1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
---
layout: post
title: Network stuff
date: 2021-04-25 21:50 +0200
categories: tech
description: "I do some experiments with networking stuff. Proxmox and running OpenWRT in a VM."
---
Been a long time.
Recently, I got interested in the whole "homelab" stuff.
So I got myself a used Mini PC to run Proxmox on it.
Initially, it was to be just for fun, but soon after
I received the PC, my Raspberry Pi (PiHole - running as DNS server)
died in a dumb
chain of events. ("Why is it blinking funnily? Oh, it
blinks when the voltage is too low? Let me get my multimeter.
Huh, it's now too low. If anything, it's to high. Mh, let me
change the power supply and check again... Uh? Damn, what
happened? Why won't it boot again?" - Turns out I probably
shorted something. After some research it turns out the
whole blinking stuff WAS THE STUPID OS DOING THIS AS A
"HEARTBEAT". So I broke my Raspberry Pi which serves
my whole network as a DNS server for nothing).
So anyway, I installed Proxmox, fiddled around with it, got
PiHole running in a container, everything is fine.
Since, as the same time, I changed to work-from-home, I wanted
to isolate the work PC. With VLANs. After a lot of head scratching
and internet research, I still couldn't find out how to properly set
up VLANs with Proxmox. (I already had a managed switch at that point).
I ended up with this setup initially:
+--Proxmox---
|
|
+-eno1 ------- vmbr0 --- VM*/container
| |
| +- eno1.20 - vmbr1 --- VM*
|
* I decided to run OpenWRT
With vmbr1 being a "VLAN aware bridge", because, obviously,
I wanted to use VLANs, so I have to use it, right?
Well, after a *lot* of experiments, internet research, and
a seemingly wrong answer on StackExchange stating
"If you attach a network interface on a bridge, you can't
use VLANs anymore" (maybe I read it wrong) it turns out,
this is not necessary.
Just throw the vmbr0 into the VM, and do the VLAN separation
inside there. Good enough for my use case. Although I understand
that's probably "bad" because "rogue VMs/containers" could access
the traffic they shouldn't see. But like I said, I don't consider
that to be a problem.
Meanwhile, I consider replacing my current router (FritzBox) with
the virtualized OpenWRT router, but have no idea how to properly
implement that, I also want to avoid the migration headache
(I either need to put the FritzBox into another network / address
space, or reconfigure my whole network). Also, I probably should
consider whether I want to do that "exposed host" stuff on the
FritzBox so I only have one NAT. Bearing in mind OpenWRT installed
by a n00b like me inside a virtualization software being practically
"open on the internet" is not a good idea.
Not to mention I also had a look at OPNsense, but found it too
confusing and overloaded for now.
|
