How to setup VLANs within FreeNAS 11.3

[rmblr]

@revoman
There was one comment from @KevDog to create bridge0 and vlan1 via the GUI and not via tunables.
Have you tried this?

This should be appended to the original guide!

 

[gwaitsi]

This should be appended to the original guide!

yes, my system is up and running now. all good

 

[raidflex]

Just note there is a problem with VLANs on Truenas 12 where internet access in the jail does not work when using static addresses for your jails. I have confirm however DHCP will work fine as a work around for now. I have created a bug ticket to get this issue resolved.

But yes no Tunables are required for VLANs.

 

[maxymo]

I am using Trunas 12 RC but getting two issues different to the one above of accessing Internet with static IP.

1. I have three physical interfaces connected to my Unifi switch, all are tagged to all vlans. All got IP addresses, how can I get the one interface in Truenas without IP? I disabled DHCP but when saving changes I get the error "[EFAULT] At least one interface configured with either IPv4 DHCP, IPv6 auto or a static IP is required.". Only way to remove IP is through console.

2. When I create vlan pointing to my interface without IP address and after apply changes. the vlan is not visible in interfaces screen, neither is visible in drop down list when creating bridge. I can see the vlan through console using "ifconfig".

Any ideas what I could be doing wrong? I have tried this many times with he same result

 

[rmblr]

Another thing worth noting that isn't in the guide: when I attempted to save the jail I would get the error " 'Invalid mac_prefix. Must match `?X????` where ? can be any valid hex digit (0-9, A-F) and X is one of 2, 6, A or E. '"

I had to change mac_prefix from the default 002590 to 022590

 

[TrueUSR]

Hello! I'm using FreeNAS 11.3-RELEASE-p14. What's really interesting to me is that it automatically created the necessary network bridges I needed for my Plex server jail and my Pi-hole/CentOS vm when I added the VLANs through the web interface. I didn't have to do anything else mentioned in this guide.

 

[xlameee]

Hello

Any idea how to solve this issue I am using TrueNAS 12.0-RELEASE

Code:

Install
Error: bestla had a failure Exception: RuntimeError Message:
pkg error: - pkg-static: http://pkg.FreeBSD.org/FreeBSD:11:amd64/latest/meta.txz:
Connection refused pkg-static: http://pkg.FreeBSD.org/FreeBSD:11:amd64/latest/packagesite.txz:
Connection refused Please check your network Partial plugin destroyed

All my network is behind pfsense firewall and my pfsense is my DNS. I tried to append
nameserver "My pfsense gataway" ;search "My domain name"
still can't solve this problem

Thank you



EDIT: Never mind It was my firewall because I use manual NAT I put 10.11.14.0/25 instead of 10.12.14.0/25


NOTE for TrueNAS you don't need to create a bridge on the VLAN to get it working

 

[trentk10]

Is there a reason (best practice/more secure/no difference) to keep the VNET number at 0 ?

I have 4 physical interfaces in my truenas machine.

igb0 in truenas is connected to a switch, i have it set up as the truenas default interface. The switch is LAN network of my pfsense.
igb2 in truenas is connected directly to my pfsense igb2 physical interface. I set up VLAN120 on both devices. Using this for some jails.

bridge0 is associated with igb0 by default in truenas if I understand correctly.

I created a vlan120 and a bridge120 in truenas. The parent interface of vlan120 is igb2 . If I set a jail to use VNET0:BRIDGE120, they get an IP address from the DHCP server in pfsense, and networking works how it should.

If I set a jail to use VNET1:BRIDGE120, the jail gets an IP address from DHCP server in pfsense and networking works how it should. The only difference is it shows an ERROR in the truenas gui jail screen.

I have researched some, and haven't found anything yet, if the VNET number is significant.

If I have two physical interfaces, am I connecting them together if I use the same VNET number for jails ?
example
jail A: VNET0:BRIDGE0 ... generates a nic: epair0b, DHCP IP 10.10.0.20
jail B: VNET0:BRIDGE120 ... generates a nic: epair0b, DHCP IP 10.10.120.20
jail C: VNET1:BRIDGE120 ... generates a nic: epair1b, DHCP IP 10.10.120.21

In the example, are jail A and jail B logically connected at the nic:epair0b, even though they are on separate vlans and separate physical interfaces ? or have I overthought this whole thing ??

I included a screenshot of the other issue of the gui showing an error.

 

[Phil1295]

- The silver-bullet to make it work is to set field "vnet_default_interface" to "none" .
View attachment 35378
!! Do NOT use AUTO otherwise a host system interface is added to the bridge together with VLAN which breaks the setup. Jail would end up on the same network as the parent NIC rather than on the separate one defined by VLAN.

Thank you a lot @HolyK , also @KevDog

I must add a precision that can simplify it a lot if you have a spare physical interface:

• I have two interfaces igb0 and ilx1. I used igb0 for main TrueNAS and secure jails and ilx1 for the unsecure VLAN jails.
• That way, no need for the delicate steps to set VLAN 1 and bridge 0 to the main interface. A lot easier to maintain the setup and not loose connectivity to the GUI.
• The ilx1 interface can have its own IP with the quoted trick to not assign any "vnet_default_interface": exp ilx1 IP = 92.168.1.1 while the vlan70 is 10.0.70.40
• The steps resume to creating the vlanX and bridgeX on the ilx1 interface (no IP, no DHCP set in the VLAN/Bridge setup) + Create a trunk on the Switch with tagged traffic for all the vlanX jails configured on FreeNAS for the ilx1 interface
• igb0 interface is for the management and ilx1 for the jails VLANs

The setup is much easier and clean this way and just needs one spare interface to create the VLANs.

Hope you can update the original post with the "none" for vnet_default_interface AND the simplified setup with a spare interface

Took me days until I found this thread

Thank you again