Add each hardware NIC to its own Linux bridge. Add two VNICs to the opnsense VM. In proxmox gui, assign an address to the LAN Linux bridge for the management interface. That's what I do and I've had no problems for over a year. It works fine with near 1gbps symmetrical connection.
I’m a little confused. I think that’s exactly how I have it set up currently. The problem is that proxmox doesn’t get an internet connection. I’m unable to ping out or resolve dns from proxmox. The rest of the network is getting internet though. I reserved a static ip in OPNsense for proxmox. Could that be causing a problem?
It really depends on how you have your /etc/network/interfaces set up. For one of your bridges, proxmox needs to have an IP. If you want proxmox's traffic to go through OPNsense, it should have an IP on the LAN bridge. You have to make sure the interfaces file explicitly sets a static IP or explicitly says it will get its IP via DHCP.
Since you set a static IP on OPNsense for Proxmox, you will need to manually set it to use DHCP on the LAN bridge. In my experience, this does not work because Proxmox will fail to get an IP via DHCP if OPNsense is not up yet. I highly recommend you set a static IP in the interfaces file.
Add an IP to one of the bridges, Proxmox will then use that bridge with that IP.
Proxmox lets you do that? Don't. Just give the opnsense VM a virtual NIC and do a router-on-a-stick configuration.
You could also just assign one physical port to the opnsense VM and still do a router-on-a-stick.
Although personally, I wouldn't recommend virtualizing your network gateway. If you break Proxmox, you'll also lose Internet access. And if you have to do maintenance on Proxmox, same issue.
The inverse is my recommendation to virtualize the firewall, easy backups/snapshots, migrate to another host, setup CARP, etc.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!