Setup:
Proxmox on a N100 with 4 NICs. 1 NIC (named vmbr0 in Proxmox) only internally used to connect to the Proxmox host. Opnsense running as VM with 2 NICs set to pass through (works flawless). Opnsense IP is 192.168.1.1 (with a /24 Subnet for the LAN)
Idea:
create at least one additional VM (lcx container, Debian 11) and run wireguard on it. Then route traffic coming in on Opnsense to this VM via an virtual network device, and avoid routing the data through the regular LAN NIC of opnsense.
Done:
Created a Linux bridge VMBR1 without bridge port set, added the device to opnsense, enabled the NIC, added DHCP (Subnet 192.168.111.0/24), set opnsense IP 192.168.111.1 on this NIC.
Created a LXC CT using the Debian template, added VMBR1 as Network device to this machine with IPV4 = DHCP and IPV6 = Static (not used).
Result(s):
- machine is starting and gets an IP address from the DHCP server on opnsense. I also can see the lease in the overview on opnsense.
- I can ping IP addresses on my on network (192.168.1.x) and also on the Internet (e.g. 1.1.1.1)
- DNS works, I also can e.g. ping www.google.com
- I can download a page from 192.168.1.1 using wget (-> TCP seems to work across subnets)
but:
whenever I try to connect to any host on the internet or on the internal network 192.168.1.x, I get a timeout
I already have checked the Firewall settings on Opnsense, at least 3-4 times. The settings for the two networks LAN and the new virtual net are identical, and outgoing NAT is enabled for both networks. Now I have run out of ideas where else I should look. I start to suspect that something needs to be changed in Proxmox, but as a beginner with this software, I have no idea.
Anyone has ahint where I should look first/next?
Proxmox on a N100 with 4 NICs. 1 NIC (named vmbr0 in Proxmox) only internally used to connect to the Proxmox host. Opnsense running as VM with 2 NICs set to pass through (works flawless). Opnsense IP is 192.168.1.1 (with a /24 Subnet for the LAN)
Idea:
create at least one additional VM (lcx container, Debian 11) and run wireguard on it. Then route traffic coming in on Opnsense to this VM via an virtual network device, and avoid routing the data through the regular LAN NIC of opnsense.
Done:
Created a Linux bridge VMBR1 without bridge port set, added the device to opnsense, enabled the NIC, added DHCP (Subnet 192.168.111.0/24), set opnsense IP 192.168.111.1 on this NIC.
Created a LXC CT using the Debian template, added VMBR1 as Network device to this machine with IPV4 = DHCP and IPV6 = Static (not used).
Result(s):
- machine is starting and gets an IP address from the DHCP server on opnsense. I also can see the lease in the overview on opnsense.
- I can ping IP addresses on my on network (192.168.1.x) and also on the Internet (e.g. 1.1.1.1)
- DNS works, I also can e.g. ping www.google.com
- I can download a page from 192.168.1.1 using wget (-> TCP seems to work across subnets)
but:
whenever I try to connect to any host on the internet or on the internal network 192.168.1.x, I get a timeout
I already have checked the Firewall settings on Opnsense, at least 3-4 times. The settings for the two networks LAN and the new virtual net are identical, and outgoing NAT is enabled for both networks. Now I have run out of ideas where else I should look. I start to suspect that something needs to be changed in Proxmox, but as a beginner with this software, I have no idea.
Anyone has ahint where I should look first/next?