Proxmox SDN VXLAN – Internal communication works but no external access from client

[Ismo]

Hello everyone,

I am working on a Proxmox lab using SDN (VXLAN) with a 3-node cluster, and I am facing an issue regarding external access to the SDN network.

Setup:

• 3 Proxmox nodes (cluster)
• VXLAN SDN network: 10.200.0.0/24
• VMs inside the SDN can communicate with each other across nodes (ping works correctly)

Additional configuration:

Initially, there was no internet access in my lab, so I created a simple SDN network (VnetOut) with a gateway.

Now:

• VMs have internet access via VnetOut
• VXLAN SDN still works internally (VM ↔ VM)

Current issue:
I cannot access the VXLAN SDN network (10.200.x.x) from my external PC:

• No ping
• No RDP
• No connectivity at all

Physical setup:

• Unmanaged (offline) switch
• Connected to all nodes
• Also connected to my PC
• Currently used with VLAN 70 (camera network

What I tried:

• Adding additional NICs to VMs
• Using a bridge (vmbr2) connected to the physical interface
• Assigning an IP in the same subnet (10.200.x.x) on my PC
• Trying VLAN tagging on SDN (not allowed – error: vm vlans are not allowed on vnet)

Goal:
I want my external client (PC) to connect to a management server VM using the SDN VXLAN network (10.200.x.x).

Constraints:

• No managed switch (only unmanaged switch available)
• Limited physical interfaces
• Prefer not to use NAT or a router VM
• Want to keep proper separation between SDN, camera network, and management access

Question:
Is it possible to expose or extend a Proxmox SDN VXLAN network to a physical network so that an external client can access it directly

Or is the correct approach to:

use an additional NIC (separate VLAN) for client access,

• and keep SDN strictly internal?

Any guidance or best practices would be greatly appreciated.

Thank you!

 

[cassandrander]

Hello everyone,

I am working on a Proxmox lab using SDN (VXLAN) with a 3-node cluster, and I am facing an issue regarding external access to the SDN network.

Setup:

• 3 Proxmox nodes (cluster)
• VXLAN SDN network: 10.200.0.0/24
• VMs inside the SDN can communicate with each other across nodes (ping works correctly)

Additional configuration:

Initially, there was no internet access in my lab, so I created a simple SDN network (VnetOut) with a gateway.

Now:

• VMs have internet access via VnetOut
• VXLAN SDN still works internally (VM ↔ VM)

Current issue:
I cannot access the VXLAN SDN network (10.200.x.x) from my external PC:

• No ping
• No RDP
• No connectivity at all

Physical setup:

• Unmanaged (offline) switch
• Connected to all nodes
• Also connected to my PC
• Currently used with VLAN 70 (camera network

What I tried:

• Adding additional NICs to VMs
• Using a bridge (vmbr2) connected to the physical interface
• Assigning an IP in the same subnet (10.200.x.x) on my PC
• Trying VLAN tagging on SDN (not allowed – error: vm vlans are not allowed on vnet)

Goal:
I want my external client (PC) to connect to a management server VM using the SDN VXLAN network (10.200.x.x).

Constraints:

• No managed switch (only unmanaged switch available)
• Limited physical interfaces
• Prefer not to use NAT or a router VM
• Want to keep proper separation between SDN, camera network, and management access

Question:
Is it possible to expose or extend a Proxmox SDN VXLAN network to a physical network so that an external client can access it directly

Or is the correct approach to: geometry dash

use an additional NIC (separate VLAN) for client access,

• and keep SDN strictly internal?

Any guidance or best practices would be greatly appreciated.

Thank you!

No, you cannot directly expose a Proxmox VXLAN SDN network (10.200.x.x) to a physical network using an unmanaged switch. VXLAN is an overlay network that exists only between Proxmox nodes, so your PC is not part of it even if you use the same IP range. I think you should:

• Keep VXLAN internal
• Add a router or dual-homed VM/host that connects:
• VXLAN (10.200.0.0/24)
• your physical LAN
• Then route traffic (no NAT required)