network.tjo.cloud

Handling networking between nodes and between virtual machines.

Architecture

WAN interface either represents an actual public interface (on Hetzner) or an interface in home LAN that has port-forwarded ports to it from home router.

LAN interface is an ordinary lan network.

ingress.tjo.cloud has port-forwarded all public ports to it (22, 25, 80, 443, 587 etc.). No other VM is accessible from the internet.

network.tjo.cloud establishes Tailscale VPN connection between other network.tjo.cloud VMs. Using subnet routing it makes it possible that each VM can connect to all other VMs on any Proxmox host.

Subnets

Host	IPv4	IPv6
reserved	10.0.0.0/20	fd9b:5314:0:0000::/52
batuu	10.0.16.0/20	fd9b:5314:0:1000::/52
jakku	10.0.32.0/20	fd9b:5314:0:2000::/52
nevaroo	10.0.48.0/20	fd9b:5314:0:3000::/52
	10.0.64.0/20	fd9b:5314:0:4000::/52
	10.0.80.0/20	fd9b:5314:0:5000::/52
	10.0.96.0/20	fd9b:5314:0:6000::/52
	10.0.112.0/20	fd9b:5314:0:7000::/52
	10.0.128.0/20	fd9b:5314:0:8000::/52
	10.0.144.0/20	fd9b:5314:0:9000::/52
	10.0.160.0/20	fd9b:5314:0:a000::/52
	10.0.176.0/20	fd9b:5314:0:b000::/52
	10.0.192.0/20	fd9b:5314:0:c000::/52
	10.0.208.0/20	fd9b:5314:0:d000::/52
	10.0.224.0/20	fd9b:5314:0:e000::/52
	10.0.240.0/20	fd9b:5314:0:f000::/52

Setting up new Host

1. Add new device to terraform.tfvars.

2. Manually configure vmbr0 and use import to import it.

3. Deploy terraform and manually install OPNsense via console.

4. Manually configure Tailscale.

Ref: https://tailscale.com/kb/1097/install-opnsense

opnsense-code ports
cd /usr/ports/security/tailscale
make install
tailscale up --accept-routes --advertise-routes=$(ipv4_subnet),$(ipv6_subnet) --accept-dns=false

5. Configure NAT, DHCP.