kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: VLAN isolation working, OPNsense WAN cutover complete

Browse Source 
- Updated INFRASTRUCTURE.md with VLAN traffic path and required configs
- Updated CHANGELOG.md with WAN cutover and VLAN troubleshooting fixes
- Updated TASKS.md to reflect completed network work
- pm4 bridge VLAN config made persistent via post-up commands
- Pi-hole listeningMode changed to ALL for multi-subnet DNS

Key fixes:
- pm4 vmbr0 bridge-vlan-aware with VLANs 10,20,30 on eno1
- Pi-hole veth added to VLANs for routed traffic
- Pi-hole gateway set to OPNsense (10.4.2.1)
- OPNsense default route fixed to use WAN gateway

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
kavren
2025-12-21 22:29:19 -05:00
parent e93030ba9b
commit ae071a5064
3 changed files with 45 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/TASKS.md
View File

@@ -8,23 +8,11 @@ None currently.
## Pending
### OPNsense WAN Cutover (Priority)
OPNsense VM 130 configured with VLANs and firewall rules. Ready for WAN cutover.
**Pending:**
- [ ] Connect USB NIC (vmbr1) to AT&T modem
- [ ] Configure OPNsense WAN interface (DHCP or PPPoE from AT&T)
- [ ] Test internet connectivity through OPNsense
- [ ] Update gateway on all devices from 10.4.2.254 → 10.4.2.1
### UniFi VLAN Configuration
VLANs configured on OPNsense. Need to configure UniFi APs to tag traffic.
**Pending:**
- [ ] Configure KavCorp-IOT SSID with VLAN 20 tag
- [ ] Configure KavCorp-Guest SSID with VLAN 30 tag
- [ ] Test isolation (IoT device cannot ping LAN device)
### Remaining Network Tasks
- [ ] Disable DHCP on Asus router and switch LAN to OPNsense DHCP
- [ ] Test firewall isolation (IoT device cannot ping LAN device)
- [ ] Test Smart Home access (Home Assistant can reach IoT devices)
- [ ] Add Pi-hole veth VLAN membership to LXC hookscript for persistence
### Future Network Upgrades
- [ ] Order hardware (2× GiGaPlus 10G PoE, 2× U7 Pro) for 10G backhaul
@@ -47,6 +35,12 @@ VLANs configured on OPNsense. Need to configure UniFi APs to tag traffic.
## Completed (Recent)
- [x] OPNsense WAN cutover to AT&T modem (192.168.1.x)
- [x] VLAN isolation working (Trusted, IoT, Guest)
- [x] pm4 vmbr0 VLAN-aware with persistent bridge vlan config
- [x] Pi-hole accepting DNS from all subnets (listeningMode=ALL)
- [x] Pi-hole gateway set to OPNsense for return routing
- [x] UniFi SSIDs configured with VLAN tags
- [x] Configured OPNsense VLANs (10, 20, 30) on vtnet0
- [x] Configured VLAN interfaces with IPs (10.4.10.1, 10.4.20.1, 10.4.30.1)
- [x] Configured DHCP on all VLAN interfaces