Opnsense, access to proxmox ve from LAN

W

wuffz

New Member
Mar 5, 2020
4
0
1
34
I have a proxmox setup with 4 nics.

1 is currently the management interface. ( connected to enp2s0f0 )
2 are bonded to a vmbr = LAN, ( connected to ens1 and ens2 )
1 vmbr = WAN, ( connected to enp2s0f1, which is connected into my homenetwork for now, later on will become dmz. ( 129.168.178.x )

The above settings are working. i connected my laptop to the ens1, after some fiddeling with dns i can connect to the outside world on the lan side through the opnsense vm.
the next question for my homelab will be, how can i connect the vmbr0 to the LAN side of things, i want to be able to use an ip in the range of de opnsense range ( 192.168.1.x ) to access the proxmox virtual environment ( web ui ) this will be just on the lan side.

i tried to set vmbr0 to a static 192.168.1.2, and add bond0 to the 'ports/slaves' that didn't work.

vlans are not in use for now.

many thanks in advance!
 

Attachments

  • hodor.png
    hodor.png
    91.5 KB · Views: 146
wuffz said:
I have a proxmox setup with 4 nics.

1 is currently the management interface. ( connected to enp2s0f0 )
2 are bonded to a vmbr = LAN, ( connected to ens1 and ens2 )
1 vmbr = WAN, ( connected to enp2s0f1, which is connected into my homenetwork for now, later on will become dmz. ( 129.168.178.x )

The above settings are working. i connected my laptop to the ens1, after some fiddeling with dns i can connect to the outside world on the lan side through the opnsense vm.
the next question for my homelab will be, how can i connect the vmbr0 to the LAN side of things, i want to be able to use an ip in the range of de opnsense range ( 192.168.1.x ) to access the proxmox virtual environment ( web ui ) this will be just on the lan side.

i tried to set vmbr0 to a static 192.168.1.2, and add bond0 to the 'ports/slaves' that didn't work.
Click to expand...
"connect the vmbr0 to the LAN side of things" means connect to some external (hardware) servers as storage etc. - correct?

Difficult to say without knowing the complete network architecture (i.e. how is you opensense vm connected as well as other details maybe too). I guess you have to define the necessary routing in opensense as well as using opensense as (default) router for the servers.
 
Sorry for the inconvenience
No it wasn't external. i tried to add the vmbr0 to the 'ports/slaves' ( or bridge-ports in the interfaces if you will )
Below is my current/working configuration.

vmbr1 is connected to the WAN in opnsense
vmbr2 is connected to the LAN in opnsense
vmbr0 is connected as OPT1, but disconnected and not in use.

when i hook up my laptop to the LAN port ( fysical ) i get an ip from the opnsense dhcp server.
when i hook up the wan port ( fysical ) i get a internet connection on that laptop.
in the above statement wifi is turned of, so there's no mixup here.

what i want to achieve is that the proxmox VE interface is available within the LAN network, so i can access it from my laptop without being on the management interface (vmbr0)

i'm guessing i could setup opt1(vmbr0) to be accessible via opnsense. but i wonder if there's a way to get the static ip on vmbr0 to be accessible straight from the LAN ( as dhcp is broadcasted on 192.168.1.100 to 192.168.1.254, opnsense is on 192.168.1.1, i want the proxmox ve on 192.168.1.2 )


hope this clearifies, if any questions please tell me

Bash: 
auto lo
iface lo inet loopback

auto enp2s0f0
iface enp2s0f0 inet manual
#management port, left bottom

auto enp2s0f1
iface enp2s0f1 inet manual
#wan port, right bottom

auto ens1
iface ens1 inet manual

auto ens2
iface ens2 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves ens1 ens2
        bond-miimon 100
        bond-mode balance-alb
#BUNDEL LAN

auto vmbr0
iface vmbr0 inet static
        address  192.168.178.2
        netmask  24
        gateway  192.168.178.1
        bridge-ports enp2s0f0
        bridge-stp off
        bridge-fd 0
#MANAGEMENT

auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp2s0f1
        bridge-stp off
        bridge-fd 0
#WAN

auto vmbr2
iface vmbr2 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
#LAN 192.168.1.2/24
 
wuffz said:
what i want to achieve is that the proxmox VE interface is available within the LAN network, so i can access it from my laptop without being on the management interface (vmbr0)
Click to expand...

Hello wuffz! I'm trying to solve the exact same problem. Have you found a solution?

Thanks
 
Actually i did not. I got a bigger switch later on, and just gave de management port a fysical connection. Pro: i can manage it when the firewall goes down by plugging in a laptop straight to proxmox management. :)
 
It does have access.. Its connected to the same switch as the lan interfaces for opnsense. I have given the proxmox main interface a static ip with the opnsense as gateway
 
You must log in or register to reply here.
Top Bottom