VMs not reachable in LAN and Proxmox Shell

[Stefan Günther]

Hello,
we are running Proxmox VE 5.3-5 on an HP Server with two NICS:

- vmbr0, 192.168.0.30/24
- vmbr1, 192.168.168.2/24

One of the vms is a OPNSense installation with two nics:

- net0, 192.168.0.50/24, C6:24:9D:95:36:A2, bridge=vmbr0
- net1, 192.168.168.3/24, 96:6F:0D:6B:C8:4F, brdige=vmbr1

192.168.0.0/24 is the local network and I'm able to access the Proxmox web interface. But it is not possible to reach 192.168.0.50 (via ping, ssh, http, https), neither from the lan, nor from the Proxmox shell. It is also not possible to reach any other device from the shell of the virtual machine. I have already deactivate all firewall settings, but since I'm a Proxmox newbie, I have no idea what to do next.
The vm has been accessible a couple of days, then suddenly (after installing updates?) it became inaccessible. I have already restarted the vm and the host.

Thanks for any suggestions or hints.

Regards,

Stefan

 

[Stoiko Ivanov]

net1, 192.168.168.3/24, 96:6F:0D:6B:C8:4F, brdige=vmbr1

that should read bridge (not brdige) - but I guess that's just a typo and unrelated...

could you please post the `/etc/network/interfaces` of your PVE, and the VM-config of teh OPNSense?

 

[Stefan Günther]

/etc/network/interfaces:

auto lo
iface lo inet loopback

iface enp3s4f0 inet manual

iface enp3s4f1 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.0.30
netmask 255.255.255.0
gateway 192.168.0.4
bridge-ports enp3s4f0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.168.2
netmask 255.255.255.0
bridge-ports enp3s4f1
bridge-stp off
bridge-fd 0​

/etc/pve/nodes/proxmox/qemu-server/100.conf

bootdisk: scsi0
cores: 1
memory: 12288
name: OPNSense
net0: virtio=C6:24:9D:95:36:A2,bridge=vmbr0
net1: e1000=96:6F:0D:6B:C8:4F,bridge=vmbr1
numa: 0
onboot: 1
ostype: l26
scsi0: local-lvm:vm-100-disk-0,size=50G
scsihw: virtio-scsi-pci
smbios1: uuid=98999748-d6ac-4353-a37a-bc464f857ab8
sockets: 2
vmgenid: 2d615d96-01f8-40cd-b6a0-88c165341dc9
​

Thanks for your help,

Stefan

 

[Stefan Günther]

Hi,
I just installed a new VM (Ubuntu 18.04.) and it is accessible via SSH on the LAN.

Stefan

 

[Stoiko Ivanov]

The config looks ok from the proxmox side - and I see no reason, why the opnsense should not be accessible...

Sadly I don't have too much experience with OPNSense - but afaik it has FreeBSD as its base - should you have access to it's shell - the output of:
* `ifconfig -a`
* `netstat -rn`
* `arp -an`

* Else your net0 in the vm (afais the one you can't reach) is a virtio-device and net1 is a e1000 - while unlikely you could try to change the NIC-type to e1000 as well? (FreeBSD should have fitting drivers build-in for virtio-nics since 10.0-RELEASE afair).

 

[Stefan Günther]

I made some progress:

192.168.0.10 is a server running on metal, while 192.168.0.50 is the VM.

On the server I started tcpdump:

tcpdump -i eth3 -n -v host 192.168.0.50

And when I started to ping 192.168.0.10 from within the VM, tcpdump produced the following output:

18:57:04.417203 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.10 tell 192.168.0.50, length 46
18:57:04.417242 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.0.10 is-at 00:24:21:54:e9:47, length 28

But the result in the VM was:

ping: sendto: Host is down

I hope someone of the network gurus may find this hint helpful.

Regards,

Stefan

 

[Stoiko Ivanov]

AFAIR there were some settings you should change when running in a virtualized environment (disable offloading) - see e.g. https://wiki.opnsense.org/manual/virtuals.html

Also does the guest see the ARP packets as well?