First thing first. Before we install a PVE-VM on our system, we need to have a
little thought about networking.
Since we want to run several VMs inside this VM and all these VMs want to have network access I have decided to run an OpnSense-VM as router/firewall plus OpenVSwitch on the PVE-host. Therefore I’d like to simply bridge the PVE-VM’s NIC onto my workstation’s ethernet-port, and handle all routing on the OnpSense-Machine.
I am doing this in a regular consumer-grade home-network which means, a CPE running a NAT as well as DHCP, SLAAC and DHCP6. I am having private address-space on the legacy-IP side plus a dynamic /56 IP-prefix.
Bridging and NetworkManager
I am running a vanilla Fedora on my Workstation which means it’s using
NetworkManager. And because I don’t want to mannually setup a DHCP and SLAAC
client, I do the bridge configuration with
First, turn off the regular network-connection
nmcli connection down <Connection Name>
and add the bridge-Interface
nmcli connection add type bridge ifname br0
Now, we need to asign the physical Interface to the bridge
nmcli connection add type bridge-slave ifname <device-name> master br0
and finally turn on the bridge-connection
nmcli connection up bridge-br0
Now, NetworkManager should take care of assigning a SLAAC-based address to the
bridge-interface as well as a DHCP-based legacy-IP.
I intend to keep this network-configuration so the bridge is always ready to have a VM attached.