Hello everyone,
I've been battling with this setup for quite some time now, and I really need some guidance. Here’s my current setup:
The issue:
However, I can’t seem to get any internet access on my LAN network. Here’s what I’ve tried:
If anyone could provide some insights, particularly on the correct DNS settings for both Proxmox and OPNsense, and advice on how to regain internet access for my LAN, I’d greatly appreciate it. I'm at the end of my wits. At this point I'm not even sure if I should set any DNS on proxmox directly.
I'm using `vmbr0` as main WAN proxmox bridge.
Standard logs:
I've been battling with this setup for quite some time now, and I really need some guidance. Here’s my current setup:
- ISP Router: In Bridge mode, linked to my Proxmox machine on the enp4s0 interface, marked as WAN in OPNsense.
- Proxmox: Hosting OPNsense as a VM.
- OPNsense: Managing the LAN network on the enp2s0 interface.
- I've successfully set up a DHCP server and a subnet for my LAN (on enp2s0) with the LAN interface set to 10.0.0.1/12.
- All my locally connected devices are recognized perfectly, which is great.
The issue:
However, I can’t seem to get any internet access on my LAN network. Here’s what I’ve tried:
- Unbound DNS configuration:
- I’ve experimented with different Unbound configurations. At one point, I managed to get it working, but the response times were incredibly slow, and I had to refresh websites multiple times to get them to load.
- I then tweaked some settings, and everything worked fine until I rebooted. After the restart, I lost all internet access again.
- Current problems:
- I’m unsure what DNS settings I should be using in Proxmox itself.
- I’m unclear on how to properly configure DNS in OPNsense, especially since I plan to add Pi-hole/AdGuard later on.
- Most critically, I’m completely stuck on how to restore internet access to my LAN network. I can't even ping 8.8.8.8 from my WAN interface anymore.
If anyone could provide some insights, particularly on the correct DNS settings for both Proxmox and OPNsense, and advice on how to regain internet access for my LAN, I’d greatly appreciate it. I'm at the end of my wits. At this point I'm not even sure if I should set any DNS on proxmox directly.
I'm using `vmbr0` as main WAN proxmox bridge.
Standard logs:
Code:
root@gatekeeper:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr4 state UP group default qlen 1000
link/ether 64:62:66:22:9f:7b brd ff:ff:ff:ff:ff:ff
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
link/ether 64:62:66:22:9f:7c brd ff:ff:ff:ff:ff:ff
4: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq master vmbr2 state DOWN group default qlen 1000
link/ether 64:62:66:22:9f:7d brd ff:ff:ff:ff:ff:ff
5: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether 64:62:66:22:9f:7e brd ff:ff:ff:ff:ff:ff
6: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 64:62:66:22:9f:7e brd ff:ff:ff:ff:ff:ff
inet6 fdc2:7ec4:504d:6700:6662:66ff:fe22:9f7e/64 scope global dynamic mngtmpaddr
valid_lft 7198sec preferred_lft 3598sec
inet6 fe80::6662:66ff:fe22:9f7e/64 scope link
valid_lft forever preferred_lft forever
7: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 64:62:66:22:9f:7d brd ff:ff:ff:ff:ff:ff
inet6 fe80::6662:66ff:fe22:9f7d/64 scope link
valid_lft forever preferred_lft forever
8: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 64:62:66:22:9f:7c brd ff:ff:ff:ff:ff:ff
inet6 fdc1:45d:d77:2c1d:6662:66ff:fe22:9f7c/64 scope global dynamic mngtmpaddr
valid_lft 1756sec preferred_lft 1756sec
inet6 fe80::6662:66ff:fe22:9f7c/64 scope link
valid_lft forever preferred_lft forever
9: vmbr4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 64:62:66:22:9f:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 scope global vmbr4
valid_lft forever preferred_lft forever
inet6 fe80::6662:66ff:fe22:9f7b/64 scope link
valid_lft forever preferred_lft forever
90: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master fwbr100i0 state UNKNOWN group default qlen 1000
link/ether 0a:89:fc:da:d2:12 brd ff:ff:ff:ff:ff:ff
91: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 82:ba:3f:37:8a:67 brd ff:ff:ff:ff:ff:ff
92: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
link/ether 96:c1:72:fc:05:de brd ff:ff:ff:ff:ff:ff
93: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
link/ether 82:ba:3f:37:8a:67 brd ff:ff:ff:ff:ff:ff
94: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master fwbr100i1 state UNKNOWN group default qlen 1000
link/ether 16:26:26:1d:77:bd brd ff:ff:ff:ff:ff:ff
95: fwbr100i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 16:c0:97:89:6a:16 brd ff:ff:ff:ff:ff:ff
96: fwpr100p1@fwln100i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
link/ether ea:94:2c:50:87:d5 brd ff:ff:ff:ff:ff:ff
97: fwln100i1@fwpr100p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i1 state UP group default qlen 1000
link/ether 16:c0:97:89:6a:16 brd ff:ff:ff:ff:ff:ff
98: tap100i2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master fwbr100i2 state UNKNOWN group default qlen 1000
link/ether f2:0f:bf:10:cf:12 brd ff:ff:ff:ff:ff:ff
99: fwbr100i2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a2:ec:80:1f:b7:56 brd ff:ff:ff:ff:ff:ff
100: fwpr100p2@fwln100i2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr2 state UP group default qlen 1000
link/ether d2:f5:e0:50:66:8c brd ff:ff:ff:ff:ff:ff
101: fwln100i2@fwpr100p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i2 state UP group default qlen 1000
link/ether a2:ec:80:1f:b7:56 brd ff:ff:ff:ff:ff:ff
102: tap100i3: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master fwbr100i3 state UNKNOWN group default qlen 1000
link/ether 96:48:67:fb:be:cc brd ff:ff:ff:ff:ff:ff
103: fwbr100i3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 2e:52:15:c8:0f:6a brd ff:ff:ff:ff:ff:ff
104: fwpr100p3@fwln100i3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr4 state UP group default qlen 1000
link/ether 86:eb:85:64:82:59 brd ff:ff:ff:ff:ff:ff
105: fwln100i3@fwpr100p3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i3 state UP group default qlen 1000
link/ether 2e:52:15:c8:0f:6a brd ff:ff:ff:ff:ff:ff
root@gatekeeper:~#
root@gatekeeper:~# ping -I enp4s0 8.8.8.8
ping: Warning: source address might be selected on device other than: enp4s0
PING 8.8.8.8 (8.8.8.8) from 192.168.100.1 enp4s0: 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4115ms
Last edited: