A Homelabbers Networking Playground with Opnsense, Proxmox, VLANs and Tailscale

This guy homelabs..
That production quality, sheeesh!

Short, smart, productive video. Hope you guys make usefull video like this.

Really nice video, easy to understand and great production quality! More videos please 👍

I have worked on getting OPNsense setup on a single nic for 2 good weeks and you just made it so so so easy. I just want to express my sincere gratitude to you for the life saving video tutorial. Keep up the good work.

Brilliant video, appreciate the use case and tailscale setup. Had struggled for weeks to accomplish a basic understanding.

Nice feature, great product overview and outstanding video edit

Absolutely game changer. Thank you for making this Alex.

I needed to install opnsense on my proxmox to assign static ip addresses to my machines (as my physical router refused to assign static IP addresses to more than 10 addresses) but all other tutorials were so daunting that i did not dare to try especially when they said that it is must that i have two physical network devices for my opnsense vm but after watching this video I am 200% confident that this will not be an issue. Thanks for making such helpful tutorials.

I was expecting to hear 'KTZ' at the end and only realised this was a different channel!! :D Same great stuff, thanks Alex

I was doing some wild stuff in order to achieve exactly this, this is a game changer.

I think you hit the nail on the head with your intended topic because by following your instructions that is exactly what happens after installing tailscale the perfectly working opnsense setup I had is now broken and I had to restore opnsense from backup I created in the event things broke afterwards. I think I will wait till you have released a native installer for FreeBSD before trying again :)

I have been using Tailscale as long as i can remember.
even after all this time of using it - it is still feel like some witchcraft magic.

Thanks for the demo and info, have a great day

A next exercise would be to show us how to safely access the configuration GUI of OPNsense using Tailscale. It would be a useful and informative exercise. I can’t find any clear instructions of this. It would be a real enabler for both Tailscale and OPNsense.

Coincidentally, I theorized this a couple of weeks back and was planning on testing it out in a weekend. Now I know this works wonderfully. Great video !

Awesome video! Thanks for your work!

Thank you very much. You have helped me in ways I never expected to exist and for free🙏👌👏🎯

Note that it's entirely possible to configure your test router, your test lab, etc to be ISOLATED, yet still be accessible, without using a third party software, just using the magic of managed switches.
Let's say I put my main router in place, then connect it to a managed switch, where the PVID /VLAN ID is configured for vlan 99 for example. In my case, I have two cables from the main router to the same switch; one going to PVID 1 and one going to PVID 99; Now, I can have other networks with vlan 99 tagged on it, and then build a proxmox server, and to get internet coming off the router ( private ip, but connected ) I just use the 99 vlan tag. Let's say that this is hitting a virtual router, I can connect the virtual Opnsense to pick up the WAN on vlan 99, and feed the output back (LAN side ) into the managed switch(es) as 97. That 97 is still isolated, but accessible by the physical desktop that is typically on the LAN; for this trickery, I usually use either the managed switch, and set 97 to be untagged on a specific port, or I'll grab a USB ethernet adapter that allows me to set the VLAN within the driver. Voilla, I can now interface with the virtual opnsense from a physical machine, whether by switching ports on a switch, or by simply plugging in a USB ethernet adapter and changing the vlan there.
While this sounds "theoretical", well, in practice, it is not just theoretical. It does indeed work. Just got to wrap one's head around how vlans work, and how managed switches work. On my managed switches, I do need to ensure that the tagged VLAN is available on all switches that the traffic has to traverse..
The beauty of this sort of system is that while it seems that virtual is the only thing one can do, it's not; I can indeed plug in a replacement router that I'm testing, using the magic of managed switches, test it completely while the misses is ignorant of the process. Most of my lab is in another room, but the main router/cable modem is in a third; it just requires thinking outside of the box a bit.. Yes, you may see an extra millisecond or so of "lag" with such a setup; But it's not a game changer as far as lag is concerned.
I also have used virtual machines for the purpose; but in the end, it's often easier to reach up, and switch the ethernet over to a different port, or just pull out the USB NIC.

Great content Alex! Sharing studio with KTZ systems 😅
Tailscale nailed it when they hired you.

Wau but that is amazing.
Thanks for explaining this magic box 🎁

Awesome demo, works perfectly for my use case! I think one step that was missed was forgetting to remove the installation media ISO in Proxmox after installing OPNSense. Not sure if setting up OPNSense with the install media attached caused the interfaces to be reset on reboot. I went ahead and checked "Lock Interface" in OPNSense just in case.

Shame this only has 4K views as of right now. Tailscale is lit! It will be very mainstream as time moves forward.

Great Video!

Thanks for the good tutorial.

Great timing for us switching from greedy netgate to opnsense

thanks for super info video.

You are the best

Very cool, thank you for sharing this. If I want to achieve the same result, do I need to have a home/real router with VLANs support too?

Thank U for sharing

Thanks for the vid - this was extremely helpful. I followed everything but for some reason my ubuntu vm on the vlan is getting dns resolver errors. The opnsense vm does have internet access though. On opnsense > settings > general I left DNS servers blank and checked "allow dns server list to be overridden by DHCP" and on the ubuntu vm all network config is set to auto. it shows dns as the opnsense IP. Any ideas?

Thanks for this great video. Could you please make a " Site-to-site networking" with tailscale? Thanks

I know this man! 🤣. Didnt know you had another channel bud?!

I just installed Tailscale in my OPNSense box, but I was wondering if any firewall rules should be created for the Tailscale interface, or any other configuration that needs to be done?

Do I understand this video in that I could send multiple vlans to my Tailscale network as a remote trunk?

Thx sir , can i ask how can work opnsense tailscale exit node ?

Can I implement the subnet-lab with Virtual Box as well?

0:20 We've all been there...

Would be great if this walked thru how to eliminate DERP. No matter what I do I always have to route thru a rely for my opnsense connection

Great video. As usual.
Just one remark. Is the audio level a bit low for anyone else? On my Macbook Air M1 I have to set the volume to at least 2/3 to hear. May need my ears dewaxing.

Where did the Ubuntu client got the IP address? from Proxmox or from Opnsense? I followed the steps and I can't seem to get an IP on my Ubuntu VM. Is the DHCP LAN on OpnSense enabled? Thanks.

Great video... however.... I've followed the steps precisely, twice, and I cannot access my OPNSense instance through Tailscale. It shows under machines, but I can't even get a ping response from it, or the virtual machine behind it. Any suggestions?

Question - why do you run a /20 network in a home network? Do you need 4094 hosts?

Is this VLAN enough to protect my home network for malware testing? I understand that malware can 'vlan hop', but would this be enough?

How would you graduate this setup to be the main router in your network ?

When using the advertising subnet command. Will that setting stay after a reboot of the opensense router?

How about a video on Tailscale on pfSense? 😊

So tailscale support vlan?

Super video, but assigning tailscale in opnsense causes not original devices error on reboot and manual device assignment leading to reconfig of interfaces on every reboot :( running precise same setup as in video

Is OPNsense like pfSense?....if so, which is "better"?, why use OPNSense over pfSense?

🤯🤯🤯🤯 OMG No stop it.

Volume is so low...

This is exactly what I needed. Thank you.

I followed these instructions, but the tailscale installer (make install) had a blue window that popped up and asked me questions about what to install and what architecture I have. I selected V4 for some instruction set, but I must have selected the wrong thing, because my tailscale install halts with:
Building Go cmd/dist using /usr/ports/lang/go122/work/go-freebsd-amd64-bootstrap. (go1.20 freebsd/amd64)
cmd/dist
This program can only be run on AMD64 processors with v4 microarchitecture support.
*** Error code 1
Any idea on what I can do? (I tried to make clean, make install clean, make clean-depends, add GOAMD64=v3 to /etc/make.conf...)