Proxmox VE with OPNSense, WireGuard and one single NIC

[wolkenschaufler]

Hi,

i want to have the following configuration:

www -> vmbr0 -> WAN -> OPNSense -> vmbr1 (LAN_SERVER) -> Proxmox VE
                                -> vmbr2 (LAN_VM) -> multiple VMs

To access the Proxmox VE configuration site, i want to use WireGuard to get into the net LAN_SERVER.

My current state is:
OPNSense + Wireguard is running with the WAN-Port on vmbr0. PVE is also running with i another ip and is also acessable via vmbr0. This is what my /etc/network/interfaces looks like:

auto lo
iface lo inet loopback

iface enp7s0f0 inet manual

iface enp4s0 inet manual

iface enp7s0f1 inet manual

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports enp7s0f0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        bridge-vids 2-4094

auto vmbr2
iface vmbr2 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        bridge-vids 2-4094

Is my configuration above possible?

Thanks for your help!

BW

 

[aaron]

Building something like this is surely possible. But when building something this complicated you should also consider possible failures in that stack and how to deal with them.

What if the OPNSense VM has a problem and does not route the traffic to the LAN Server anymore? How can you access the PVE node directly to see what is going on and fix it?