OPNsense VM can't reach WAN, LAN devices can't reach OPNsense

[ptthstr]

Hi everyone,

I've been struggling with my virtualized OPNsense setup (on Proxmox). I've had similar setups before and they worked well, but this time things are failing in a very strange way.

The setup is as follows:
- On the host, I have two Linux bridges: vmbr1 and vmbr2, bridging enp1s0f0 and enp1s0f1 respectively (physical Ethernet ports).
- Those bridges are paravirtualized as vtnet0 and and vtnet1 in the OPNsense VM (firewall unchecked).
- vtnet0 is set as WAN and vtnet1 is set as LAN.
- The WAN interface is set to get an IP through DHCP. The LAN interface has an IP of 10.26.1.1 and DHCP server is active (range: 10.26.1.100 to 10.26.1.199).

So far so good. The WAN interface does get an IP from the gateway. However, OPNsense cannot access the Internet or ping anything (e.g. 1.1.1.1). If I connect a computer, it gets an IP from the firewall (e.g. 10.26.1.106) but OPNsense is unreachable (web UI, or ping). I have tried disabling the firewall from the shell, but it doesn't change anything.

From this description, I was wondering if any of you would have an idea of what could be wrong?

Thanks for your help!

[meyergru]

A lot can go wrong with virtualized setups. In your case, the first thing that hits the eye is that vtnet0 is WAN and vtnet1 is LAN, just the other way one would expect it to be. There are default firewall rules for LAN which probably do not work any more because you seem to have them switched around.

For the WAN side of things, I suspect that this is controlled by another router which probably does not know anything about the 10.26.1.x network, so a back route might be missing.