There are dozens of devices in customer LANs. The goal is to have the entire network of each customer available at the L2 layer in the LXC container or VM in proxmox. E.g. I want to use tools like arp-scan etc.
I use WireGuard VPN to establish a VPN from a client devices to a proxmox server. For L2 tunneling through WireGuard, GRE (gretap) is established.
Gretap (there are more customers so I have more gretap interfaces) are terminated directly on proxmox. Each gretap is then connected to a unique LXC container using the vmbrX bridge. My whole idea is drawn here: https://snipboard.io/f5mMHh.jpg
But this solution doesn’t work for me. E.g. gretap1 is stretched to container 101 on interface eth1_gretap (via vmbr2 bridge).
root@pve-routers:/etc/network# brctl show bridge name bridge id STP enabled interfaces vmbr0 8000.0cc47accec9d no eno2 veth101i0 vmbr1 8000.c6cd6eb3ee0b no **vmbr2 8000.3a1f353fc751 no gretap1** ** veth101i1** ...
If I use tcpdump over the vmbr2 or gretap1 interface on proxmox, I see L2 traffic from the customer network (ARP requests, IPv6 and others). If I use tcpdump on the interface in the LXC container, I don’t see any traffic.
Bridge as such is functional. If I put the IP on vmbr2 and the interface in the LXC container, I can see each other (ping is successful).
I don’t know what could be causing this malfunction.
Or is my proposal flawed and the desired goal is not achievable?
Thank you for help.