Search results

I don't understand your comment, "but when I set the system configuration, as long as I restart pve, the original settings will be restored." If you want to be able to wol the proxmox host, add; @reboot /sbin/ethtool -s enp4s0 wol g To cron. This sets the wol flag for your management...

@leesteken Re post #2. I run my pve headless. Surprisingly it's been running quite well. If I do need to do something on the server, I will install a basic video. I guess I need to remember to edit that iommu option first, before making any changes.

Further testing has revealed an unfortunate side effect of this vlan0 use. Using virtio for both wan/lan interfaces results in significantly higher cpu usage. I can't compare apples/apples yet because I haven't gotten pf 23.01 to recognize eapol traffic when nic is in passthrough. However, this...

Progress... https://www.dslreports.com/forum/r33645618- I will create a more detailed post later with all the details some others can reproduce.

^^I can still get an ip in pfsense if I revert the network config so pf is doing the wpa auth. Also, reconnecting wan back to prod server, utm (where wan nic is passed through) was able to get an IP no problem. If the ont was the issue, I'd expect to NOT get an ip on one or both of the above vm's.

I did some more testing today on the test box. From scratch, got it to a state where wpa_sup auth worked within the pfsense guest. Then killed the daemon and re-enabled it on the host. It appears if wpa auth happens on the host, dhcp requests from the guest are not making it out. Tried using...

My apologies. There are 2 servers involved. I was doing the host wpa auth on a test box so as not to muck up the main one. On the main (production), utm has wan nic in pass through to sophos utm (suse linux based). Within utm nothing special at all is done with respect to vlan0. Literally...

Tried that. The wpa auth works on the host, but no dhcp on the guest. Vlan0 is passed. Looking at my working utm system, the request goes out untagged. Response comes in tagged vlan 0 priority 7. Wan nic is in passthrough mode to utm. With the proxmox wpa on host, with vlan0 enabled, the...

Take a look here: https://www.reddit.com/r/ATT/comments/g59rwm/comment/fskwgd7/ This appears to be exactly what I'm doing, but he makes no mention of the fwbr flag.

Aha! This makes perfect sense. This exchange is happening over a physical link in your case vs virtual in mine. I don't believe I ever used this method. Mainly started with the dumbswitch/rg, then went certs/wpa a year later in 2019.

Problem solved - hook scripts. https://forum.proxmox.com/threads/execute-host-command-after-starting-guest.125023/ I tested this and it does appear to work for settings the fwbr flag.

After some more research discovered the concept of hookscripts. There's several different states, for this purpose "POST-START" seemed most appropriate. Maybe there's a simpler more elegant way of doing this? The process involves the following 1) Enable snippets Datacenter, storage, local...

Running this command in current firewall (sophos utm, suse based) where wan nic is in passthrough to the vm. tcpdump -i eth2 port 67 or port 68 -n -e -A -vv Doing dhcp renew, shows outbound traffic NOT vlan0 tagged, inbound is vlan0 tagged. However, no vlan0 interface is actually defined...

ref: https://forum.proxmox.com/threads/how-to-pass-vlan-0-priority-tags-to-pfsense-for-dhcp.112374/ I need to set a bridge flag to pass certain traffic to the vm. The problem is the bridge does not exist until *after* the vm is started. echo 8 > /sys/class/net/fwbr105i1/bridge/group_fwd_mask...

Speeding up *sense bootup doesn't really matter. The eapol auth requests come in about every 30 seconds none stop until authorized. The bigger issue is just sending something back to the host early on before the network is up. If wan can't dhcp then it stalls for about a minute. What other...

@vesalius Partial success. Adding post-up echo 8 > /sys/class/net/fwbr105i1/bridge/group_fwd_mask Sort of works. Specifically, it gets applied if the network is reloaded *AFTER* the vm is already started. On a cold boot, the bridge fwbr105i1 DOES NOT exist. Proxmox only creates that...

^^Thanks. Worth a shot. It is curious why you didn't have to set the flag on the fwbr interface while others did. Wonder what's different.

^^Yes, that's exactly how "interfaces" was configured, except no eapol traffic getting into the VM. *sense vm had the rg mac as its mac (where you have 00:00:00.... above). wpa_sup was failing, so tried tcpdump to monitor for eapol trafic... Nothing. Yet as mentioned before, it is being...

Thanks for the reply. Why haven't you pulled certs to get rid of the gateway entirely? The certs are in the vm. I'm not sure what I'm doing wrong, I'm just not getting the eapol traffic passed through to the vm. Nic - intel i211 Proxmox 7.2 pfsense + 23.01 opnsense 23.1 vm nic - virtio I can...

@vesalius, referencing post #2. Can you clarify how you defined everything in proxmox and *sense to get the vlan0 to be removed? I tried defining the wan nic (enp5s0) as enp5s0.0 in the bridge, but wpa_supplicant wasn't seeing the traffic. Att is the provider, with known good certs (working...