Pfsense as VM - VLANs on LAN?

[rakali]

Hello,

I have VLANS working for my proxmox VM and LXC - but I cannot get any external devices to recognise the VLAN.

My proxmox machine has two NICs. One for WAN and one for LAN. LAN connects to a TL-SG108E switch on port 7. Port 7 is tagged for VLAN 4094. Trying to connect a VLAN aware device on port 2, I have tried having it set to untagged and tagged...

In pfsense, VLAN 4094 interface parent is vtnet3 which is iface vmbr4094 from proxmox below, assigned to the pfsense VM.

pfsense DHCP for the VLAN 4094 works for proxmox, but not for external devices.

Here is the proxmox network config. Can anyone see where I am going wrong?

auto lo
iface lo inet loopback

iface enp2s0 inet manual

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.2/24
    gateway 10.0.0.1
    bridge-ports enp2s0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet manual
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0

auto vmbr777
iface vmbr777 inet manual
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

 

[vesalius]

Several questions:

1. Of your physical interfaces, enp2s0 and eno1, which is physically connected to wan and which to lan?
2. I do not see eno1 use as a bridgeport in any linux bridge in your copied /etc/network/interfaces?
3. I do not see iface vmbr4094 in your copied /etc/network/interfaces?
4. which linux bridge is wan and which is lan?

 

[rakali]

Several questions:

1. Of your physical interfaces, enp2s0 and eno1, which is physically connected to wan and which to lan?

eno1 is WAN and enp2s0 is LAN.

2. I do not see eno1 use as a bridgeport in any linux bridge in your copied /etc/network/interfaces?

Is that not this?

auto vmbr1
iface vmbr1 inet manual
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0

3. I do not see iface vmbr4094 in your copied /etc/network/interfaces?

Maybe this is the issue? If I have a vmbr4094 interface in promox, then I DHCP works to VM assigned 4094 but that is apparently not passed to the switch. Can you advise what the config should look like? Does it need to specify bridge-ports enp2s0 - I think the GUI gives an error that enp2s0 is already assigned...
Do I then specify this interface as the VLAN parent in pfsense?

auto vmbr4094
iface vmbr4094 inet manual
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

4. which linux bridge is wan and which is lan?

vmbr0 is LAN and vmbr1 is WAN

 

[vesalius]

Indeed, I overlooked eno1. I should have asked for this initially, but can you give us a pic of the network devices assignments from the proxmox webgui under pfsense vm/hardware? This should include vtnet3 among the others.

I use opnsense in a similar capacity, as long as the parent interface of vtnet3 is vmbr0 with a VLAN tag of 4094 this should be able to work. Now if you want proxmox to have a management IP in this VLAN, then an additional section in your etc/network interfaces might be necessary.