Sorry to scare you. I mentioned ‘basic’ to discuss some fundamental networking aspects in Proxmox without going into even more complex configurations. Using a virtualization server in general is going a little beyond basic networking for many home users.

It's possible that is on me. I originally made the title "Basic Network Interface Configuration in Proxmox" but changed it to "Fundamental" because some users were expecting the video to be "simple" because of the word "basic". My original thought of calling it "basic" wasn't to indicate that it's simple process (although once you understand the concepts, it does become simple), but rather "the basics of how you configure network interfaces in Proxmox". Proxmox has a more advanced network configuration which makes use of a SDN (software defined network) which is why I was originally trying to use the term "basic" since that is how you had to configure network interfaces before the introduction of the SDN. I don't quite know how to break down the topic in more simple terms because essentially you have physical network interfaces in your system (the hardware) and you need to create bridges (in software) on top of those physical interfaces in which all of your containers and VMs can utilize as though they are physical interfaces. All CTs and VMs using the same bridge are essentially on the same network. You can create VLANs on the bridges if you make the bridges VLAN-aware. You can also pass through a physical interface to a VM so it sees the raw interface on the host but only one VM is allowed to use the raw hardware at a time (there are exceptions if you configure SR-IOV, etc). Passing through network interfaces is a little more involved but it has become easier since I don't think you have to enable IOMMU in Proxmox, etc since that is already enabled by default. You just need to enable it on your motherboard BIOS. I didn't discuss this topic in detail in the video because it's more advanced. Btw, I have a MS in Software Engineering, BS Computer Science, BS Computer Engineering, and about 20 years of IT experience and it still took some time for me to understand Proxmox (I've been using it for 3 years or so). It was a fundamental shift in how I managed all of my app/services/VMs for my network so it was a bit of a shock when I made the switch. I spent a lot of time researching Proxmox before I started using it because I was trying to justify if I had the proper use case for it. I almost regretted migrating my server to using Proxmox until I understood the benefits it brings. Now I can't live without it in my network since it powers the apps/services hosted on my primary network and my homelab environment where I can tinker and explore new things. Also I'm planning to do an updated full network build using OPNsense since that 3 part series was one of the first few videos I've done. Over time I've been working hard to improve the quality of the video/audio and the presentation of the technical topics. It requires a significant amount of practice and cost to improve the production and content quality.

Thanks! What would you like to see? Once you have a separate network for IoT, you can just put whatever devices you like on that network since it will be isolated from other parts of your network (in case they get compromised).

I just rewatched your opnsense tutorial and there is definitely enough info for IOT in there. Is it that big of a security risk to have everything on the same subnet/vlan? its the only way i can get IOT devices to work with my homeassistant and AP@@homenetworkguy

IOT devices are typically the most insecure devices because they are quickly produced and are only supported with updates for a short while after the products are released. That is why it is recommended to put those devices on their own network so if something gets compromised it doesn’t spread to the rest of your network. You can minimize the damage caused by an exploit.

If you connect a switch port to a VLAN-aware interface on the Proxmox system and the switch port is already assigned to a particular VLAN, all VMs and CTs will be on that particular VLAN. If that is the case, you don't even need to make the bridge VLAN aware. It will just exist on that VLAN by default because the switch will tag all the traffic with the VLAN ID. VLAN-aware bridges are better suited if you are connecting to a trunk port on a network switch where you assigned multiple VLANs. This gives you the flexibility of assigning VMs and CTs to any VLAN on your network that you like.

If you create a Linux Bridge, you can either create VLANs inside a VM (such as a pfSense or OPNsense VM) and it will work just like a bare metal installation. You can also set the VLAN aware option on a bridge so that your VMs/CTs can be set to a specific VLAN using the VLAN Tag option. For VMs such as pfSense/OPNsense you won’t want to set the VLAN Tag on the bridge assigned to the VM but rather configure VLANs as usual inside the VM.

