VLan bridge to lan Network via unifi wifi Ap and Unifi switch

[opnessense]

Hi All

I have Opnsense virtualised in Proxmox on a mini pc intel celeron

In Proxmox i have

a wan management interface for proxmox
a Lan port (linux bridge) not vlanaware that managed all my VM
a Vlan port (linux bridge) vlanaware where i created all my sub vlans
a unifi switch 8poe lite
a unifi Ap where i stream part of my vlan

I managed to get all working

My concern is to access the Lan port 1  from a vlan (port 2) via the Unifi Ap as a standard wifi connection so i can manage proxmox and Opnsense.Those 2 are in two different fisical port

In Opnsense I have tried lan bridge but for some reason it seem to dont work and everything crash
i set the 2 tunables in opnsense as per manual but when i restarted the system proxmox crashed, because it cannot see the lan interface anymore as there is a new interface created which is the bridge

Any help

Thanks
 

[dseven]

Is the VLAN on port 2 supposed to be the same LAN segment / subnet as your proxmox management interface? If so, the switch should handle it. If not, traffic between the two would have to be routed through the firewall. There's no reason to create a bridge on the firewall for this.

[opnessense]

no is not in the same subnet

In proxmox i have lan on a linux bridge enp3s0 with ip 192.168.2.1/24
                the interface i used to manage vlan on port enp4s0  is on a different subnet 192.168.3.1/24 there i create all the vlans interfaces

so your sugestion is to create in proxmox a vlan on the linux bridge enp3s0 (LAN port)instead on enp4s0  (VLAN port)?

[dseven]

Your network design is not clear to me...

Is OPNsense handling your routing (and DHCP etc), or is there another router in the mix here?

I'm not sure what "a wan management interface for proxmox" means? Is enp2s0 actually connected to your internet service?

What are all those VLAN devices on proxmox for?

Do your LAN hosts and your VLAN hosts currently have functional internet access?

[opnessense]

Hi DSEVEN

Opnsense is virtualised in proxmox
Opnsense manage all my vlan,routingand  dhcp
The wan management interface is an interface to manage proxmox and its used as a port wan for opnsense.
My lan and ther vlan have access to internet .It all working fine

My question was.From a vlan which is on the interface 2 can i ping the lan interface 1.
there is a way to create a vlan  that can access the lan intercace


 

[dseven]

If OPNsense already has interfaces on the LAN and the VLAN (presumably it must, if they have internet access?), it should route the traffic for you, provided your firewall rules allow it. If you have the typical "allow ... to any" type rule, that should be sufficient, assuming you don't have other rules explicitly blocking it.

The other important thing is that the proxmox interface that you've using for management (vmbr1?) must have its Gateway configured to point to OPNsense's LAN IP address (192.168.2.something ?)

[opnessense]

hi

i explain my configuration
i have my main router that act as gateway and give me internet access (Bridge mode) 192.168.1.1

From my main router i have a cable from a lan port to my mini pc (wan port) which has proxmox and opnsense virtualised (which is vmbr0)


in proxmox i have configured
vmbr0 (management interface for proxmox and wan interface for opnsense) address 192.168.1.250/24 gateway 192.168.1.1

vmbr1 for my lan interface port 2 of my mini pc

vmbr2 vlan bridge port 3 which has all the vlan connected

proxmox Dns to point to my opnsense lan interface  192.168.11.1

Opnsense has internet access on the lan port and vlan port with  all the vlans accessing the internet.

i setup the firewall rules to accept internet access on port 53 to all the interface so i have internet access.All working fine

In opnesense i setup
An address for the wan which is 192.168.1.240/32 (same subnet of vmbr0)
lan address 192.168.11.1/24
vlan address 192.168.12.1/24



In proxmox if i change the gateway to be the opnsense lan(192.168.11.1) i dont have internet access

[dseven]

That's why I asked earlier if there's another router in the mix!

Probably at least part of the problem is that your WAN interface on OPNsense should be /24, not /32. Assuming you're doing outbound NAT, fixing that might be enough to make your proxmox management interface reachable.