VLANs on WAN interface

[recycled_bin]

Hi!

I'm struggling to figure out how to setup networks (incl. VMs) in the following scenario:

I have a test Proxmox (latest) machine with a single NIC (eno1) which will use pfSense VM (latest) as a router.
There are 2 VLANs on the WAN port - one with the internet (IP1/MASK1/GW1) and one with voice (IP2/MASK2/GW2).
There's a single VM which will use the SIP trunk but there should be static route for the voice.

I have vmbr0 assigned to eno1 (VLAN-aware) and vmbr1/vmbr2 to two different internal LANs

I've created the first VLAN as vmbr0.1 assigned to eno1 using IP1/MASK1/GW1
However, I can't create the second VLAN as it does not allow me to assign a different default gateway

Is there something fundamental that I'm missing and how should I address it?


Thanks in advance!

Best Regards!

 

[jlebherz]

Hey,

the way you created vmbr0 war right,
but why did you create vmbr0.1?
remove that bridge!

just go to the vm Config, assign vmbr0 and choose the vlan tag.

if it doesnt work, we need some more Information
- /etc/network/interfaces of the host Machine
- /etc/pve/qemu-server/<VMID>.conf
- the Config inside the VM

 

[recycled_bin]

Ah, I think I got the idea ... so, if I have, say:

vmbr0 - WAN (VLAN-aware)
vmbr1 - LAN1
vmbr2 - LAN2

the only thing I would need for my Asterisk VM is to assign 2 vNIC devices:
- vmbr0 (choose the VLAN tag and will configure IP2/MASK2/GW2 in the guest OS)
- vmbrX (internal LAN where it will be visible by the PBX - yes, I'll use two VMs so that PBX is not directly visible to world because they tend to have more security issues)

Thanks, I will try this config tomorrow!

Best Regards!

 

[recycled_bin]

Actually, is going to be possible if I create vmbr0.2 with IP2/MASK2 without specifying a gateway but manually adding to /etc/network/interfaces (for this VLAN):
post-up /usr/sbin/ip route add ... GW1 ...

and if it works, does it matter in terms of performance or manageability (as I mentioned, will control everything with a pfSense VM)?

 

[jlebherz]

Do it like described here in the #3 post!

Host
vmbr0 - WAN (VLAN-aware)
vmbr1 - LAN1
vmbr2 - LAN2

Asterisk VM
eth0 => vmbr0 VLAN 2
eth1 => vmbr1

PBX
eth0 => vmbr1

so your Asterisk can connect to the SIP.Trunk through vmbr0 VLAN 2 and your PBX can connect to your Asterisk directly via vmbr1