rpi4 openwrt converting to proxmox opnsense

[houseofrahl]

so with that in mind, do i simply create the vlans i want inside opnsense and then connect a managed switch that understands them?

 

[Dunuin]

so with that in mind, do i simply create the vlans i want inside opnsense and then connect a managed switch that understands them?

Yes. Only if you want your PVE host to have a IP in those subnets too (you usually don't want) you would need to add vlan interfaces to the PVEs config.

 

[houseofrahl]

would i just create auto vmbr0.10 manual no ip?

 

[Dunuin]

would i just create auto vmbr0.10 manual no ip?

Like said, you don't have to for VMs/LXCs to be able to use VLANs. You would only use that in case you want PVE to have an IP in that VLAN too and then you would set a static IP there and not "manual". PVE having an IP in the VLAN is only needed if you want it to be managed via API/webUI/SSH from that VLAN or if you have some other reason the PVE host needs to communicate (like external monitoring, mounting a SMB/NFS share from a NAS on that VLAN and so on).

 

[houseofrahl]

i misunderstood, i think i understand.

if i want to access the pve from the vlan, i would add it to proxmox networking, but if i want it to just go to the switch, i dont need to.
i have my vlans created, still trying to get them to flow through to the switch

 

[Dunuin]

if i want to access the pve from the vlan, i would add it to proxmox networking, but if i want it to just go to the switch, i dont need to.

Correct.

 

[houseofrahl]

id like to thank you again! with your help i was able to get everything up and running, turns out i had to enable some firewall rules on the vlan in opnsense to get it going, (learning 2 softwares at once is a pain)

now that i have vlan 10 operational, in theory i should be able to move my management ip to the vlan like discussed originally? but it doesnt sound like its necessary, especially if i keep the lan active?

 

[Dunuin]

now that i have vlan 10 operational, in theory i should be able to move my management ip to the vlan like discussed originally? but it doesnt sound like its necessary, especially if i keep the lan active?

Not sure how your VLANs/trunking look like meanwhile.

 

[houseofrahl]

i can show you how the openwrt config that im using as a vlan passing switch

basically its setup to pass whatever vlan i add an interface for. i think i can add my regular lan in here as well and then give it a 192.168.40.2 address (in theory)

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'
        list ports 'eth4'

config interface 'vlan10'
        option device 'br-lan.10'
        option proto 'static'
        option ipaddr '192.168.10.2'
        option netmask '255.255.255.0'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'eth0:t'
        list ports 'eth1:u*'

config interface 'vlan100'
        option device 'br-lan.100'
        option proto 'none'

config bridge-vlan
        option device 'br-lan'
        option vlan '100'
        list ports 'eth0:t'
        list ports 'eth2:u*'

config interface 'vlan101'
        option device 'br-lan.101'
        option proto 'none'

config bridge-vlan
        option device 'br-lan'
        option vlan '101'
        list ports 'eth0:t'
        list ports 'eth3:u*'

config interface 'vlan102'
        option device 'br-lan.102'
        option proto 'none'

config bridge-vlan
        option device 'br-lan'
        option vlan '102'
        list ports 'eth0:t'
        list ports 'eth4:u*'