[SOLVED] Create and Setup vLan with Tag in PVE behind pfSense Firewall

[GrazDiesel90]

Hello,

I´m really having trouble setting up a vLAN in/on PVE and make it available to the firewall and give access to WAN.

Setup:
pfSense Firewall with public IP and 2 physical interfaces (WAN and LAN)
WAN provides Internet
LAN Network 10.27.126.0/24 (Intern IP: 10.27.126.1)

An PVE Instance is connected to LAN with 10.27.126.77
vmbr0 - Gateway 10.27.126.1
On the PVE there are running 2 VMs which I want to separate via vLAN.

VM1: 10.27.126.100 (connected via vmbr0)
VM2: 10.27.126.103 (connected via vmbr0)

Now I want to separate those networks via vLAN.

What I already did:
I made vmbr0 vLan aware
Gave VM2 a tag: 20
Created a vLan in pfsense, assigned it to a new interface OPT1 and give a different IP range 10.27.125.0/24 and created Firewall etc.
Assigned VM2 a new Address 10.27.125.103 and Gateway 10.27.125.1

My Problem is that with VM2 (vLAN 20) I can't out of the system, can't even ping anything, pfsense or www.
I know I still missing some network configuration, I think some Bridge etc on PVE.

For better understanding I attached a image of the setup.

Could anyone please give me a hint, what is wrong?

 

[GrazDiesel90]

Solved it. There was already a vLan attached by my provider.