[SOLVED] SDN VLAN communication with physical Network

[kylvan]

Hi there !

I am new here and on Promox. I search on the forum but I did not find anything that unstuck me from the current situation...

My Setup

• 1 Mini PC with only 1 NIC serving as Proxmox Host
• 1 manageable switch to work with VLAN and all the good stuff
• My ISP box that works as a NAT device to access the Internet. So, it provide private RFC 1918 addresses on the LAN side (at least it was, DHCP is disable, my Synology handle this role and DNS too)

I am currently trying to isolate my LAN from the ISP box behind an OPNSense VM on Proxmox and also be able to have multiple VLANs areas for dedicated usages (Wifi, Gaming Server, Guest, ...) all filtered and routed (if needed through the OPNSense VM).
I will also use the OPNSense VM to handle DNS and DHCP as well.

So far, I have no issue to have my LAN ( the one of the ISP box) communicating with VMs from SDN zones (Simple or VLAN) hosted on Promox through the OPNSense VM. Or having VM on these SDN zones communicating with resources on my current LAN.

The tricky part comes when I am switching my PC into VLAN 66 (my target LAN), it seems that it cannot communicate with the OPNSense VM (serving DHCP at least).

I checked VLAN-Aware on my vmbr0 interface as well as I checked the Trunk box on my switch to pass all the VLAN through my Proxmox box NIC.

I don't know if I need to do anything more on the Proxmox host Network interfaces configuration.
For me, since it is VLAN Aware and that we have defined at least one VLAN Zone and one subnet with the correct tag, I should be able to discuss with OPNSense VM on its LAN interface (same VLAN and Subnet than the computer)

I certainly missing something here, but I am not a Proxmox expert, and the fact that I only have 1 NIC complicate things a little bit.

Thanks for your support !

vmbr0



SDN Zone Vnet


OPNSense VM Network configuration

 

[kylvan]

I am wondering if I don't have to create a VLAN interface vmbr0.66 to fully enable the whole thing.. I will try.

 

[spirit]

I am wondering if I don't have to create a VLAN interface vmbr0.66 to fully enable the whole thing.. I will try.

no, you don't. (it's only if you want to add an ip for your proxmox host in this vlan).


you're setup is fine.

Are you sure that your physical switch port for proxmox is correctly in trunk mode and allow the vlan 66 ?

 

[kylvan]

Hi, thanks for you answer. I will double check that.

I reveived the switch yesterday Zyxel XMG1915-10EP. I never worked with that brand, so maybe there are some config aspects that I overlooked.

My computer port is the 4, so I choose to untag the VLAN and Proxmox box is 9 (where it is tagged).



Then on port 9 I activated Trunk. Port 4 should have PVID 66 but since I revert (and writing from my computer) I leave it to 1 until I test the config again.


I will check if there is anything more to do on Zyxel side and double check the LAN card capabilities

01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller (rev 05)

Thanks.

 

[kylvan]

Ok got it ! I had to go to VLAN1 configuration and check Forbidden on the port 4 column in order to avoid conflict between untagged VLAN.
Never worked that way for VLANs, but it is what it is.

Everything is working fine now, perfect

Thanks for confirming that my setup was the good one.

 

[kylvan]

Now I assume that if I want to be able to manage Proxmox from the VLAN66 I need to create a subinterface vmbr0.66 and set the corresponding IP ?
It seems that suninterface cannot have a gateway configured if it is done in the main vmbr0 interface.