@@homenetworkguy so for whatever reason, if VLAN aware is unchecked on my Linux Bridge, I can go to a VM and set the VLAN tag and it works just fine. On the other hand, if I check the VLAN aware on the bridge, the VM can't get networking anymore -- regardless if I set or not the VLAN tag.

@@Tyron76 that sounds odd.. not sure I had that happen before. How do you have your switch configuration set for the port that’s connected to that physical network interface of your Proxmox system?

Found out that I just needed a reboot to make it work 🙄 In the process, actually discovered a use case for creating a Linux VLAN (5:00). If you configure the port on the switch with VLAN40, then your physical network interface will be on that, thus your bridge's (vmbr0) CIDR for management needs to be in that VLAN. If you want to keep your switch in another VLAN (eg Default VLAN = 1), then you can not set CIDR on vmbr0 and configure CIDR on vmbr0.40. That way, VMs connected to the vmbr0 bridge will not be on VLAN40 by default if no tag is assigned.

That’s odd. I haven’t seen issues with that because Proxmox is Linux based and the network drivers are generally pretty good for that sort of hardware. I can’t think of what the issue would be. Sometimes a better quality Ethernet cable helps but for 2.5G you only need Cat5e. It not only negotiating at 1Gbps when you connect it to a switch or are you referring to what it shows when you look at the system information? Just curious if you tested the throughput using iperf3 or via some other way to ensure you are getting the proper throughput.

I've had someone mention Kea DHCP a while ago. I haven't spent a lot of time digging into this yet but I did see where ICS DHCP is deprecated in favor of the more modern Kea DHCP. Based on a few comments on the OPNsense forum, it is likely not ready for prime time since it has recently just become available as an option to select as your DHCP service. I think this would be a good topic to cover especially once it becomes mandatory (or very strongly recommended) to switch over to it. Not sure if there will be an easy migration path or not.

@@homenetworkguy thank you for your reply. I’ve noticed they implemented it into opnsense 2.41.1. Also seen on Reddit that they planning to remove the ICS DHCP at some point

@@homenetworkguy Same deal for pfsense. It's not ready for prime time yet as not all the features are there like the old ICS.

Not quite sure what you’re wanting to accomplish. If you create a bridge with no physical interface, it will be a completely virtual network that other VMs can connect to on their own network. What I like to do is create the VLAN on my router and switches. Then I configure a VLAN-aware bridge in Proxmox and I can assign the VMs/CTs to any VLAN I want (the port on the switch where Proxmox is connected needs to be trunked to allow all VLANs)

@@homenetworkguy You actually answered what I thought. It has to be done on a managed switch or router. I've bonded a virtual bridge to a port on a nic. The VLAN zone is associated with a Vnet VLAN with a subnet of the 10.10.10.0/24. But it doesn't get an IP because I don't have a DHCP on that subnet. If I force an IP it still can't reach out through the gateway that the Proxmox server uses. The subnet wants 10.10.10.1 gateway, example, but I don't have a gateway for it really.

You could have a completely virtual bridge that’s private just for VMs but then add a second bridged interface to the VM that is associated to a real physical interface where you have VLANs assigned- Assuming you want to bridge the gap between 2 networks (a virtualized network and a physical network).

@@homenetworkguy I just created a virtual bridge without any configuration on it and plugged it directly to a pfsense port that was configured for a VLAN. Seems to be the only way to properly put it into a VLAN.

@@Shpongle64 I would argue that is the best way to go. You could in theory create a VLAN-aware bridge, and create multiple bridges (one for each VLAN by entering the VLAN tag on each bridge) and then assign all of those bridges to the pfSense/OPNsense VM. I think it's messier to do it that way than to use a single bridge.

Interesting.. what type of hardware are you using? I recently had some issues with a system with 10Gbps SFP+ interfaces but it could’ve been incompatible DAC cables I was using.

