Proxmox / OPNsense / 3 NICs : How to make VLAN aware LAN network to join physical devices to virtualized firewall?

[tabita]

Hi all,

I want to use a nic in vlan aware mode to connect multiple phisical devices.
Below is my networking diagram.

vmbr0 and vmbr1 are working fine, i'm not able to configure vmbr2 (LAN in vlan aware mode).
This is my network interface:
auto vmbr0
iface vmbr0 inet static
address 192.168.1.10/24
gateway 192.168.1.254
bridge-ports nic0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
bridge-ports nic1
bridge-stp off
bridge-fd 0
#WAN

auto vmbr2
iface vmbr2 inet manual
bridge-ports nic2
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#LAN - vlan aware

What am i doing wrong?
I've tried to use tcpdump, the packets seems to be moving but when i assign VLANs i don't get the assigned networks via DHCP of the Opnsense firewall :/

I don't have any firewall rules enabled at proxmox level.

 

[janus57]

Hi,

Do you have different DHCP pools for vlan10/20/30 ?
On your L3 Switch the ip-helper/dhcp relay is correct ?

Best regards,

 

[tabita]

Hi,

yes, i have different DHCP pools for vlan10/20/30.
I've installed pfsense instead of opnsense and everything seem to be working correctly.
Maybe it was an issue on opnsense configuration side.

 

[nico1875p]

Since it works with pfSense, your Proxmox VLAN-aware bridge and trunk configuration are most likely correct.

On OPNsense, I’ve seen cases where traffic reaches the interface (visible in tcpdump), but you still get no reply, even with an “allow *” rule. This usually happens when:

• The interface is not properly assigned or enabled
• The WAN/LAN has no valid IP or gateway
• “Block private networks” is enabled during lab testing (RFC1918)
• VLANs are created on the wrong parent interface
• Asymmetric routing
• Automatic reply-to on WAN rules (policy routing behavior)

In those cases, packets arrive but OPNsense does not generate any reply.