Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
OPNsense + KVM: Looking for VLAN best practices
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense + KVM: Looking for VLAN best practices (Read 948 times)
quin
Newbie
Posts: 2
Karma: 0
OPNsense + KVM: Looking for VLAN best practices
«
on:
June 29, 2023, 10:48:34 am »
Hi,
I would like to run a OPNsense Firewall as a virtual guest on a Linux KVM Hypervisor.
The Hypervisor is connected with 2x 10G Fiber to a Switch.
Now the question is how to best configure VLANs:
My first idea was to have a network bridge for each VLAN on the Hypervisor and this seems to work fine. But adding each VLAN to the firewall with a own interface creates a lot of interfaces. Also it will require to reboot the firewall guest and I would like to avoid this.
Example: Interface A+B (eth0/1) -> Team (team0) -> VLAN (team0.100) -> Bridge (br.team0.100) added to the VM for each VLAN
ChatGPT suggested to create a single bridge on the hypervisor and connect this bridge (without any VLANs)
Example: Interface A+B (eth0/1) -> Team (team0) -> Bridge (br.team0) added to the VM, VLANs configured in OPNsense
I couldn't find many guides about the second approach, but it sounds better, because a new VLAN would not require a guest reboot and it doesn't create lots of interfaces on the hypervisor. So I wonder if there is any best practices for this?
Thanks.
«
Last Edit: June 29, 2023, 10:50:25 am by quin
»
Logged
sorano
Full Member
Posts: 153
Karma: 21
Re: OPNsense + KVM: Looking for VLAN best practices
«
Reply #1 on:
June 29, 2023, 10:57:49 am »
I use the latter approach (in ESXi) for the reason you mention, no need to restart when adding new vlan interfaces, another reason is that hypervisors can have an upper limit on the amount of interfaces per vm.
Logged
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover
--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
quin
Newbie
Posts: 2
Karma: 0
Re: OPNsense + KVM: Looking for VLAN best practices
«
Reply #2 on:
June 29, 2023, 11:04:05 am »
Hi!
Are there any downsides to this?
I just wonder why every guide takes the first approach.
Logged
Patrick M. Hausen
Hero Member
Posts: 6841
Karma: 574
Re: OPNsense + KVM: Looking for VLAN best practices
«
Reply #3 on:
June 29, 2023, 11:04:45 am »
I'd recommend PCIe passthrough if you have enough interfaces.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
OPNsense + KVM: Looking for VLAN best practices