@@homenetworkguy I got 2 x 36-bay Supermicro super storage servers, primary and a backup. Bother were running Unraid, but Unraid isn’t that stable and the performance is bad so I’ve kept one on Unraid and the other on TrueNAS Scale. Then I realized it was risky homelabbing on the servers storing all my data so I got a NUC with 64GB RAM. Ran out of RAM in like a week so I bought a Dell R730 and threw ~400TB RAM to run Proxmox and I’m homelabbing on that snd just keep some backup Plex and arrs on Unraid in case the Proxmox server goes down. Ended up wanting to build a rack mount PC for me and another for my son and realized that the 25U rack that I thought would be more than enough wasn’t, and got another one. I use SFP+ as an uplink to my primary router in another part of the house and also to a 10G switch I have for the servers. Got a cheap 10G and 2.5G switch for the second rack which uplinks to the main server rack so it’s all pretty fast with loads of bays to spare.

If both bridges are on 2 different physical interfaces, you could simply configure the network switch to be on 2 separate VLANs. This would prevent traffic from communicating between the 2 interfaces because they are on separate Layer 2 networks. You can also restrict access at Layer 3 via a router with firewall rules.

If you have a managed switch configured for multiple VLANs, you can connect an unmanaged switch to any of those VLANs and anything connected to that unmanaged switch would belong to that VLAN. Same concept with virtualization. If you configure a VLAN on the server and connect an unmanaged switch it will be on that VLAN. But of course is not very practical to have one physical unmanaged switch per multiple VLANs. I actually have 1 unmanaged switch in my server rack connected to OPNsemse for my lab network so I can have a few higher speed interfaces to test performance, etc.

@@homenetworkguy nice! Thanks. Might be a good stepping stone for 1st vlans, or like you said, other specific use cases... I don't have a managed switch but for my first clan/exploration, this new knowledge I think will help... An extra NIC is far cheaper than a managed switch... Maybe I'll buy a card that has a double interface. I already "need" a port to have my server running pihole to also run OpenSense and replace my old router/firewall. I think a video of your or someone explained how I can do that with a single interface but its probably best I just add a NIC to that underutilized box

I no longer use the same interfaces for Proxmox as in the video since I've moved to a mini PC with 4 network interfaces. I'm also using a basic Proxmox cluster as well. I've simplified how I use the interface a bit even though I'm using it in a cluster now. Below is what my config looks like (I don't want to put it in the description because it doesn't match the video): auto lo iface lo inet loopback iface enp3s0 inet manual auto enp4s0 iface enp4s0 inet static address 172.30.0.40/24 #Cluster iface enp5s0 inet manual iface enp6s0 inet manual iface enp2s0f0np0 inet manual auto enp2s0f1np1 iface enp2s0f1np1 inet static address 172.20.0.40/24 #Storage auto vmbr0 iface vmbr0 inet static address 192.168.1.40/24 gateway 192.168.1.1 bridge-ports enp3s0 bridge-stp off bridge-fd 0 #Management auto vmbr1 iface vmbr1 inet manual bridge-ports enp2s0f0np0 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 #VLANs auto vmbr2 iface vmbr2 inet manual bridge-ports enp5s0 bridge-stp off bridge-fd 0 #WAN auto vmbr3 iface vmbr3 inet manual bridge-ports none bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 #Virtual source /etc/network/interfaces.d/*

@ Wow! I had to revert mine to just the basics because it broke everything. Now I am still having problems with my TrueNAS VM on Proxmox, which is not seeing the network gateway, and can’t assign an IP to itself or connect to the internet to update itself. It’s driving me nuts.

Yes I love and use all 3 products on my home network. Several years ago, it took a little bit of time for me to warm up to the concept of using a virtualization server at home but now I can’t imagine my homelab without it.

Haha yeah.

You’re welcome!

If you can’t configure it from the web UI, you may have to tweak that configuration via command line. I haven’t tried configuring wireless with Proxmox since I have always used wired interfaces. Would be interesting to look into though even though it’s not quite as ideal as using a wired connection (I understand you are trying to reuse a laptop as a virtualization server and don’t have other options).

