No internet access on my VLAN

MrKibatsu

New Member
Jul 19, 2023
8
0
1
Hello everyone,

I just asked you for help in creating my VLANs on PVE 8.0.3 my concern and the following:

After creating a VLAN 10 and assigning it to my VM WS2K19 it arrives well communicated with its VLAN but not with the outside.

Equipment used:

My ISP router : 192.168.1.1
HP ProCurve 2910AL-24P Switch : VLAN 1 = 192.168.1.250 / VLAN 10 = 192.168.10.250
PVE 8.0.3 with 2 network card but 1 only used: 192.168.1.2
- 1 Windows Server VM 2019 : 192.168.10.10

Diagram of my infrastructure :
1689864559330.png

Here is the configuration of my devices:

HP ProCurve 2910AL-24P :
1689863495554.png
Port 1 = PVE
Port 3 = Laptop
Port 24 = ISP Router

Proxmox VE 8.0 GUI :
1689863612094.png

Proxmox VE 8.0 /etc/network/interface :
1689863712057.png

On my Windows Server 2019 :
1689864026954.png

From my PVE/Switch I can ping all the IP, from my WS only the one displayed on the screen.

Thanks for reading, I’m taking any lead to solve my problem.
 
How should your Win VM access the internet when there is no router/gateway serving your 192.168.10.0/24 subnet?
 
How? Because when I try to put the gateway of my vmbr0 it tells me that I can’t
You can only have one default gateway per OS. But your Win VM needs a gateway (so configured inside your guest OS) on the VLAN10 subnet, not the PVE host. Totally fine if PVE is using 192.168.1.1 and your Win VM 192.168.10.1.
But then you of cause need a router that can route between the internet and your 192.168.10.0/24 subnet.
 
Last edited:
You can only have one default gateway per OS. But your Win VM needs a gateway (so configured inside your guest OS) on the VLAN10 aubnet, not the PVE host.
I’m sorry, but I don’t see how, you can explain it to me ? I have trouble understanding English.
 
Last edited:
I’m sorry, but I don’t see how, you can explain it to me ? I have trouble understanding English.
Typically you would set up something like a pfsense/OPNsense as a VM or as a bare metal machine to act as your router. This OPNsense then could act as your router and route between your various subnets/VLANs so that each subnet got its own DHCP server, DNS server, gateway IP and so on.
 
  • Like
Reactions: Spoonman2002
If you can put your ISP router in Bridged mode, you can then create a VLAN100 UNTAGGED (internet) and
connect it to the HP switch. From the HP switch you can plug in your Proxmox host and I would definitely use both network cards.
This way you can install and run pf/OPNsense on the PVE host.

Or same as above but no HP switch and plug internet cable from (Bridged) router to PVE host network card #1
The first option creates more flexibility from the HP switch and VLANs.

As @Dunuin said, you need some kind of (software) router in your network for Server 2019 to reach the internet.

- VLAN100 is an example, you can use your own VLAN number.
 
Also a tip:
try to avoid using 192.168.x.1 and/or 192.168.x.254 for a server.
Many routers and switches use .1 or .254 as default network address = ip conflict.
 
OK, i recreate my network, but don't work again...


After creating a VLAN 10 and assigning it to my VM WS2K19 it arrives well communicated with its VLAN but not with the outside.

Equipment used:

My ISP router : 192.168.1.254
HP ProCurve 2910AL-24P Switch : VLAN 1 = 192.168.2.250 / VLAN 10 = 192.168.10.250
PVE 8.0.3 with 2 network card : 192.168.1.2 & 192.168.2.1
- 1 VM pfSense : WAN = 192.168.1.106/24 DHCP & LAN = 192.168.2.1/24 STATIC & VLAN10 = 192.168.10.1/24
- 1 VM Windows Server 2019 : 192.168.10.10
- 1 VM Windows 10 : 192.168.2.11

New Diagram :
1690545881186.png

Here is the configuration of my devices :

HP ProCurve 2910AL-24P :
1690546373607.png

Port 1 = PVE
Port 3 = Laptop

Proxmox VE 8.0 GUI :
1690546433190.png

Network Interface :
1690548905290.png

Windows Server 2K19 :
1690546513188.png

pfSense Interface Config :
1690546573237.png

As previously the problem lies at the level of windows server and vlan, I understand that it does not manage to ping its gateway so the problem must come from my VLAN configuration however I do not see or is my error how to fix it.

the LAN 192.168.2.1/24 work not problem.

EDIT: I have added on my pfSense an any any rule for the interface vlan, now it works, however I wanted to test with a laptop on the interface 3 of my Switch which is tagged for the VLAN 10 but I get a DHCP lease of the LAN and not the VLAN if you have an idea?

EDIT 2 : For solve my problem
1690553773049.png

Now it's fine 0 problem ^^'
 
Last edited:
Another way: if your switch is capable (Layer 3 "lite") you can simplify and use it for inter-vlan routing.

On the switch you would create a Layer 2 management vlan (where your Internet router will be) and the other vLANs.
The associated Layer 3 vlan interface ip addresses will be the gateways for each vlan's subnet.
A static route, or a routing protocol (such as RIP), will handle routing between vlans.
A default static route is usually added so anything else goes to your Internet router.

On PVE you connect the 2 network cards, one to untagged management port (static IP), the other to tagged port (no IP).
You should try to avoid default vlan1 normally.
Notice in /etc/network/interfaces how proxmox also avoids vlan1 (bridge-vids 2-4094)

As example this is my setup (vlan10 is management, 192.168.10.1 is interface IP for vlan10 on the switch)
1690554332798.png
So vmbr0 is PVE access as normal. If a VM needs to be in vlan10, I can connect it to vmbr0.
But most VMs will be connected to vmbr1 by specifying the desired vlan tag, 20 in this case:
1690553476908.png

My Internet router is in vlan 10 at 192.168.10.254
From vlan 10 it goes 192.168.10.x ===> 192.168.10.254 (router) ===> Internet
And from vlan 20: 192.168.20.x ===> 192.168.20.1 (switch) ====> 192.168.10.254 (router) ===> Internet
Basically 192.168.10.1 and 192.168.20.1 (gateways) are on the switch, assigned to vlan 10 and 20. This has the benefit of not creating an extra hop (between 192.168.20.1 and 192.168.10.1): it all happens on the switch.
Management vLAN10 DHCP comes from the Internet router.
For most vLANS I use a VM running DHCP/DNS server as needed. This can be OPNsense, pfSense, Pi-hole, etc.

Important: On my Internet router (192.168.10.254) the LAN gateway is 192.168.10.1; I have to add a static route to access vlan 20 from router.
Without that Internet packets will not reach back: Internet ===> 192.168.10.254 (router) ===> 192.168.10.1 (switch) ===> 192.168.20.x
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!