Since this is not a first I share here a brief summary of an awful event which lead to considerable downtime.
Running a Proxmox cluster with OPNSense as firewall, this firewall is the first point of entry for all traffic.
Yesterday I switch off routers (1 ISP and 1 wifi router) as I did before when I leave the house, this is residential so no issue.
When I'm back hours later i switch on the routers and find ... no internet.
After much this and that since yesterday 17:00 I found the fix, again, to be giving Proxmox networking a shuffle.
Trying to diagnose I found the strangest things.
Important to know is I found for the OPNSense VM the network interfaces where 'shifted and mangled'
MAC address for one interface at the VM level appeared for another interface inside the VM, entirely different as before.
A packet capture in the OPNSense VM showed there is an ip assigned over DHCP but no IP is assigned in the interface.
Eventually, running
and rebooting resolved the issue.
Zero changes to OPNSense were required.
To memory this is not a first time changing interface names in Proxmox 'fixes' things.
I'm worried this may be hiding a vulnerability or a serious bug which may be triggered by scanning activities.
What troubles me is this leaves almost no trace to work with.
Running a Proxmox cluster with OPNSense as firewall, this firewall is the first point of entry for all traffic.
Yesterday I switch off routers (1 ISP and 1 wifi router) as I did before when I leave the house, this is residential so no issue.
When I'm back hours later i switch on the routers and find ... no internet.
After much this and that since yesterday 17:00 I found the fix, again, to be giving Proxmox networking a shuffle.
Trying to diagnose I found the strangest things.
Important to know is I found for the OPNSense VM the network interfaces where 'shifted and mangled'
MAC address for one interface at the VM level appeared for another interface inside the VM, entirely different as before.
A packet capture in the OPNSense VM showed there is an ip assigned over DHCP but no IP is assigned in the interface.
Eventually, running
Code:
pve-network-interface-pinning generateZero changes to OPNSense were required.
To memory this is not a first time changing interface names in Proxmox 'fixes' things.
I'm worried this may be hiding a vulnerability or a serious bug which may be triggered by scanning activities.
What troubles me is this leaves almost no trace to work with.
Last edited: