F5F Stay Refreshed Power Users Networks VLAN Proxmox or OPNSense might not be suitable depending on your setup.

VLAN Proxmox or OPNSense might not be suitable depending on your setup.

VLAN Proxmox or OPNSense might not be suitable depending on your setup.

Pages (2): 1 2 Next
N
Nashiko57
Senior Member
Find
485
07-14-2016, 06:40 AM
#1
Hi guys, I´m struggeling with my vlan configuration recently and can not find the issue... On my POV there should be a connection between proxmox and opnsense, but I got you some screenshots. So this is my vlan33. On the parent is nothing else. It´s assigned to a port of my choice. IP is static. DHCP is enabled. And no, the adress is not a mistake, because I have a virtual CARP IP behind it. So in my Proxmox I have this configuration: Proxmox is setup in a cluster. I´m just working on one node atm to set it up right. The MGMT Network i´ll move as soon as I´m finding out how VLAN´s work I created a vmb out from the slave enp3s0 and I created a vlan for vlan 33. The firewall and the node are connected directly to the assigned ports. And I created a container with ubuntu which should get an DHCP address from the dmz net. And nothing happens... I don´t understand why it is not working. Can somebody help me out understanding what I´m doing wrong? Thx a lot.
Reply
Reply
N
Nashiko57
07-14-2016, 06:40 AM #1

Hi guys, I´m struggeling with my vlan configuration recently and can not find the issue... On my POV there should be a connection between proxmox and opnsense, but I got you some screenshots. So this is my vlan33. On the parent is nothing else. It´s assigned to a port of my choice. IP is static. DHCP is enabled. And no, the adress is not a mistake, because I have a virtual CARP IP behind it. So in my Proxmox I have this configuration: Proxmox is setup in a cluster. I´m just working on one node atm to set it up right. The MGMT Network i´ll move as soon as I´m finding out how VLAN´s work I created a vmb out from the slave enp3s0 and I created a vlan for vlan 33. The firewall and the node are connected directly to the assigned ports. And I created a container with ubuntu which should get an DHCP address from the dmz net. And nothing happens... I don´t understand why it is not working. Can somebody help me out understanding what I´m doing wrong? Thx a lot.

Reply
Reply
D
Dralock
Member
Find
81
07-17-2016, 05:58 PM
#2
Reply
Reply
D
Dralock
07-17-2016, 05:58 PM #2

Reply
Reply
A
applez13
Member
Find
138
07-24-2016, 01:52 PM
#3
I didn't succeed with my configuration, so I connected enp3s0 to the network "trunk" VMBR. Set up VLAN33 as a trunk and created a DMZ bridge using VLAN33 as the slave. I also tried connecting enp3s0 directly to VLAN33 as a bridge. Still no results. I attempted the setup with both aware and unaware VLANs, but had to restart multiple times. It seems my machines might not be recognizing the unaware VLAN settings. Could you confirm if your devices are aware of this configuration?
Reply
Reply
A
applez13
07-24-2016, 01:52 PM #3

I didn't succeed with my configuration, so I connected enp3s0 to the network "trunk" VMBR. Set up VLAN33 as a trunk and created a DMZ bridge using VLAN33 as the slave. I also tried connecting enp3s0 directly to VLAN33 as a bridge. Still no results. I attempted the setup with both aware and unaware VLANs, but had to restart multiple times. It seems my machines might not be recognizing the unaware VLAN settings. Could you confirm if your devices are aware of this configuration?

Reply
Reply
D
diogo218dvdv
Senior Member
Find
514
07-29-2016, 10:47 AM
#4
In reality, the configuration is a mix. Here’s how my setup looks in pfSense. I don’t modify trunk_br settings from proxmox, so if I need a VM to reach all networks, I’d assign the trunk_br interface to them and configure VLAN on the VM’s NIC page or directly in the VM. It seems the VLAN Aware option should be checked on any interfaces handling tagged VLAN traffic.
Reply
Reply
D
diogo218dvdv
07-29-2016, 10:47 AM #4

In reality, the configuration is a mix. Here’s how my setup looks in pfSense. I don’t modify trunk_br settings from proxmox, so if I need a VM to reach all networks, I’d assign the trunk_br interface to them and configure VLAN on the VM’s NIC page or directly in the VM. It seems the VLAN Aware option should be checked on any interfaces handling tagged VLAN traffic.

Reply
Reply
K
kerem_
Member
Find
204
07-31-2016, 08:20 AM
#5
You're checking if your configuration correctly allows DHCP traffic through a specific VLAN (33). The issue might lie with the firewall settings or misconfigurations, not just the VLAN itself. Make sure the firewall rules permit DHCP packets on that VLAN. If you're still stuck, double-check the bridge and VM settings.
Reply
Reply
K
kerem_
07-31-2016, 08:20 AM #5

You're checking if your configuration correctly allows DHCP traffic through a specific VLAN (33). The issue might lie with the firewall settings or misconfigurations, not just the VLAN itself. Make sure the firewall rules permit DHCP packets on that VLAN. If you're still stuck, double-check the bridge and VM settings.

