I wanted to ask this here, since I've been banging my head on this for a while and I can't seem to find 2 how-to's online which are exactly the same.
So, my situation:
- I have a system with 2 interfaces.
- One interface will be a normal interface with a normal bridge, nothing fancy, let's call this the WAN-interface.
- The second interface is the internal LAN-interface, this will be the topic of this thread: should be a VLAN-aware bridge.
- This system is going to be running a virtual router/firewall, in my case OPNsense. It should have multiple VLAN's on that internal LAN interface.
Code: Select all
auto lo
iface lo inet loopback
auto enp1s0
iface enp1s0 inet manual
auto brlan
iface brlan inet manual
bridge-ports enp1s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto brlan.1
iface brlan.1 inet static
address 192.168.1.126/24
gateway 192.168.1.1
source /etc/network/interfaces.d/*
- I want to pass multiple VLAN's to that LAN-bridge which is VLAN-aware.
- The hypervisor itself also has an interface in one of the VLAN's, for remote management (brlan.1)
- This physical interface is connected to a trunk port on a managed switch which is passing all the necessary VLAN's on as tagged VLAN's.
I know I'm going to have to configure the VLAN's themselves INSIDE of the opnsense VM, not on the hypervisor level. That much I understand.
Is there anything more I need to do on the hypervisor level to get these VLAN's inside of the VM?
- I see some tutorials talking about messing with net.ipv4.conf.all.arp_filter=0 etc., is this necessary for this kind of setup?
- I see a lot of tutorials involving proxmox, where they "need to tag the VM interface also on the level of the hypervisor it seems". Is that necessary here and how to do this then?
- I see some tutorials doing an extra step like "bridge vlan add dev enp1s0 vid 10". Is this also necessary to get the VLAN's inside of the VM?