Two WAN interfaces being passed off to separate VM aggregation/firewall issues

Started by mrkaffeine92, March 29, 2025, 05:16:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 29, 2025, 05:16:54 PM
Need help with a complex project. I am able to use OpnSense firewall but as a single WAN interface and hand it off downstream to a router. However, when this is the case, I run into issues with routes and gateways since I can't see specifics.

Instead, I've been trying to figure out how I can have the OpnSense firewall merely do its job on two WAN interfaces being bridged (via Proxmox on same machine) to my OpenWRT router.

I read the manual and saw there was some information about MultiWAN, but I do not want OpnSense to do any failover/load-balancing. Just follow my firewall rules and and move WAN# 1-2 down to OpenWRT. Have not been able to get it to play nicely - either I will lose connectivity to OpenWRT or one of the interfaces will be lost.

Machine running Proxmox has 3 NIC's (two for WAN, one for LAN).
March 29, 2025, 06:24:13 PM #1
Your description is a bit confusing. Could you provide a diagram of what you are trying to achieve?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 29, 2025, 08:42:26 PM #2


** In addition to that, I am not sure how I would route it through OpnSense.

Is that more clear? :-)
March 29, 2025, 08:48:05 PM #3
 No :-)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 29, 2025, 08:49:15 PM #4
https://imgur.com/a/2BKqgJm

here is the link, can you see it?
March 29, 2025, 08:59:26 PM #5
Please attach here in the forum. I block imgur and friends.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 29, 2025, 09:04:51 PM #6
Was looking for an upload icon but you just drag underneath the body!
March 29, 2025, 09:08:12 PM #7
I still don't get it. What are these boxes on top? Routers? Connecting to two different ISPs?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 29, 2025, 09:20:30 PM #8
Yes, each box is physically a router (LAN: 192.168.10.x) connected to a unique public IP (its WAN) (one can be a mobile tether/hotspot etc.)
March 29, 2025, 10:06:31 PM #9
OK, not being a Proxmox expert but using proxmox a bit, you probably need a vmbrX on each of the physical interfaces, then create a virtual NIC for OPNsense on each. Unless of course OPNsense is the only VM using a particular port in which case you can also try PCIe pass through.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 29, 2025, 10:40:18 PM #10
This is what I was thinking in Proxmox:
OpnSense config (GUI @ 192.168.1.1):
--WAN--
vmbr1 (bridged to WAN# 1 physical NIC, IP: 192.168.10.2).
vmbr2 (bridged to WAN# 2 physical NIC, IP: 192.168.11.2)
--LAN--
vmbro 10 (virtual interface #1 for OpnSense LAN -> OpenWrt WAN1
vmbro 20 (virtual interface #2 for OpnSense LAN -> OpenWrt WAN2

OpenWrt config (GUI: 192.168.40.1):
WAN1: vmbr10 (static IP, 192.168.10.2)
WAN2: vmbr20 (static IP, 192.168.11.2)
--LAN--
vmbr0 (bridged with physical NIC connected to downstream dhcp router @ 192.168.100.1)

Print
Go Up Pages1
User actions