Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense on VMware
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense on VMware (Read 2121 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
OPNsense on VMware
«
on:
April 30, 2023, 06:29:20 pm »
Hello all,
I am trying to virtualize my home OPNsense server on VMware ESXi 8. I have been able to spin up the vm, but when I begin to enable my vlans over their interfaces my OPNsense hangs up and goes dead. I then reboot it and lose all communication with it. I can no longer login to it via GUI and IP of LAN interface does not ping any longer.
Are there any gotchas in what I am trying to do? My hardware based OPNsense is all vlan, and I need this setup with my WiFi especially(multiple SSIDs). Is there a good forum or document that describes the process of implementing a solid virtualized firewall with vlans? I am able to deploy it using standard LAN and WAN interfaces but not with VLANs.
Thanks,
Steve
Logged
Patrick M. Hausen
Hero Member
Posts: 6837
Karma: 574
Re: OPNsense on VMware
«
Reply #1 on:
April 30, 2023, 07:07:31 pm »
I recommend doing all vSwitch and VLAN management in ESXi and passing a sufficient number of virtual interfacesto OPNsense. Or, if you have free ports available, consider PCIe pass through.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: OPNsense on VMware
«
Reply #2 on:
April 30, 2023, 07:22:36 pm »
I have 3 physical NICs I have allocated to this virtual firewall, not including the outside Internet interface. I use 6 vlans on my hardware firewall and wish to do the same on the virtualized firewall.
Are you advocating for 6 virtual interfaces presented to OPNsense, one for each vlan? As mentioned I have WiFi SSIDs as separate vlans, so I would assume present one interface to OPNsense, and configure the 3 vlans over that interface, but from the ESXi perspective I would have to configure the port group as vlan 0 correct?
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: OPNsense on VMware
«
Reply #3 on:
April 30, 2023, 07:35:37 pm »
One additional thing...
I can pass through all 3 physical interfaces.
Logged
Patrick M. Hausen
Hero Member
Posts: 6837
Karma: 574
Re: OPNsense on VMware
«
Reply #4 on:
April 30, 2023, 08:55:52 pm »
Then use pass through. Most stable way to operate, no spontaneous reordering of interfaces, to name one problem that occasionally occurs. I'd go with 2. One for WAN and one for all the VLANs. If you have an LACP capable switch, you could run two bundled interfaces for the VLANs. That's exactly my setup.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: OPNsense on VMware
«
Reply #5 on:
April 30, 2023, 09:06:31 pm »
I do have a LACP enabled switch but LACP is not supported on a standard vSwitch. Its only supported on a distributed vSwitch, so how did you do this?
Logged
Patrick M. Hausen
Hero Member
Posts: 6837
Karma: 574
Re: OPNsense on VMware
«
Reply #6 on:
April 30, 2023, 09:20:02 pm »
If you use PCIe pass through OPNsense is connected directly to your switch. There is no vswitch involved.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: OPNsense on VMware
«
Reply #7 on:
April 30, 2023, 09:28:20 pm »
Ahhhh....got it!
So last question for you. This is about my Internet connection. On my hardware firewall I connected the ISP ethernet cable directly to a NIC in the firewall, since this is DHCP. I have never been able to get the Internet to work with a switch in between. How do you do it and do you passthrough that interface also?
Logged
Patrick M. Hausen
Hero Member
Posts: 6837
Karma: 574
Re: OPNsense on VMware
«
Reply #8 on:
April 30, 2023, 09:34:09 pm »
With your three interfaces I already suggested pass through. So you could plug right in without the switch.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: OPNsense on VMware
«
Reply #9 on:
May 01, 2023, 03:01:57 am »
Making good progress...but new question.
I have hardware firewall operating while I am building my virtualized firewall. I have enabled my first vlan on the virtualized firewall, and it's static IP is one up from the original vlan on the hardware firewall. I cannot ping the new static IP on the virtualized firewall from my PC.
Did you have to build a new firewall while keeping the original one operational?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense on VMware