Seriously? Wow. I was focused on editing out the “umm”s and lips smacks (which I’m getting better at avoiding now that I’m more aware of the situation). Speaking in videos is much more challenging (for me) than writing guides, reviews, etc. like on my website. Always something to improve upon! Haha

@@homenetworkguy don't worry, you are doing GREAT job ;-)

​@@homenetworkguy wonder if noisegate can help take those out or if it will someday with a little ML love.

Nope, but thats a good idea for him.

I don’t have my own server set up but I do have a Discord account. I have debated if it’s best to use an ecosystem like Discord or set up a Discourse forum on my website (right now I’m using Simple Machines Forum but it feels more clunky than a Discourse forum- I’m also have other issues with that forum I have yet to fix).

@@homenetworkguy why limit yourself to just one platform? You can have a forum site for the people that prefer a thread oriented support system (where answers can build up) and a discord server for people like me that are seeking real time support. Kinda spit balling over here but you could probably set up something that can automatically archive 14 days old discord tickets and post them on your site for them google clicks. Mind if I ask here on youtube?

The hard part for me is not spreading myself too thin, I get emails through my contact page, comments on my website, questions on my forum (when it was working properly), comments on KZbin, comments/questions on Reddit, questions on Facebook (rare but has happened), questions/comments on Twitter/X, comments on Instagram. I think have quite a few options already. I’m only one man doing all of this in my spare time (would be awesome to do it full time though!), haha. I could try adding another platform.. but I may be slow to answering questions at times. I still have an email backlog to get through from December. Haha. Sure, you may ask some questions here. Sometimes it’s a bit hard to find them because KZbin kind of makes it hard to follow back up with comments once you start getting new comments (they get a bit buried).

I think you need to centralize your community instead trying to keep up with multiple platforms. I get posting and helping people on reddit,x/twitter, Instagram and Facebook since it brings attention to your page, but what happens when your channel starts growing at a rapid rate? If you were to set up a discord server with a ticketing system and/or a dedicated forum site, you can offload a lot of the common questions you might normally receive to the individuals you have helped previously. You won't have to be as hands on unless there's an individual trying to set up something more complex than the average user. A bit of context for my questions: I'm trying to set up a glorified 10gb router/switch using a modified supermicro board with 3x540-t2 chips (6×10gb ports). I am not bridging my connection between my modem and opnsense box but running it behind my modem (I will be switching from fiber to cable in the coming days for 3 months and then switch back to my fiber provider when I qualify as a new customer for the $70 8gb plan). Questions: Bare metal opnsense: why is it that whenever I configure opnsense lan address using the same subnet as my isp provided modem, 192.168.2.x, I can't access the webgui? Same thing happens when I use opnsense cli commands to grab a dhcp lan address from my modem. Virtualize opnsense using proxmox: all the problems I was having with bare metal just works, but how can I set up my network so I can have a 10gb connection between opnsense and my pc but still have access to proxmox management interface on my pc? When I was testing it out during the weekend, I had to use a cheap unmanaged switch to connect proxmox management network, opnsense lan and my pc to the same newtwork just to access the webguis

Thanks for your feedback.

Same, this wasn’t very informative for someone new to proxmox. Please define what a bridge is and the concept of assigning ports to them first.

Sometimes finding the right balance between novice level information and more advanced topics is difficult because you have to assume a certain level of knowledge when covering topics. I like to focus more on intermediate/advanced topics rather than beginner topics. However I do want to make as much of my content approachable to new users as possible. Thanks for the feedback! It helps me determine what is useful and what is not as useful.

Sorry that you are confused. I wasn’t implying a “basic network setup” but a “basic network interface” configuration in Proxmox. Basic network configuration in Proxmox consists of knowing how to use bridges. I suppose you could only use the default bridge that Proxmox sets up by default and that would be considered more basic. The reason I said ‘basic’ is that you could get into SDNs (software defined networks) which I consider more advanced network configuration for Proxmox. The SDN is a newer networking feature of Proxmox.