Hello everyone,
This is just another ESXi runner here — hoping someone can help out with a networking issue on Proxmox VE.
Main Problem:
I have an OpnSense firewall VM connected to a trunk bridge (with VLAN interfaces configured inside the VM), and it's unable to communicate with another VM that's connected to a bridge with a specific VLAN tag.
Details:
My Setup:
Other interfaces removed on purpose,
---
iface eno3np2 inet manual
#NIC 3
iface eno4np3 inet manual
#NIC 4
auto bond2
iface bond2 inet manual
bond-slaves eno3np2 eno4np3
bond-miimon 100
bond-mode active-backup
bond-primary eno3np2
bond-lacp-rate fast
bond-min-links 1
#Internal Interface
auto bond2.010
iface bond2.010 inet static
address 10.10.10.21/24
#Vlan10 (Corosync)
auto bond2.020
iface bond2.020 inet static
address 10.10.20.21/24
#Vlan20 (ZFS replication)
iface bond2.030 inet manual
#Vlan30 (Backups)
iface bond2.040 inet manual
#Vlan40 (Management)
iface bond2.050 inet manual
#Vlan50 (Firewall HA)
iface bond2.100 inet manual
#Vlan100 (Services Servers)
auto vSw2
iface vSw2 inet manual
bridge-ports bond2
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 30 40 100
bridge-pvid 1
#Trunk Connectivity
auto vSw2_v030
iface vSw2_v030 inet static
address 10.10.30.21/24
bridge-ports bond2.030
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 30
#Veeam Backup & Replication Net
auto vSw2_v040
iface vSw2_v040 inet static
address 10.10.40.21/24
bridge-ports bond2.040
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 40
brdige-stp off
brdige-fd 0
#Proxmox Management Net
auto vSw2_v050
iface vSw2_v050 inet manual
bridge-ports bond2.050
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 50
brdige-stp off
#OPNsense HA Sync Net
auto vSw2_v100
iface vSw2_v100 inet manual
bridge-ports bond2.100
bridge-stp off
bridge-fd 0
#Services Servers Net
This is just another ESXi runner here — hoping someone can help out with a networking issue on Proxmox VE.
Main Problem:
I have an OpnSense firewall VM connected to a trunk bridge (with VLAN interfaces configured inside the VM), and it's unable to communicate with another VM that's connected to a bridge with a specific VLAN tag.
Details:
- VM1 (connected to net2@vSw2, trunk port) cannot communicate with VMs connected to net@vSw2_v040 (access VLAN 40).
- VMs on vSw2_v040 can communicate with each other without issues.
- These VMs can also ping the Proxmox host's IP on vSw2_040.
- However, Proxmox cannot communicate with VM1 on VLAN 40.
- I could have the VM1 connected with a virtual interface to each vSw2_xxx, but the idea is to avoid to add interfaces to the Firewalls every time a new vlan is added)
My Setup:
- Two Proxmox VE 9 nodes, each with 4 network ports.
- Two ports on each server are used for direct back-to-back connections between the nodes (no physical switch in between).
- Network bonding is configured between nodes. (I tried Active/Backup and balance-xor with the same result)
- Multiple bridges are set up for different VLANs using bond.xxx subinterfaces.
- I've included the contents of /etc/network/interfaces below for reference.
Other interfaces removed on purpose,
---
iface eno3np2 inet manual
#NIC 3
iface eno4np3 inet manual
#NIC 4
auto bond2
iface bond2 inet manual
bond-slaves eno3np2 eno4np3
bond-miimon 100
bond-mode active-backup
bond-primary eno3np2
bond-lacp-rate fast
bond-min-links 1
#Internal Interface
auto bond2.010
iface bond2.010 inet static
address 10.10.10.21/24
#Vlan10 (Corosync)
auto bond2.020
iface bond2.020 inet static
address 10.10.20.21/24
#Vlan20 (ZFS replication)
iface bond2.030 inet manual
#Vlan30 (Backups)
iface bond2.040 inet manual
#Vlan40 (Management)
iface bond2.050 inet manual
#Vlan50 (Firewall HA)
iface bond2.100 inet manual
#Vlan100 (Services Servers)
auto vSw2
iface vSw2 inet manual
bridge-ports bond2
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 30 40 100
bridge-pvid 1
#Trunk Connectivity
auto vSw2_v030
iface vSw2_v030 inet static
address 10.10.30.21/24
bridge-ports bond2.030
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 30
#Veeam Backup & Replication Net
auto vSw2_v040
iface vSw2_v040 inet static
address 10.10.40.21/24
bridge-ports bond2.040
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 40
brdige-stp off
brdige-fd 0
#Proxmox Management Net
auto vSw2_v050
iface vSw2_v050 inet manual
bridge-ports bond2.050
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 50
brdige-stp off
#OPNsense HA Sync Net
auto vSw2_v100
iface vSw2_v100 inet manual
bridge-ports bond2.100
bridge-stp off
bridge-fd 0
#Services Servers Net
Last edited: