XCP-ng all VMs, no Internet

Haunter93 · June 24, 2020, 8:11pm

Hi,
So I switched over from Virtual Box to XCP-ng and have been running into nothing but hiccups. First was setting up shared folders (windows 10 sharing configurations were the nightmare there), now it has been a nonstop battle with internet on loaded VMs.

First off: I was following this video Step by Step “XCP NG Xenserver 7.4 Install Tutorial. From bare metal to loaded VM using XenCenter”. But had to stop at 21 Minutes. Where Lawrence used his VLAN. Having just switched from Virtual box, all i had in terms of a Lab was the following:
Hardware: 8-core CPU, 16GB RAM, 3TB local storage, and 1 NIC as my Virtual Server connected to a dumb netgear switch that split my routers connection between the virtual server and my operational PC.

The lack of a smart switch and the limitation of 1 NIC turned out to be a big problem because the management interface refuses to share the VLAN it is on. So if anyone doesn’t have a smart switch, getting internet to the VMs on a single NIC server is impossible with XCP-ng. (i say impossible, maybe not, i gave up trying though.)

I caved and bought a $50 Cisco Catalyst 3750 off ebay. Thanks Lawrence, I needed to do that anyway, this was just the justification I needed to follow through with it.

After some Youtube videos on how to configure a cisco switch, I got my port trunked to my XCP-ng server, my router, and my operational PC so they are allowed to have both VLAN 1 and VLAN 50 on them. But…no internet still for the VMS. doublechecked my configurations (see below)

Port Configs:
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-55
switchport mode trunk

Where i am at now is that my pfsense (first virtual machine i installed on xcp-ng) is pulling WAN (vlan50) from DHCP (192.168.1.46/24), i am managing from my operational PC on VLAN 50. From pfSense i cant ping anything.

Conditions:
If i have just LAN and WAN installed in pfSense as NICs, then i get this output.
WAN (wan) → xn1 →
LAN (lan) → xn0 → v4: 192.168.1.1/24

Pinging: Fails on my operational PC 192.168.1.10 as well as to internet.

Thoughts? I know I have to be missing some very basic configuration.

LTS_Tom · June 25, 2020, 12:46am

First, you should be running version 8, not 7.4 and second XCP-NG center is not the best way to manage it. I have a newer video that explains how to set it up from scratch here

Haunter93 · June 25, 2020, 12:40pm

Thanks!,

Ill give this a go and post final results!

v/r
Andrew

Greg_E · June 26, 2020, 2:49am

I had no issues getting VMs to connect to the internet with only a single NIC in my XCP-NG servers, was running HA to a freenas machine for the VM storage too. Slow but it did work.

garethw · June 26, 2020, 4:52pm

It should work with only one nic but probably not if you are trying to do pfsense in and out and have WAN on one side and LAN on the other and you don’t have vlan support (which is how I read the situation).

I think technically you could have (for example) your router on 192.168.0.1/24 then several VM’s on say 192.168.10.0/24 and have pfsense have one NIC with an IP on both the .0.0/24 range and the .10.0/24 range and I think it would work without vlans or additional physical ports but it would be a mess. (I might have to try that and see what happens…Can pfsense have two ip address on different subnets on one NIC?)

garethw · June 26, 2020, 5:10pm

@Haunter93, I think you probably need to do something like.
(you may not need to move the management if but I forget how cisco gear deals with hybrid ports / pvid / native configurations)

configure two vlans on your xcpng box via XOA or Center either way maybe using your dumb switch
(call them, for example, 50 and 100)
change the management interface on xcp-ng to be on one of the vlan networks (say 100
connect the cisco switch to the xcp-ng box
on the connected port “allow vlan 50, 100”
connect the cisco switch to your management machine
make that switchport an access port on vlan 100

Check you can now see your xcpng box again

make a couple of test machines, one on each vlan, check that the 100 one can ping xcp-ng and your management box (turn your windows firewall off maybe…).
connect your router to a port on the cisco,
make that an access port on vlan 50
check the 50 test vm can see the router.
setup pfSense, check connectivity between LAN and WAN (100 and 50)