OPNsense + PROXMOX + VLANs (again)

[elreyquerabio]

Hello everyone.
I've spent quite some time searching on this forum and other sources ways to properly structure the equipment and systems I'll explain below, but I haven't been able to get it working. I'm convinced that some minor detail is missing, but it's preventing it from functioning correctly. This situation is frustrating.
That's why I'm asking for your help because I don't know what else to try.
We have a laptop with a single NIC, running Proxmox, with OPNsense as main router, in addition to other systems (Home Assistant, OpenMediaVault, and others on standby). The IoT devices at home have grown (now I got 23) and there are two Chinese IP cameras, so I wanted to isolate them from the rest of the network. I wanted to add a guest network too.
At this moment, the system is working like the first picture.
I obviously don't understand how it works (which is embarrassing), because if I set port 1 of the switch to UNTAGGED (as I believe it should be), there's no internet access.
The only thing I can think of is that the tags are being lost through Proxmox, and everything is truly untagged. The connection to the ISP works because it's via PPPoE. Is that correct?
What I'm trying to achieve is something like the second.
But it doesn't work.

HELP!!!!!

[viragomann]

What? Is the pppoe on vtnet0 or vtnet1?

Can you post the Proxmox network and the switch configuration?

[elreyquerabio]

Thanks a lot for the replay.

I've added two pictures with the switch config and here the PROXMOX network config.

pppoe1 is on vnet0 in the config witch is working now.
On the new version (the one that doesn't work) I create one new vnet for every VLAN:
LAN: vnet0
WAN: vnet1
Guests: vnet2
IoT: vnet3
The name vnet0.24 is assigned by the system. When you try to create a new VLAN, a message says that the name has to begin with vlan0

[spetrillo]

I am running into the same problem as you, but I just read an article where it talks about creating a Linux bridge, assigning an IP, and that becomes the LAN side. My problem with that is that my network has a few vlans, so how do I get those in the OPNsense config also?

[elreyquerabio]

It seems there's not much activity here.
I've also read and watched quite a few articles on the subject, but nothing that I know how to make work in my case.

[viragomann]

It seems there's not much activity here.

Sadly you didn't provide the requested information. So it's hard to help.

[viragomann]

I am running into the same problem as you, but I just read an article where it talks about creating a Linux bridge, assigning an IP, and that becomes the LAN side. My problem with that is that my network has a few vlans, so how do I get those in the OPNsense config also?

If you run OPNsense virtualized you can do the whole VLAN termination on the hypervisor, Proxmox in your case. So you don't need to create any VLAN inside OPNsense, just add a virtual interface to it for each.
Or you do the VLAN termination inside OPNsense. Both is possible.

In both cases you need to enable VLAN awareness on the Proxmox bridges.

[spetrillo]

I would prefer to use OPNsense for VLAN termination, so Proxmox is just another server in the server VLAN.

Right now I have these VLANs:

A) VLAN 2: this is my WAN interface and any network devices for mgmt purposes.
B) VLAN 3: this is my server VLAN.
C) VLAN 10: this is my wireless VLAN.
D) VLAN 12: this is my guest wireless VLAN.
E) VLAN 20: this is my streaming VLAN.

Ideally I want setup VLANs on OPNsense, as part of the VM install. I can pass to the OPNsense VLAN a Linux bridge that is VLAN aware and then carve up the needed VLAN interfaces within OPNsense. Does all of this make sense? I am going to build my Proxmox config and OPNsense VM config and will detail them here.

Thanks,
Steve

[elreyquerabio]

It seems there's not much activity here.

Sadly you didn't provide the requested information. So it's hard to help.

It seems there's not much activity here.

Sadly you didn't provide the requested information. So it's hard to help.

I provided all the info days ago.

[elreyquerabio]

I would prefer to use OPNsense for VLAN termination, so Proxmox is just another server in the server VLAN.

Right now I have these VLANs:

A) VLAN 2: this is my WAN interface and any network devices for mgmt purposes.
B) VLAN 3: this is my server VLAN.
C) VLAN 10: this is my wireless VLAN.
D) VLAN 12: this is my guest wireless VLAN.
E) VLAN 20: this is my streaming VLAN.

Ideally I want setup VLANs on OPNsense, as part of the VM install. I can pass to the OPNsense VLAN a Linux bridge that is VLAN aware and then carve up the needed VLAN interfaces within OPNsense. Does all of this make sense? I am going to build my Proxmox config and OPNsense VM config and will detail them here.

Thanks,
Steve

I'll appreciate that info because I can't reach any suitable exit to what I need.
Thanks in advance.

[elreyquerabio]

I am running into the same problem as you, but I just read an article where it talks about creating a Linux bridge, assigning an IP, and that becomes the LAN side. My problem with that is that my network has a few vlans, so how do I get those in the OPNsense config also?

If you run OPNsense virtualized you can do the whole VLAN termination on the hypervisor, Proxmox in your case. So you don't need to create any VLAN inside OPNsense, just add a virtual interface to it for each.
Or you do the VLAN termination inside OPNsense. Both is possible.

In both cases you need to enable VLAN awareness on the Proxmox bridges.

I see! So, it would be enough to assign the corresponding VLANs to the interfaces created on the host and forget about that in the OPNsense section. Makes sense! I'll definitely test it tomorrow!
Thanks.