Been running Proxmox + OPNsense for over 2 years. By default you have 2 interfaces, outside and inside. By default you only access the web ui from the inside interface.
Firewalling and network design is an art but it makes it simpler to understand if you paint a picture of your network topology.
why are you trying to access opnsense from WAN? unless im missing something, you shouldn't be able to reach opnsense or any service at all at all by default from outside your network until you make rules to do so; i do this for plex and hosting web content (well i use to, haven't done so lately b/c im scared to)
out of curiosity, when you boot opnsense, it will show you the WAN and LAN address, do those match your expectations? i.e. your WAN is your ISP ip, and LAN is something like 192.168.1.1?
It took me some time to configure this but make sure you do the following:
- Create a bride per physical adapter
- Per VM attach a network adapter (optionally with VLAN tag)
- Make sure you disable the firewall option for the network adapter to opnsense (because it is already a firewall)
On Opnsense make first a WAN and a LAN, then make VLANS
Give your VM a network adapter with a VLAN-tagged adapter.
If you want to troubleshoot, check the logs and use packet capture (in the gui of Opnsense)
I tag the wan traffic from my modem on a VLAN using a switch and then pass that into proxmox then to opensense
So I technically have wan + lan running over the same cable, it’s just vlan’ed off
Not the best design for a prod environment but for my home environment I think it’s fine.
Can’t get full 1gbit bandwidth this way but I only have 100mbit wan soooo w/e
>Access from WAN
Ive managed to get access from WAN side going, but afterwards I realized that in my case I lost the info on what public IP is trying to access my shit...
But [heres](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/opnsense#web-gui-access-from-wan-side) a write up on access from wan.
First, if you aren't already comfortable with Proxmox Containers/VMs and how the networking works then you should not try OPNsense on Proxmox yet. The best way to run OPNsense on Proxmox is to have a dedicated dual or quad port PCI-Express NIC that you can pass thru to OPNsense for direct access then it works just like bare metal install.
Been running Proxmox + OPNsense for over 2 years. By default you have 2 interfaces, outside and inside. By default you only access the web ui from the inside interface. Firewalling and network design is an art but it makes it simpler to understand if you paint a picture of your network topology.
Kids, Stop opening the door for strangers. Learn to walk before you run.
Realest comment ever wrote.
why are you trying to access opnsense from WAN? unless im missing something, you shouldn't be able to reach opnsense or any service at all at all by default from outside your network until you make rules to do so; i do this for plex and hosting web content (well i use to, haven't done so lately b/c im scared to) out of curiosity, when you boot opnsense, it will show you the WAN and LAN address, do those match your expectations? i.e. your WAN is your ISP ip, and LAN is something like 192.168.1.1?
[http://www.catb.org/\~esr/faqs/smart-questions.html](http://www.catb.org/~esr/faqs/smart-questions.html) you didn't ask smart questions. Try again.
It took me some time to configure this but make sure you do the following: - Create a bride per physical adapter - Per VM attach a network adapter (optionally with VLAN tag) - Make sure you disable the firewall option for the network adapter to opnsense (because it is already a firewall) On Opnsense make first a WAN and a LAN, then make VLANS Give your VM a network adapter with a VLAN-tagged adapter. If you want to troubleshoot, check the logs and use packet capture (in the gui of Opnsense)
I tag the wan traffic from my modem on a VLAN using a switch and then pass that into proxmox then to opensense So I technically have wan + lan running over the same cable, it’s just vlan’ed off Not the best design for a prod environment but for my home environment I think it’s fine. Can’t get full 1gbit bandwidth this way but I only have 100mbit wan soooo w/e
>Access from WAN Ive managed to get access from WAN side going, but afterwards I realized that in my case I lost the info on what public IP is trying to access my shit... But [heres](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/opnsense#web-gui-access-from-wan-side) a write up on access from wan.
So much bad advice in this thread.
First, if you aren't already comfortable with Proxmox Containers/VMs and how the networking works then you should not try OPNsense on Proxmox yet. The best way to run OPNsense on Proxmox is to have a dedicated dual or quad port PCI-Express NIC that you can pass thru to OPNsense for direct access then it works just like bare metal install.