Single NIC Proxmox and Pfsense

J

Jez2022

New Member
Nov 4, 2022
8
1
1
I currently have pfsense running virtualised in proxmox. The computer running proxmox has two physcial nics. One nic (A) i use for proxmox manaement. The other nic (B) provides the WAN and the LAN. The WAN is on a vlan (the LAN is not).

What I would like to do is move the proxmox management nic (A) to a vlan under nic (B). However, I cannot seem to do this. For example, I have tried creating a new vlan/vmbr under nic B and moving the proxmox ip onto that vlan/vmbr (leaving the gateway the same) and enabling vlan awareness in vmbr definition etc. When that didn't work I tried doing much the same but via vlan's managed by pfsense itself. No matter what I try though it won't work. All that happens is that I lose networking entirely.

I would be grateful if someone could explain to me what I am misunderstanding. For example, perhaps there is some reason why I need separate physical nics for proxmox and pfsense networking. I didn't think so (as vlan's seemed to be able to do the job in conjunction with a correctly set up layer 3 switch) but perhaps I am wrong. If it is not possible for some reason I would be really interested to understand the reason. I am not a network specialist, just a normal IT savvy person.

I fully appreciate I can do this through multiple physical nics - i do this at the moment. However, I don't want to continue using multiple nics on the computer itself. My preference is to use a computer with one nic and vlans and let a layer 3 switch divvy out the vlans. So grateful if the advice could focus on the problem above, rather than suggesting I use multiple physical ports on the computer. As I say above, if there is some requirement for that to be the case though, I would be very grateful if someone could point me to the underlying reason for this (perhaps it's to with vlan and mac addresses or something).

Ultimately, if it is possible to do this all via just one physical nic on the computer hosting proxmox and pfsense then I'd be grateful for confirmation of the fact. I could then spend more time myself trying to sort it out. I have just spent so many hours failing, I am now wondering if there is something fundamental I've missed.

Many thanks
Jeremy
 
Last edited:
if you have a vlan capable switch, you could use the second nic as trunk to switch (untagged) via vlan aware linux/ovfs bridge.
on the switch tag the ports for wan and lan. in pfsense create according vlans and assign your wan and lan interfaces to them.
 
I'm not sure I see what you gain by having the Proxmox management on a dedicated NIC especially when you could make life easier for yourself when it comes to running pfSense on the system. It is possible to run on pfSense on a single NIC but you do then need a VLAN capable switch and you need to have the VLAN networking setup on your host.
 
bobmc said:
I'm not sure I see what you gain by having the Proxmox management on a dedicated NIC especially when you could make life easier for yourself when it comes to running pfSense on the system. It is possible to run on pfSense on a single NIC but you do then need a VLAN capable switch and you need to have the VLAN networking setup on your host.
Click to expand...
Sigh. I literally say this in the post.
 
@Jez2022 yep, again, you can do what you request. a bit complicated, but absolutely worth it.

one single physical nic to your vlan capable (and preconfigured) switch _trunk_ port (untagged). on proxmox host side you tick the "vlan aware" option on your VMBR0 (Linux Bridge), then for management you create a Linux VLAN with name vmbr0.xxx (xxx is your management VLAN ID).
everything else you can do the same way, but your pf/opnsense VM must have only one vNIC bound to VMBR0 _untagged_, then you create in your pfsense according vlans and assign interfaces.
 
  • Like
Reactions: Jez2022
for your initial configuration you eiher keep your first physical nic unchanged (so in management vlan tagged on switch) or you have console access to your host (i.e. remote management ilo/idrac/ipmi, physical display and keyboard...) or be careful at applying network changes, so you don't lockout your self from host.
also i would better suggest to create a new linux bridge, vmbr1, for your vlan aware trunk
 
Last edited:
flames said:
if you have a vlan capable switch, you could use the second nic as trunk to switch (untagged) via vlan aware linux/ovfs bridge.
on the switch tag the ports for wan and lan. in pfsense create according vlans and assign your wan and lan interfaces to them.
Click to expand...
flames said:
@Jez2022 yep, again, you can do what you request. a bit complicated, but absolutely worth it.

one single physical nic to your vlan capable (and preconfigured) switch _trunk_ port (untagged). on proxmox host side you tick the "vlan aware" option on your VMBR0 (Linux Bridge), then for management you create a Linux VLAN with name vmbr0.xxx (xxx is your management VLAN ID).
everything else you can do the same way, but your pf/opnsense VM must have only one vNIC bound to VMBR0 _untagged_, then you create in your pfsense according vlans and assign interfaces.
Click to expand...
Thanks for the confirmation. This is how I expected it to work so I will try again with this set up exactly. Thank you! Will report back. Will take me a day or two.
 
flames said:
for your initial configuration you eiher keep your first physical nic unchanged (so in management vlan tagged on switch) or you have console access to your host (i.e. remote management ilo/idrac/ipmi, physical display and keyboard...) or be careful at applying network changes, so you don't lockout your self from host.
also i would better suggest to create a new linux bridge, vmbr1, for your vlan aware trunk
Click to expand...
Yep. Nervousness about locking myself out has meant I’ve been really cautious. I think I’m getting bolder though as i am now happy altering the interfaces file directly on the server (a nuc). Thanks for the pointer though, it is hugely important!
 
Hi, I just thought I would post to confirm that I did as Flames suggested and within about 1min got the whole thing working. I have no idea why it didn't previously, as I tried that set-up first. I think I may have needed to restart the switch, or perhaps I just did something wrong. In any case, the whole thing works fine now. Thanks Flames.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom