Hi,
I have installed two Proxmox nodes set up as a cluster. I also set up SND with 2 VNETs on a VXLAN zone.
On each node I set up an OPNSense firewall with three network interfaces, two of them on different VNETs, and a third one directly on a Proxmox bridge interface not using SDN.
When I tried to set up high availability between the two firewalls to keep the configurations in sync, I found this would only work over the bridge interface and not on either of the SDN interfaces. I checked OPNsense's configuration and all 3 interfaces seem to be configured the same (different IP addresses obviously), firewall rules are all the same, allow all traffic. I can ping all interfaces, I can use the OPNSense web console over either interface.
This leads me to believe there might be some sort of restriction on the traffic allowed over SDN. As I understand. the synchronisation protocol used by the router is pfsync, which is neither UDP or TCP, but defined as IP protocol 212. Is it possible this might not be supported at this stage by Proxmox's SDN?
I would love to know if anyone was able to have OPNsense high availability working over a SDN VXLAN and whether there is anything special required on Proxmox to allow it.
Thank you in advance.
I have installed two Proxmox nodes set up as a cluster. I also set up SND with 2 VNETs on a VXLAN zone.
On each node I set up an OPNSense firewall with three network interfaces, two of them on different VNETs, and a third one directly on a Proxmox bridge interface not using SDN.
When I tried to set up high availability between the two firewalls to keep the configurations in sync, I found this would only work over the bridge interface and not on either of the SDN interfaces. I checked OPNsense's configuration and all 3 interfaces seem to be configured the same (different IP addresses obviously), firewall rules are all the same, allow all traffic. I can ping all interfaces, I can use the OPNSense web console over either interface.
This leads me to believe there might be some sort of restriction on the traffic allowed over SDN. As I understand. the synchronisation protocol used by the router is pfsync, which is neither UDP or TCP, but defined as IP protocol 212. Is it possible this might not be supported at this stage by Proxmox's SDN?
I would love to know if anyone was able to have OPNsense high availability working over a SDN VXLAN and whether there is anything special required on Proxmox to allow it.
Thank you in advance.
