Proxmox Server with pfSense and other VMs wtih VLANs and OpenWRT Router

[SiddhartaGautama]

I'm new to networking. I think I understand what I want though but not all the details and certainly not all the configuration on my OpenWRT Router, Proxmox nor pfSense.

What I want is six VLANs:
MainLAN: PFSense, Home Assistant, Frigate and Main Computer (Ethernet)
HomeLAN: Main Wifi
WorkLAN: Wifi for work compputers
GuestLAN: Wifi for Guests
IoTLAN: Wifi for IoT Devices (not connected to Proxmox server)
CameraLAN: no internet connection, for Wifi cameras and should be able to be stored to proxmox server Frigate VM on MainLAN

My Proxmox server only has a single Ethernet port connected to my OpenWRT Router. I've created 7 VLANs on my OpenWRT Router.
VLAN 1: 192.168.1.0/24 Interface: MainLAN Devices: eth0.1.Main
VLAN 2: 192.168.2.0/24 Interface: HomeLAN Devices: eth0.2.Home
VLAN 3: 192.168.3.0/24 Interface: WorkLAN Devices: eth0.3.Work
VLAN 4: 192.168.4.0/24 Interface: GuestLAN Devices: eth0.4.Guest
VLAN 5: 192.168.5.0/24 Interface: IoTLAN Devices: eth0.5.IoT
VLAN 6: 192.168.6.0/24 Interface: CamLAN Devices: eth0.6.Cam
VLAN 10: 192.168.10.0/24 Interface: PFSenseWAN Devices: eth0.10.PFSense

I created VLAN 10 for WAN for pfSense. The other ones should have pfSense as Gateway, right? Not sure.

Also how would I go about setting this up in Proxmox and pfSense, what would your solution be? Or should I just put pfSense infront of my Router, but wouldn't that also put my other VMs infront of the router too? Not sure how it works.

Router: Asus TUF AX4200
Server: Optiplex with 16 gb ram and 4 core i7-7700, 3 hdds

Thanks,
Siddharta

 

[louie1961]

I guess the first question is why are you setting up OpenWRT AND pfSense? What is it you are trying to accomplish by doing this? If you are new to networking this is a very complicated set up to learn on. A lot of my response depends on what you are trying to do. Running a virtual instance of pfSense is going to be easier if you have 2 extra NIC interfaces that you could pass through to pfSense. Then you can treat it almost like another physical device. You don't mention any switch? You may need some kind of managed switch between your Asus router and the the rest of your hardware if you are doing more than 4 wired devices.

Leaving the issue of pfSense aside for a moment, you need to make your vmbr0 on Proxmox VLAN aware. I have done that by editing /etc/network/interfaces as follows:

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092

auto vmbr0.100
iface vmbr0.100 inet static
address 10.10.100.2/24
gateway 10.10.100.1

This way, any VM I spin up can be on any of my VLANs, I just have to specify the VLAN when I create the VM. VLAN 100 is my management interface for Proxmox. None of my VMs go on that VLAN. I do all of my routing and fire wall rules with pfSense. I don't really use the firewall in pfSense. My situation is a bit different from yours in that I run pfSense on bare metal in a mini PC, then I have a managed switch connected to the pfSense, and my wireless access point (and everything else) connects to the switch.