Hey guys, maybe you could help me with this config, I am new to networking, I asked other forum as well but still need help to move forward.
In a Hetzner Dedicated Host with Proxmox and OpnSense, I want to setup 2 VLANs at root-level, having only 1 Public IP and without using any VSwitch or extra IPs, if possible.
The idea of having 2 VLANs is to be able to have unsafe content on one VLAN that doesn't affect the other (work) VLAN.
My current configuration which currently works is below. It routes through OpnSense which has WAN set to vmbr0.
The vmbr99 bridge for 10.1.1.0 should ideally upstream to VLAN1. A second subnet 10.1.2.0 should upstream to VLAN2.
The VLAN boundary should end within these 2 VLANs and child subnets. When a packet is forwarded to eno1 interface, it's VLAN tag should be removed. This is to avoid requiring a VSwitch at Hetzner Host level. Actually Hetzner should be totally unaware of the existence of these 2 VLANs.
I've already tried https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_routed, where I found below snippet. But it doesn't seem to work, there is no network connectivity and I cannot ping Hetzner's IP.
Some help would be very helpful at this point as I don't know what else to try.
Thank you!
In a Hetzner Dedicated Host with Proxmox and OpnSense, I want to setup 2 VLANs at root-level, having only 1 Public IP and without using any VSwitch or extra IPs, if possible.
The idea of having 2 VLANs is to be able to have unsafe content on one VLAN that doesn't affect the other (work) VLAN.
My current configuration which currently works is below. It routes through OpnSense which has WAN set to vmbr0.
auto loiface lo inet loopbackiface eno1 inet manualauto vmbr0iface vmbr0 inet manual bridge-ports eno1 bridge-stp off bridge-fd 0auto vmbr99iface vmbr99 inet static address 10.1.1.0/24 gateway 10.1.1.200 #OpnSense IP bridge-ports none bridge-stp off bridge-fd 0The vmbr99 bridge for 10.1.1.0 should ideally upstream to VLAN1. A second subnet 10.1.2.0 should upstream to VLAN2.
The VLAN boundary should end within these 2 VLANs and child subnets. When a packet is forwarded to eno1 interface, it's VLAN tag should be removed. This is to avoid requiring a VSwitch at Hetzner Host level. Actually Hetzner should be totally unaware of the existence of these 2 VLANs.
I've already tried https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_routed, where I found below snippet. But it doesn't seem to work, there is no network connectivity and I cannot ping Hetzner's IP.
auto loiface lo inet loopbackiface eno1 inet manualiface eno1.5 inet manualauto vmbr0v5iface vmbr0v5 inet static address 10.10.10.2/24 gateway 10.10.10.1 bridge-ports eno1.5 bridge-stp off bridge-fd 0auto vmbr0iface vmbr0 inet manual bridge-ports eno1 bridge-stp off bridge-fd 0Some help would be very helpful at this point as I don't know what else to try.
Thank you!