Reply
Reply
O
Olliesimpo
Member
Find
65
08-05-2016, 01:36 PM
#6
Are you required to give each interface an IP address? All the information you've received so far shows addresses are already assigned. Is this necessary?
Reply
Reply
O
Olliesimpo
08-05-2016, 01:36 PM #6

Are you required to give each interface an IP address? All the information you've received so far shows addresses are already assigned. Is this necessary?

Reply
Reply
J
Juan2610
Posting Freak
Find
875
08-05-2016, 06:24 PM
#7
I've configured my setup like this: enable auto vmbr0, set vmbr0 as a manual bridge with inet, and activate ens6f0np0 bridge-stp off. Bridge is VLAN-aware with bridge-vids enabled. I'm using bridge-vids 2-4094 and assigning vlan70 to 192.168.15.79/26. The gateway is 192.168.15.65, and I've added a static IP for the management device on vmbr0. During post-up, I applied iptables-restore with the rules file. For each VM in different VLANs, I tag the corresponding VLAN on the network device—just assign an IP if you need access, otherwise rely on bridge-vids to handle it. In your original setup, you mentioned DHCP for eth0; that would give the interface an IP automatically. If you want to avoid that and just pass through, leave it without IP assignment. The only exception is VLAN 70, which got an IP because I needed to reach Proxmox management there. Everything else is tagged and routed through the bridge.
Reply
Reply
J
Juan2610
08-05-2016, 06:24 PM #7

I've configured my setup like this: enable auto vmbr0, set vmbr0 as a manual bridge with inet, and activate ens6f0np0 bridge-stp off. Bridge is VLAN-aware with bridge-vids enabled. I'm using bridge-vids 2-4094 and assigning vlan70 to 192.168.15.79/26. The gateway is 192.168.15.65, and I've added a static IP for the management device on vmbr0. During post-up, I applied iptables-restore with the rules file. For each VM in different VLANs, I tag the corresponding VLAN on the network device—just assign an IP if you need access, otherwise rely on bridge-vids to handle it. In your original setup, you mentioned DHCP for eth0; that would give the interface an IP automatically. If you want to avoid that and just pass through, leave it without IP assignment. The only exception is VLAN 70, which got an IP because I needed to reach Proxmox management there. Everything else is tagged and routed through the bridge.

Reply
Reply
H
HubixCube
Member
Find
166
08-05-2016, 08:35 PM
#8
I tried all possible methods in Proxmox to reach my goal, but nothing worked. It seems like the issue lies with OPNsense, though I can't spot anything wrong there. I even attempted to enable the parent interface, but that didn’t help either. The firewall rules match my management settings perfectly, and those are functioning correctly. I only have VLANs on the switches for management, and there’s no problem there. It must be somewhere in PMOX or OPNsense. I’ve tried everything on PMOX now—maybe it’s time to reset OPNsense and reconfigure it all over again.
Reply
Reply
H
HubixCube
08-05-2016, 08:35 PM #8

I tried all possible methods in Proxmox to reach my goal, but nothing worked. It seems like the issue lies with OPNsense, though I can't spot anything wrong there. I even attempted to enable the parent interface, but that didn’t help either. The firewall rules match my management settings perfectly, and those are functioning correctly. I only have VLANs on the switches for management, and there’s no problem there. It must be somewhere in PMOX or OPNsense. I’ve tried everything on PMOX now—maybe it’s time to reset OPNsense and reconfigure it all over again.

Reply
Reply
I
i3z___
Senior Member
Find
559
08-12-2016, 11:27 AM
#9
Consider trying VXLAN instead of VLAN. It’s focused on splitting access from your server network to the DMZ, and any secure method would work well.
Reply
Reply
I
i3z___
08-12-2016, 11:27 AM #9

Consider trying VXLAN instead of VLAN. It’s focused on splitting access from your server network to the DMZ, and any secure method would work well.

Reply
Reply
S
SoulDark_
Junior Member
Find
15
09-03-2016, 09:41 AM
#10
Last question about PMOX before resetting the OPNSENSE cluster:
Setup 1: This is my Bridge
Setup 2: Bridge: auto vmbr3s0 iface vmbr3s0 inet manual bridge-ports enp3s0 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 33 auto vmbr3s0.33 iface vlan vmbr3s0.33 inet manual auto vmbr33
iface vmbr33 inet manual bridge-ports vmbr3s0.33 bridge-stp off bridge-fd 0
VM: (replace vmbr1 with vmbr33) One of them should work, assuming OPNSENSE is configured properly?
Reply
Reply
S
SoulDark_
09-03-2016, 09:41 AM #10

Last question about PMOX before resetting the OPNSENSE cluster:
Setup 1: This is my Bridge
Setup 2: Bridge: auto vmbr3s0 iface vmbr3s0 inet manual bridge-ports enp3s0 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 33 auto vmbr3s0.33 iface vlan vmbr3s0.33 inet manual auto vmbr33
iface vmbr33 inet manual bridge-ports vmbr3s0.33 bridge-stp off bridge-fd 0
VM: (replace vmbr1 with vmbr33) One of them should work, assuming OPNSENSE is configured properly?

Reply
Reply
Pages (2): 1 2 Next