Hello and happy new Year!
My idea for setting up networking was to have vlans tagged by hypervisor, so the VMs are not really aware what network they are on (someone told me it's an overkill for a homelab, but I would rather follow best practices when I can and that feels like a better thing to do). I have assigned a vmbr0 to my physical interface (it's connected to trunk port) and then I have it forking into 3 VLANs (100,101,102). Each of those VLANs then goes into OPNSense as LAN interfaces. When I create a VM I assign its gateway address to one of these OPNSense LAN interfaces along with a static IP address (haven't got time to set up a DHCP for each VLAN yet). I am also running ZeroTier plugin on the OPNSense with default route override for remote access (for the sake of debugging I've set float rules to allow ZeroTier traffic to every VLAN).
Here's some behavior I have noticed:
- I can only access Proxmox GUI on VLAN100 and I have to actually be on that VLAN meaning if I try to connect to it from ZeroTier network, it doesn't work (firewall seems to be letting the traffic through on the live logs though), so it could be sort of a tagging issue i think
- I can ping and telnet the VLAN100 GUI from VM on VLAN101, but when on ZT I can do none of those things
- I can freely access VM on VLAN101 with ZeroTier
- The proxmox itself doesn't have network connection, I can't even ping the main gateway i got from ISP (192.168.0.1)
- I do have network connection on each VLAN, so the bridges seem to work fine with the tags and so does my switch in front of host
I am attaching my /etc/network/interfaces from proxmox and the network tab from GUI and my connection check to GUI. I did follow "VLAN on the Host" scenario from https://pve.proxmox.com/wiki/Network_Configuration
If you have any idea what I'm doing wrong here that cuts me off the WAN and GUI, I will gadly appreciate the feedback. I would also love to hear any advice concerning my choice of design please let me know to.
Thanks in advance!
My idea for setting up networking was to have vlans tagged by hypervisor, so the VMs are not really aware what network they are on (someone told me it's an overkill for a homelab, but I would rather follow best practices when I can and that feels like a better thing to do). I have assigned a vmbr0 to my physical interface (it's connected to trunk port) and then I have it forking into 3 VLANs (100,101,102). Each of those VLANs then goes into OPNSense as LAN interfaces. When I create a VM I assign its gateway address to one of these OPNSense LAN interfaces along with a static IP address (haven't got time to set up a DHCP for each VLAN yet). I am also running ZeroTier plugin on the OPNSense with default route override for remote access (for the sake of debugging I've set float rules to allow ZeroTier traffic to every VLAN).
Here's some behavior I have noticed:
- I can only access Proxmox GUI on VLAN100 and I have to actually be on that VLAN meaning if I try to connect to it from ZeroTier network, it doesn't work (firewall seems to be letting the traffic through on the live logs though), so it could be sort of a tagging issue i think
- I can ping and telnet the VLAN100 GUI from VM on VLAN101, but when on ZT I can do none of those things
- I can freely access VM on VLAN101 with ZeroTier
- The proxmox itself doesn't have network connection, I can't even ping the main gateway i got from ISP (192.168.0.1)
- I do have network connection on each VLAN, so the bridges seem to work fine with the tags and so does my switch in front of host
I am attaching my /etc/network/interfaces from proxmox and the network tab from GUI and my connection check to GUI. I did follow "VLAN on the Host" scenario from https://pve.proxmox.com/wiki/Network_Configuration
If you have any idea what I'm doing wrong here that cuts me off the WAN and GUI, I will gadly appreciate the feedback. I would also love to hear any advice concerning my choice of design please let me know to.
Thanks in advance!
