How to setup multiple IPs and networks on a single NIC? (with OPNsense within Proxmox)

Z

Zedthou

Member
Apr 24, 2022
14
2
8
Hardware
I have:
  1. a HP T620 plus with an Intel 4 port gigabit NIC. It also has a Realtek onboard gig NIC which I’m not using. It’s equipped with 16GB ram and a 256GB SSD
  2. two managed switches that I can set the VLAN
  3. a couple of wifi access points which are VLAN aware and are capable of multiple SSID

Applications
It’s being used as a firewall, DNS blocker and home automation server with Proxmox 7.2-4
as the hypervisor. OPNsense 22.1.7_1, Pi-hole v5.10 and Home Assistant 2022.5.5

Assumptions
Intel NIC, enp1s0f0
LAN is 192.168.100.0/24, NIC 192.168.100.254 VLAN 0
IOT is 192.168.101.0/24, NIC 192.168.101.254 VLAN 101
Guest is 192.168.102.0/24, NIC 192.168.102.254 VLAN 102

Observation
There seems to be an alternative virtual network called OVS.

Goal
I’d like to set up a home ssid, guest ssid and IOT ssid all three on different subnets on a single internal NIC.

What I've tried to do
I know I can create virtual NICs in OPNsense or Proxmox. I have created linux bridges in Proxmox, but I can only assign a single bridge to a NIC.
vmbr0 enp1s0f0
It doesn’t like vmbr101 enp1s0f0

How to do it?
What mechanism should I use to create the VLANs and how can I assign multiple IP addresses (in different subnets) to a single NIC?
Do I need to do anything with the routing?
 
Zedthou said:
How to do it?
What mechanism should I use to create the VLANs and how can I assign multiple IP addresses (in different subnets) to a single NIC?
Click to expand...
There are many naming schemes for VLANs, but i would recommend you to use base_interface.vlan_id
Just create a vlan interface with a name enp1s0f0.101 , then add it to your vmbr101 as a bridge-port.

Another alternative would be to configure VLANs in VM config. Just leave proxmox default network configuration (enp1s0f0 is a bridge port of vmbr0) and add VLAN tag in VM NIC settings.

1653428142506.png
 
Last edited:
  • Like
Reactions: Zedthou
You've got managed switches and vlan-aware Wireless so should be easy enough.

You only need to assign one vmbr to one nic (you can assign multiple nics to one vmbr but that's another story) - each vmbr/nic can accomodate multiple VLAN's and each VLAN will have it's own IP subnet. So inside OPNSense, you define VLAN 101, 102, etc and give the VLAN an address inside OPNSense - you can also have a DHCP server on each VLAN so you can assign different DNS servers to each of your networks if you wish. You then assign the VLAN to a interface in OPNSense.

This is my setup in pfSense, but OPNSense is very similar - here VLAN 51 is defined

vlan51.jpg

It's assigned to vtnet0

vlan_assign.jpg
And assigned it's own address

address assignment.jpg
 
  • Like
Reactions: Zedthou
@bobmc and @mvs

I've created the VLANs and virtual FW interface in Opnsense, WIP at the moment as I haven't had them opportunity to reboot everything. I will update in due course.

I'm hoping Proxmox will let the VLAN tags go through unhindered.
 
You must log in or register to reply here.
Top Bottom