Using OPEN-VPN services off of Virtualize PF-Sense Problem: Not enough Physical NICS?

Good Evening guys I been working on a project the last couple of days and I think I know the solution to the problem now. But I would still love to hear your thoughts on the issue as well. I started playing around with Proxmax VE Version 8.0.2 on my Lenovo TS-440 Physical Server. My goal is to virtualize PF-Sense Firewall using Proxmax so I can then use it as my main firewall, As I would like to use OpenVPN Server on pf-sense to access my internal subnet behind my PF-Sense Firewall. My current set up goes like this, Physical EERO ISP Router plug into my Edge 10 XP Switch on the LAN Interface side of the EERO, Which then goes to my physical Lenovo TS-440 which has 2 physical NICS. One of the Physical NICS goes directly to my EERO ISP Router for the WAN of Virtualize PF-Sense(DOUBLE PAT) and the other goes to the switch for the LAN side of the PF-Sense.(So i can plug devices into the physical switch and put them onto the LAN side of PF-Sense) But my WAN Side of the Physical NIC is also, the management interface for Proxmax VE. I am afraid that that is causing a conflict, Since both devices(WAN/ Proxmax Management) are fighting over one IP and multiple MAC Addresses. I have already port forwarded everything and open the firewall rules everywhere(EERO Router, Disabled Proxmax Firewall, Open Firewall rules up on pf-sense etc) and I keep getting a timed out error on OpenVPN, Also, I can’t ping the WAN address on the PF-Sense box (Even after port forwarding and opening on ICMP protocol on everything) I believed the solution to this would be to get a Physical NIC with at least three or more ports. so that way, I could put Proxmax management interface on it own physical NIC and the LAN and WAN on their own Physical NICS. I honestly don’t think I have enough Physical NICs to do the thing I want to accomplish here. Also, I believe VLANS could be another solution to the problem without having to buy another Physical NICS with more ports, I could just do VLANS with the 2 Physical NICS I already have. What is you guys thoughts on this???

-Thanks Drake Have a great day!

Network Diagram Below

1870×1825 120 KB

old known problem with PROXMAX

upgrade to the far superior product called proxmox

I virtualize pf on esxi using vlans. I would assume proxmox and your switch would support it. I also wouldn’t have any management on the wan side.

Keep your hypervisor parched…

Do not put your management on WAN network, for sure, someone will try to hack your server and have easy access to try it.

Create a VLAN for only your WAN connection and use that WAN VLAN for WAN access on your VM with pfSense.

If you use VLAN correctly, your server only needs 1 network port. At least if you ignore the rule of one is none.

I have a similar setup and it works very well.
Proxmox hosting pfSense with a quad i350 using pcie passthrough. One NIC is a WAN port and one LAN port with multiple VLANs. I have another proxmox host also running pfsense as an HA pair no issues. I definitely would have a dedicated management NIC or at least a NIC with untagged management vlan for the proxmox host.

I am sure Proxmax supports VLANS and my Switch for sure does, also, great point of not having a management on the WAN Side, probably better off putting it on it own VLAN? or just putting it on another physical NIC?