FIXED: I had the Proxmox management IP configured on one of my local NICs. Realized that I had a <1ms ping to this IP.. sorry 
Hi there,
I setup Proxmox, created a OPNsense VM. Uplink/WAN for this OPNsense is a vNIC on the default bridge (vmbr0). LAN for this OPNsense is a vNIC on another bridge (vmbr1) I created. This vmbr1 has an IP (192.168.8.2/24) and the default gateway (OPNSense: 192.168.8.1/24) configured for Proxmox Web Management.
Nothing special, every host on the OPNsense LAN (192.168.8.0/24) is able to access the proxmox Web Interface. But..
There is a WireGuard Site-to-Site connection between the OPNsense and another remote OPNsense. Hosts from the LAN of this remote OPNsense are not able to access the Web Interface, although they are able to ping the Proxmox management IP.. and they are able to access all other hosts through this Site-to-Site tunnel (tcp/udp/icmp; all ports).
I'm sure there is no routing issue and no firewall/OPNsense is blocking this traffic. So the issue has to be in the Proxmox config. Could it be that the Web Interface is restricted to the management IPs own subnet somehow by default?
Hi there,
I setup Proxmox, created a OPNsense VM. Uplink/WAN for this OPNsense is a vNIC on the default bridge (vmbr0). LAN for this OPNsense is a vNIC on another bridge (vmbr1) I created. This vmbr1 has an IP (192.168.8.2/24) and the default gateway (OPNSense: 192.168.8.1/24) configured for Proxmox Web Management.
Nothing special, every host on the OPNsense LAN (192.168.8.0/24) is able to access the proxmox Web Interface. But..
There is a WireGuard Site-to-Site connection between the OPNsense and another remote OPNsense. Hosts from the LAN of this remote OPNsense are not able to access the Web Interface, although they are able to ping the Proxmox management IP.. and they are able to access all other hosts through this Site-to-Site tunnel (tcp/udp/icmp; all ports).
I'm sure there is no routing issue and no firewall/OPNsense is blocking this traffic. So the issue has to be in the Proxmox config. Could it be that the Web Interface is restricted to the management IPs own subnet somehow by default?
Last edited: