Hello all. I have searched a ton of places looking for an answer to my problem, but I have not found anything that applies to my situation. I am hoping it is something easy that I just do not see. I also posted this to the OPNsense forum and only got one response but it did not answer the issue. Hoping the experts here have an idea to help.
I am running OPNsense 25.7.3_7-amd64 on Promox 9.0.9. I am running it on a GMKTec Nucbox M5 Plus (Ryzen 7 5825U, 32GB Ram, 512GB SSD, 2 x 2.5GB LAN ports). I have the following plugins installed: acme-client, caddy, ddclient, haproxy, ntopng, redis, smart, theme-rebellion. I have configured all but haproxy and they all work as designed when the router is working.
The LAN port works fine and I can access both Proxmox and OPNsense on my network.
The problem I keep having is that if Proxmox is shutdown or reboots, I do not get a WAN IP and cannot access the Internet. The OPNsense dashboard shows the WAN interface without an IP and the Gateways box on the dashboard shows the WAN_DHCP as undefined. Rebooting OPNsense does not fix it, nor does reloading the WAN interface under Interfaces:Overview.
To fix it, I have to power cycle my fiber modem. I then get a WAN IP address (which is different after each power cycle). While researching this issue and leaving OPNsense running without its WAN address after the last reboot, I noticed that about 30 minutes later, I did get a WAN address without doing anything, but it was a new IP from my provider just as if I had power cycled the modem. I have included the system.log from the last reboot and when the WAN IP resolved itself on its own. In the system.log, there is a large number of TIMEOUT errors under dhclient-script for vtnet1 (WAN) causing it to fail on vtnet1 executing. Then OPNsense reports "/usr/local/etc/rc.newwanip: Failed to detect IP for interface wan". This repeats a number of times.
I tried to spoof the Proxmox MAC address for the WAN port in OPNsense. I did get an IP, but I could not do anything on the Internet.
If I pass the WAN NIC through to OPNSense, will this fix the problem? What are the downsides of doing this? Can I pass through just the WAN port and leave the LAN port as a virtual port? I'll test it soon, but if someone know the pros and cons of this that would be great.
While it is nice to be able to have other VMs on this machine, I am thinking about switching back to baremetal as it did not have this problem. Regardless, I would like to at least understand why this is happening.
Here are the ports:
Proxmox Node:
enp1s0 (active/no autostart) --> vmbr0 (active/autostart) --> 192.168.1.1/24 (CIDR) --> 192.168.1.254 (Gateway) --> LAN
enp2s0 (active/no autostart) --> vmbr1 (active/autostart) --> CIDR blank --> Gateway blank --> WAN
Proxmox VM:
Network device (net0): virtio=BC:::
3, bridge=vmbr0, queues=4
Network device (net1): virtio=BC::::7C, bridge=vmbr1, queues=4
OPNSense:
LAN --> vtnet0 --> 192.168.1.254/24
WAN --> vtnet1 --> 69.xx.xxx.246/25 --> 69.xx.xxx.129 (Gateway)
Thanks.
I am running OPNsense 25.7.3_7-amd64 on Promox 9.0.9. I am running it on a GMKTec Nucbox M5 Plus (Ryzen 7 5825U, 32GB Ram, 512GB SSD, 2 x 2.5GB LAN ports). I have the following plugins installed: acme-client, caddy, ddclient, haproxy, ntopng, redis, smart, theme-rebellion. I have configured all but haproxy and they all work as designed when the router is working.
The LAN port works fine and I can access both Proxmox and OPNsense on my network.
The problem I keep having is that if Proxmox is shutdown or reboots, I do not get a WAN IP and cannot access the Internet. The OPNsense dashboard shows the WAN interface without an IP and the Gateways box on the dashboard shows the WAN_DHCP as undefined. Rebooting OPNsense does not fix it, nor does reloading the WAN interface under Interfaces:Overview.
To fix it, I have to power cycle my fiber modem. I then get a WAN IP address (which is different after each power cycle). While researching this issue and leaving OPNsense running without its WAN address after the last reboot, I noticed that about 30 minutes later, I did get a WAN address without doing anything, but it was a new IP from my provider just as if I had power cycled the modem. I have included the system.log from the last reboot and when the WAN IP resolved itself on its own. In the system.log, there is a large number of TIMEOUT errors under dhclient-script for vtnet1 (WAN) causing it to fail on vtnet1 executing. Then OPNsense reports "/usr/local/etc/rc.newwanip: Failed to detect IP for interface wan". This repeats a number of times.
I tried to spoof the Proxmox MAC address for the WAN port in OPNsense. I did get an IP, but I could not do anything on the Internet.
If I pass the WAN NIC through to OPNSense, will this fix the problem? What are the downsides of doing this? Can I pass through just the WAN port and leave the LAN port as a virtual port? I'll test it soon, but if someone know the pros and cons of this that would be great.
While it is nice to be able to have other VMs on this machine, I am thinking about switching back to baremetal as it did not have this problem. Regardless, I would like to at least understand why this is happening.
Here are the ports:
Proxmox Node:
enp1s0 (active/no autostart) --> vmbr0 (active/autostart) --> 192.168.1.1/24 (CIDR) --> 192.168.1.254 (Gateway) --> LAN
enp2s0 (active/no autostart) --> vmbr1 (active/autostart) --> CIDR blank --> Gateway blank --> WAN
Proxmox VM:
Network device (net0): virtio=BC:::
3, bridge=vmbr0, queues=4Network device (net1): virtio=BC::::7C, bridge=vmbr1, queues=4
OPNSense:
LAN --> vtnet0 --> 192.168.1.254/24
WAN --> vtnet1 --> 69.xx.xxx.246/25 --> 69.xx.xxx.129 (Gateway)
Thanks.