accept tagged VLAN traffic. You might need to enable VLAN trunking on the NIC if it's not already enabled.

Review Firewall Rules: Check the firewall rules on OpnSense to ensure that traffic between the VLANs and the OpnSense LAN interface is allowed.

Logs and Diagnostics: Enable logging on OpnSense to capture any traffic that might be hitting the interface. This can help identify if packets are reaching the interface but are being dropped or filtered.

Test with a Simple Setup: Try setting up a simple test environment with one VM and OpnSense to see if the VLAN configuration works in a controlled setting. This can help isolate the issue.

Good luck, and I hope this helps!