Hi, I've spent much time reviewing the basics of networking to try and tackle this. I've boiled down and simplified my problem to this :
Students have a dedicated /24 subnet through Wireguard. They can access proxmox's GUI somehow. They can create VMs and CTs in this subnet.
Inter-subnet routing (forwarding in wireguard interface) is handled by firewall rules (and will be programatically generated so that user choose their "subnet-neighbours" at runtime).
WAN access is just masquerading everything on the bridge.
I've strayed away from VLANs and SDNs configurations (waiting eagerly for SNAT on VLAN Vnets). I'm open to suggestions for external routing handled by a VM (VyOS Pfsense etc) but we will handle hundreds of users minimum, and vlan & bridges does not seem to scale gracefully so I'm ok for cpu overhead with firewall rules.
Implementing it will take me a long time, and I'd love some expertise about feasibility, and alternatives if you have any.
Thanks a ton, awesome community, crossing my fingers. Have a good day.
Students have a dedicated /24 subnet through Wireguard. They can access proxmox's GUI somehow. They can create VMs and CTs in this subnet.
Inter-subnet routing (forwarding in wireguard interface) is handled by firewall rules (and will be programatically generated so that user choose their "subnet-neighbours" at runtime).
WAN access is just masquerading everything on the bridge.
I've strayed away from VLANs and SDNs configurations (waiting eagerly for SNAT on VLAN Vnets). I'm open to suggestions for external routing handled by a VM (VyOS Pfsense etc) but we will handle hundreds of users minimum, and vlan & bridges does not seem to scale gracefully so I'm ok for cpu overhead with firewall rules.
Implementing it will take me a long time, and I'd love some expertise about feasibility, and alternatives if you have any.
Thanks a ton, awesome community, crossing my fingers. Have a good day.