VLANs almost working on test setup

Started by silmaril, January 02, 2026, 05:59:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 02, 2026, 05:59:05 PM
I am currently running PFsense on an APU2 in my home network and I'm thinking about migrating to OPNsense.
To find out how things work, I created a VM on Proxmox VE that simulates similar hardware and installed OPNsense 25.7.10.

So far it looks very promising. I think I was able to transfer all relevant settings to OPN.
There is one thing that seems to work incompletely and I don't understand what's going on.
It seems that one VLAN is working, but not the others.

I configured several VLANs on the firewall (tags 10, 20, 30, 111) and added each of them to a group that shows up under "Interfaces".
I am using Dnsmasq for DHCP, which is enabled for all those VLANs.
For each VLAN there is a DHCP range in a different IPv4 subnet defined.
All VLANs are configured as "Static IPv4" (with an IP that fits the DHCP subnet) and IPv6 is set to "Track Interface".

I have a Debian VM connected to the OPN LAN interface via a Linux-Bridge in Proxmox ("VLAN aware" is off).
This VM gets an IPv4 address via DHCP from the LAN interface without any problems. IPv6 is working, too. It gets an IPv6 that matches the prefix shown for the OPNsense LAN interface.
I added VLANs to the VM's network config for all tags (just for testing, I don't want to use it like this).
VLAN 10 behaves just like the LAN interface. It gets both IPv4 and IPv6 addresses that match the OPN addresses of this interface.
With the other VLAN tags, nothing seems to happen. They only show their link local IPv6.

I tried many things, eg. deleting all VLANs and adding only one of the non-working tags, but I couldn't find a way to make 20, 30 or 111 work.

Activating "VLAN aware" on the Proxmox bridge doesn't help. This only leads to none of the VLANs working any more, which makes sense for me, since the bridge should only transport everything between the virtual network ports and VLAN tags are handled by the systems on both ends.

Since one of the VLANs is working, I guess my setup is almost correct.
Can anyone give my a hint for settings I should double-check?
As far as I can see, all VLANs are configured identically, but it looks like there must be some difference I am missing.
I am also not entirely sure if the problem lies on the Proxmox or OPNsense side.

Any help you can give me would be very much appreciated!
January 02, 2026, 08:04:53 PM #1
VLANs should be configured on the VM host (Proxmox), not in the guest (OPNsense). The guest should have a dedicated interface for each VLAN.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Print
Go Up Pages1
User actions