Virtual OPNsense under Proxmox

Started by spetrillo, December 26, 2024, 11:04:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 26, 2024, 11:04:31 PM
I have a Lenovo M720q Tiny, with a 4 port ethernet card in the PCIe slot. All 4 ports of the adapter card are dedicated to OPNsense, and the first 3 ports are configured as Linux Bridges within Proxmox. Port 1/VMBR1 of the adapter card is vlan 1, for mgmt of the OPNsense VM. I have connected an ethernet cable from port 1 of the adapter card to my laptop, via a USB 3 ethernet adapter. I have configured the USB adapter to have VLAN support enabled and I set the vlan id to 1. When I try to ping the IP of the OPNsense VM I get no response.

Am I doing something wrong here? I want to be able to configure the new VM via the GUI.
December 27, 2024, 12:12:10 AM #1
So Proxmox.vmbr1 maps to OPN.vtnetX, you created VLAN 1 parented to vtnetX and assigned MGMT to vlan0.1?
Have you enabled DHCP on MGMT? Or did you use an appropriate static IP on your laptop USB NIC?
If the former, did DHCP succeed?

Note that ping (ICMP) is not allowed by default on new interfaces... Have you tried to access the GUI?

Do you intend to use vtnetX for other purposes than management? Otherwise, you could have skipped the VLAN aspect...
Also, you might want to pick something else than 1. It has a tendency to be special...
December 27, 2024, 06:47:10 PM #2
Correct. I have assigned a static IP to the Proxmox mgmt IP, which is vmbr0.1. I have configured vmbr0 to be vlan aware, for vlan 1 only.

I am wondering that my problem might be the fact I have a vmbr on top of the physical NIC. I am connecting directly to the physical NIC, but my laptop NIC does not understand vmbr. If I configure vmbr on a NIC, does that mean I need to connect it to a switch port, and then connect my laptop to another switch port, configured for vlan 1 also?
December 27, 2024, 08:00:36 PM #3
Hmm, it looks like my only correct assumption is that you're using a static IP for the proxmox host, which was a given.

And now you mention vmbr0.1 (the OP indicated vmbr1)...
That implies the existence of a VLAN on the proxmox side (not OPN).

You might as well take screenshots of the proxmox host network configuration, the OPNSense VM network configuration (as displayed in Proxmox), and maybe the interface assignments in OPN. IP configuration on the management PC.

I don't believe a switch is required as long as everything is configured appropriately (again, the VLAN ID of 1 might not have been the best choice).
But for your management PC to communicate with proxmox or OPN, it needs IP in the same subnet as the target...
You indicated nothing about that...
December 27, 2024, 10:01:26 PM #4
Here you go.

The OPNsense NICs are associated with ENP1S0F0-ENP1S0F3.
December 28, 2024, 12:50:58 AM #5 Last Edit: December 29, 2024, 03:59:25 AM by EricPerl
Hmm, I'm not familiar at all with creation of VLANs on the Proxmox side but I ran some tests on my spare instance.
I'm now under the impression that when you create a VLAN there and assign it to the VM, the VM is unaware of the VLAN.
I suspect the tag is added by Proxmox when the frame enters the bridge (not unlike what would happen on a physical switch access port).
I was able to get this to work by assigning LAN to vtnet1 directly (not vtnet1_vlan101). A Windows box configured to use the corresponding VLAN ID connected. In your case, I'd test this first on any vtnetN where N is NOT 0.

Personally, I configure VLANs entirely on the OPN side, passing the entire bridge to the VM (which does not even have to be VLAN aware as long as you don't have other VMs that need to be hooked up to a specific VLAN).
It seems quite more straightforward, and close to what would happen on bare metal (or PCIe passthrough) ...
Print
Go Up Pages1
User actions