News:

Welcome to the Home Network Guy forum!

Main Menu

[OPNSense]Routing for host with IPVLAN network

Started by C18uj8Ms, November 01, 2022, 10:29:13 AM

Previous topic - Next topic

C18uj8Ms

Hi HNG,
Thanks a bunch for the awesome material. I am configuring and learning my OPNSense router and I frequently refer to your pages.
I am trying to use a bunch of docker containers on a Raspberry Pi with their own IP address and I decided to use IPVLAN to have maximum control.
I have added a static route on OPNSense which specifies the Pi as a gateway for the subnets on the IPVLAN network even though there is an advisory note that says
QuoteDo not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway.
This largely works apart from the fact that my SSH connection keeps dropping. When FW optimizations are set to normal it lasts 30 seconds (same as the expiration value on Diagnostics-> Sessions) or 900 seconds for conservative.
Am I missing some setting?
Would it be possible to sort of recreate the static route with a firewall rule? Could this potentially solve my problem?
Cheers

Home Network Guy

I have not personally use IPVLAN in Docker, but after looking at it, I think I would like to learn about it in more detail and write about it since it could be an interesting topic.

From what I gather, using IPVLAN allows you to separate your Docker containers into separate VLANs. If I correctly interpreted what I read on Docker's website, you might not need static routes but instead you should configure the switch port that your Docker server is connected to as a VLAN trunk so that you can use VLAN tags/IDs to isolate traffic on the appropriate VLANs. If your Docker server is plugged directly into OPNsense, you would need to ensure the VLANs are configured on that port on OPNsense.