[SOLVED] PVE Node mit 2 NICs und OPNsense VM

C

cmonty14

Well-Known Member
Mar 4, 2014
343
5
58
Hello,

my PVE node has 3 NICs, none is supporting PCI Passthrough.
One VM should run OPNsense as additional router in the lab.
My ISP provided a router incl. modem that does not support VLAN.
Port 4 of this router provides a guest LAN 192.168.179.0/24 that is logically separated from LAN.

eno1 of PVE node is connected to port 4 of the router, and enp4s0f0 + enp4s0f1 is connected with a managed switch using a trunk bond.
The WAN interface should be a static IP 192.168.179.10/24.

The network configuration of the PVE node has 2 network bridges defined:
Code: 
source /etc/network/interfaces.d/*


auto lo
iface lo inet loopback

iface eno1 inet manual
iface enp4s0f0 inet manual
iface enp4s0f1 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves enp4s0f0 enp4s0f1
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2+3
        mtu 9000
#bond0

auto vmbr0
iface vmbr0 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
        mtu 9000
        post-up ifconfig enp4s0f0 mtu 9000 && ifconfig enp4s0f1 mtu 9000
#vmbr0 (LAN+VLAN)

auto vmbr1
iface vmbr1 inet manual
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
#vmbr1 (WAN)

You can see that vmbr0 is the LAN interface of OPNsense, and vmbr1 is the WAN interface.

However I don't know if this is the correct configuration.
Should I use this for vmbr1 instead?
Code: 
auto vmbr1
iface vmbr1 inet static
        address 192.168.179.10/24
        gateway 192.168.179.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
#vmbr1 (WAN)

And how must I proceed to assign an IP for OPNsense WAN interface?

Can you please advise?

THX
 
Last edited:
You don't need to define an address at all, if you want all of the host's traffic go through the OPNSense VM, only a bridge without any further settings.
The address for OPNSense's WAN is then defined inside the VM. There you have to choose "static address", like you would do with any lan interface.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back