OPNsense on bridge not working - single ip host

[engen84]

Hi!

Been trying to get my Proxmox setup with a OPNsense as firewall and router. Where vms can connect to and be NAT:et out.

Cant seem to get it to work, have tried so many diffrent approaches but still no luck.

I have currently configured my Proxmox:

auto lo
iface lo inet loopback

iface ens18 inet manual
    up sysctl -w net.ipv4.ip_forward=1

    
auto vmbr0
iface vmbr0 inet manual
    bridge-ports ens18
    bridge-stp off
    bridge-fd 0
        
auto vmbr1
iface vmbr1 inet static
    address 192.168..1/24
    gateway 111.11.1.2
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    
source /etc/network/interfaces.d/*

The opnsense is configured with vmrbr0 as WAN and vmbr1 as LAN.
Static IP for WAN 185.xx.243.xxx/24
Static IP for LAN 192.168.10.1/24


The VM has config



I have tried e1000 as nic for the vm but same result.

Can anyone please help me?

 

[wommy]

alex of tailscale has a youtube video which pretty much does what youre looking to do

https://www.youtube.com/watch?v=XXx7NDgDaRU

 

[wecanIT]

Hello, there's a typo in the IP address 192.168..1! And a gateway must be in the same subnet!

 

[engen84]

Hello, there's a typo in the IP address 192.168..1! And a gateway must be in the same subnet!

Hi! Thanks for replying.

I did not copy the interfaces file, just wrote it off my self.

So the present file on the host does not have the typo and the gateway is correct.

auto lo
iface lo inet loopback

iface ens18 inet manual
    post-up sysctl -w net.ipv4.ip_forward=1

    
auto vmbr0
iface vmbr0 inet manual
    bridge-ports ens18
    bridge-stp off
    bridge-fd 0
        
auto vmbr1
iface vmbr1 inet static
    address 192.168.10.2/24
    gateway 192.168.10.1
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    
source /etc/network/interfaces.d/*

Above is the exact content of the interfaces file.

I can ping the 192.168.10.1 from my pve-host.
And I can ping 192.168.10.2 from OPNsense, but not my WAN-gateway.

Anyone that has any idea on how to proceed? If I need to provide more info, please tell me.

 

[wecanIT]

How is the opnsense connected? As hardware or as a VM? Is the WAN connected to the opnsense via pathtrue? There are a lot of variables.

 

[engen84]

How is the opnsense connected? As hardware or as a VM? Is the WAN connected to the opnsense via pathtrue? There are a lot of variables.

Oh, I didn´t write that my Proxmox is running as host where OPNsense is a VM.

I only have 1 NIC on the proxmox, so therefor I put the vmbr0 without IP and my NIC ens18 as bridge port.

The ens18 is connected to WAN.

My OPNsense configured as the image I attached to my OP.

A virtio-netdevice vtnet0 which is bridged to vmbr0 on the proxmox.
Also a vtnet1 that is bridged to vmbr1 on proxmox.

 

[wommy]

https://youtu.be/XXx7NDgDaRU?t=151
i even time stamped it for you

instead of creating a vmbr1, try vmbr0.100
so remove that vmbr1, put ipaddr n gateway back on 0
and create a vlan vmbr0.xxx

i also think you might want to follow this after
https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_routed