Search results

Hello, I face a strange issue on my bond where it works "almost" but depends on the order in which I plug in the cables... I mean, same cable at the same place each time, but first patch cable A then patch cable B will not work, but if I plug the patch cable B first and then the patch cable A it...

Ok, my switch doesn't support STP so that's it. I'll have to look into something else. I'm thinking about something that would check the status of the virtual router VM and if down it would attach the physical NIC to vmbr0, and find a hook before VM startup to detach the NIC from vmbr0 and pass...

Ok, just looked up STP and it seems that will do the trick, only my vRouter needs it and opnSense lets me define priority for each interface so I will definitely be able to tell OpnSense to prefer the 10GB/s link. Even my coming TL-SG1024DE has support for loop detection although it claims to...

It's my home network, so production yes but test also ;) I'm still waiting to receive some hardware to be able to test without disturbing the rest too much, but on weekends production is totally interruptible ^^ I'll have a look into STP as I don't know what it is yet. As of now, vmbr0 is not...

Thanks for your reply. I am planning to use CARP to have the 2 routers on the same network like this :https://docs.opnsense.org/manual/how-tos/carp.html The traffic handover is done by the backup router taking the VIP when it detects the first member is down and it can even sync packet filter...

Not sure it applies to your config because I don't have a DMZ but I have something similar that is working fine for me : passing several NIC using oci passthrough to my opnSense VL as well as a virtual network card attached to vmbr0 like all my other VMs. Then in OpnSense I create a bridge...

In the end my issues were with my Wireless AP that is running openWRT and that is somehow distributing IPV6 adresses by DHCP despite the config having no IPv6 ULA prefix and DHCP disabled... I got tired of tring to disable IPv6 on the AP and juste plugged it off and replaced by another AP...

Hello, I use proxmox to virtualize my main router, passing it all physical NICs for the moment, and also passing a virtual port to vmbr0 so that my router gives access to all other VMs to my wider network (and to the proxmox admin GUI) I face an issue when I backup my router VM since it's...

Hello, I think Traefik offers APIs that Proxmox could leverage to become an integrated provider. In the end, the goal would be that upon LXC or VM startup/shutdown, some config gets pushed or removed to Traefik. The config in question should be an optional field for the user to define on the...

Well the fun part about it is that if I insist and keep running te curl command, sometimes, quite randomly, it does decide to contact the 212.27.32.66 and those times it does manage to fetch the index.html page properly. I think my suricata IDP was maybe slowing things down and causing issues...

Thanks for your help. Sadly, I checked already and all 3 values are properly set when as sysctl shows after reboot. My guess is that somehow, the dns living on opnSense VM does pull an IPv6 adress for the ftp.debian url when openVPN is connected to PIA, despite opnSense having IPv6 disabled for...

Hello, I have disabled IPv6 on my pve host like this : (and rebooted several times since then) root@pve:~# tail -n 6 /etc/sysctl.conf ################################################################### # Disable IPv6 net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1...

Hello, I use pve to virtualize an opnSense box. I have all physical networking passed through (pci passthrough) to the opnSense I added an openvswitch iterface, to which the pve host gets an ip and the opnSense box adds this virtual interface to the bridge of all other physical interfaces. All...

Thanks for the reply ! I'm not so keen in getting mdadm running again, was quite slow and heavy last time I used it, no doubt it has made progress in the last 10 years, but still... The most appealing option you propose is rsync. I get that with rsync the idea would be to setup the main disk as...

Hello, I got this hardware : https://a.aliexpress.com/_BOMxxw It's very nice but it's using a cheap M.2 SATA SSD without any DRAM cache and probably multi layer. I'm running opnSense on top of proxmox, and since my setup is quite complex, I fear this cheap SSD will fail me and I'm looking into...

Thanks @mbosma and @guletz . Graph is made with draw.io website, free and nice to use ;) I strongly advise to use it for your own needs ;) I get the idea of splitting things up in several hardware, and I'd actually say the same myself for a business, but it's my home setup, need to keep in...

Thanks @mbosma. I hear your advice, I will keep a NIC dedicated to pve, probably won't loop it back to save on space on those "only" 6 NICs, and also to see how performance is with the virtual switch. I hope I'll almost never use pve after the initial setup, and I'll be a single user consuming...

A wild guess : on startup pve could not start the VMs while waiting for an IP being assigned by a DHCP on the virtual interface, but cannot get it since it's the virtual pfsense that's my DHCP and it's not yet started... Snake eating it's own tail...deadlock.

Thanks a lot for the very quick response! I'll only receive the hardware in a few weeks but I expect to be able to pass each of the 6 physical NIC individually. Following your advice I will leave one NIC for pve, but I'll probably keep it unplugged, just in case of issue, and would still use pve...

Hello everyone, I'm looking to get a new firewall and I'm looking for advice on how to deal with certain aspects. Attached is a global view of what I want to do. My current concern is how to get good throughput and still good isolation for the VMs I start on proxmox like (C) and (D) or others...