Quick Description:
I have a Deciso DEC740 that I have set up two trunk ports. This setup works fine.
I am trying to add another OPNSense firewall for an HA setup. It is virtual via Proxmox. I am having issues getting traffic to pass the trunk here.
Details:
Each firewall will have 3 connections, Outside, Inside, and Opt1.
I will use Opt1 here for the rest of the descriptions.
The layout is pretty flat. Outside ---- Firewalls --- L2 Switch
No fancy routing on any of the firewalls, except for Outside.
Opt1 on both firewalls is physically connected to a UniFi Layer 2 switch. (Virtual connected to E0/8, DEC740 connected to e0/9)
Both are using the same port profile that allows vlan 28, 29, 35, and 38. No untagged vlan is defined.
VLAN 28 Example: On the DEC, I have vlan28 (Interfaces, Other, VLAN, named vlan0.2.28 and attached to igb1 interface)
This works IP is set to 192.168.28.2 (And has a carp address of .1)
Beautiful
For the virtual, the interface is defined in proxmox at the host level enp2s0f0np0. I have a bridge (vmbr2) that has vlan aware checked. I attached vmbr2 to the guest, as "net2/vtnet2", VIRTIO, no vlan tag, and I edited the interface to be "trunks=28;29;35;38"
I have vlan28 (Interfaces, Other, VLAN, named vlan0.2.28 and attached to vtnet2 interface)
IP is set to 192.168.28.3, and I have not defined carp yet.
In the OPNSense firewall ruleset for the interface for vlan 28, I have IP Any Any > Pass defined. Firewall is not enabled in Proxmox.
I cannot get arp across the interface. Can anyone tell me what I am missing?
I have a Deciso DEC740 that I have set up two trunk ports. This setup works fine.
I am trying to add another OPNSense firewall for an HA setup. It is virtual via Proxmox. I am having issues getting traffic to pass the trunk here.
Details:
Each firewall will have 3 connections, Outside, Inside, and Opt1.
I will use Opt1 here for the rest of the descriptions.
The layout is pretty flat. Outside ---- Firewalls --- L2 Switch
No fancy routing on any of the firewalls, except for Outside.
Opt1 on both firewalls is physically connected to a UniFi Layer 2 switch. (Virtual connected to E0/8, DEC740 connected to e0/9)
Both are using the same port profile that allows vlan 28, 29, 35, and 38. No untagged vlan is defined.
VLAN 28 Example: On the DEC, I have vlan28 (Interfaces, Other, VLAN, named vlan0.2.28 and attached to igb1 interface)
This works IP is set to 192.168.28.2 (And has a carp address of .1)
Beautiful
For the virtual, the interface is defined in proxmox at the host level enp2s0f0np0. I have a bridge (vmbr2) that has vlan aware checked. I attached vmbr2 to the guest, as "net2/vtnet2", VIRTIO, no vlan tag, and I edited the interface to be "trunks=28;29;35;38"
I have vlan28 (Interfaces, Other, VLAN, named vlan0.2.28 and attached to vtnet2 interface)
IP is set to 192.168.28.3, and I have not defined carp yet.
In the OPNSense firewall ruleset for the interface for vlan 28, I have IP Any Any > Pass defined. Firewall is not enabled in Proxmox.
I cannot get arp across the interface. Can anyone tell me what I am missing?
Last edited: