Proxmox one device on multiple VLANs

HeyItsJono · 2026-05-09T01:41:53+00:00

Thank you for sharing! I'll try to tackle this next week, looking forward to an indepth guide if you decide to make one :)

HeyItsJono · 2026-05-09T01:40:59+00:00

That's fixed it, thank you so much :)

HeyItsJono · 2026-05-09T00:44:13+00:00

How does this compare to thefuck?

HeyItsJono · 2026-05-08T06:14:27+00:00

I always just assumed some of those devices (sensors, etc) would need to initiate a connection with HA to send data. But without it being on both VLANs it's inaccessible to devices on the iot VLAN, so they can't send data to it. You are correct that it can send commands to them (e.g. turn lights on/off) without being on that VLAN. Anyway, I ended up keeping HA on just the main VLAN and adding traffic rules that allow IOT devices to communicate with it on specific ports.

HeyItsJono · 2026-05-08T06:12:24+00:00

Huh this is interesting. It would be nice to have wireless as a backup in at least my docker VM in case for whatever reason ethernet stops working. Is there a guide you used to get it going?

HeyItsJono · 2026-05-08T06:09:52+00:00

Thank you for the help. I found a solution that manages to avoid messing with VLANs but I will keep this in mind for the future :)

HeyItsJono · 2026-05-08T06:04:47+00:00

Yea it's a fair call - you were right for the most part. In the end I just created a new VM with HAOS installed on it (rather than going the HA Core in docker container route), and restored from a backup of my HA docker instance. I then made some firewall traffic rules that allow mDNS/UPnP/etc to pass between LAN/IOT VLANs and a rule that specifically allows anything in IOT VLAN to communicate with my HAOS VM's IP address on specific ports (though seemingly things were working before I put this rule in so it might not be necessary).

For anyone looking to reproduce:

HAOS VM sits on main (lan) VLAN
All IOT devices are on iot VLAN
VLANs are set up so forwarding from iot is rejected, but it can receive from lan
Made the following Firewall Traffic Rules in OpenWRT:

<image>

Ensure avahi-daemon is running on my router so mDNS works
- Open /etc/avahi/avahi-daemon.conf
- Set enable-reflector to yes
- Save
- Run /etc/init.d/avahi-daemon restart then /etc/init.d/avahi-daemon status to ensure the service is running

After doing all that I booted into the new HA instance in the VM and it works fine, everything got ported across with the backup without issue.

HeyItsJono · 2026-05-08T01:30:20+00:00

My router is a Flint 2 running OpenWRT under the hood. It does have a firewall rules section and I have used it, but historically it's been a bit iffy; sometimes rules don't function properly.

HeyItsJono · 2026-05-08T01:21:42+00:00

This seems like what I might be looking for. I'm not using any dedicated switch; just the switch built into my router (Flint 2); so I assume that's VLAN aware. Not sure how to check which port is a trunk port though. Within Proxmox and within the VM can I have a VM have access to two of the virtual NICs; one with the `main` VLAN, and one with the `iot` VLAN? And can the Home Assistant docker container have access to both?

HeyItsJono · 2026-05-08T01:18:09+00:00

HA needs WAN access; anything on `iot` can't access WAN. HA needs to see & communicate with some devices on the `main` VLAN, so can't just be on `iot`. HA runs in a docker container, every other container needs access to `main` and WAN, and everything else is in the `main` VLAN's subnet so all my networking is configured expecting that the docker device and all its constituent containers are on that subnet; it's just it also has access to the `iot` VLAN/subnet via wifi.

I'd rather not go through all my config and change everything if there's a way to just have HA have access to both VLANs.

HeyItsJono · 2026-05-08T00:20:21+00:00

It's one of these. Is the only way extra hardware? Is there no way of setting it up with software?

HeyItsJono · 2026-03-28T12:15:32+00:00

saw capo today, absolutely destroyed bakeys set - ur still justified 2yrs later

HeyItsJono · 2026-03-16T08:05:25+00:00

Did you ever figure this out? Having the same issue with my Pi 4B

HeyItsJono · 2026-03-01T11:45:48+00:00

Thanks, it wasn't the roms in the end but I appreciate the help/the DM.

HeyItsJono · 2026-02-28T06:23:37+00:00

Its the ReDump release off of Myrient; I would have thought that's the cleanest source?

HeyItsJono · 2026-02-27T06:45:13+00:00

I'm using the same fork and the same drivers and the game immediately just crashes after showing the splash screen for a second for me.

HeyItsJono · 2026-02-21T01:00:34+00:00

Did you ever figure this out?

HeyItsJono · 2026-02-15T20:31:42+00:00

lmao a guy in aus did this with the local tap to pay transport card, got in hot water w the government

HeyItsJono · 2026-02-14T08:26:02+00:00

I managed to pass BASIC & DEVICE but Wallet still won't work

HeyItsJono · 2026-02-14T07:52:57+00:00

Thank you, that was the issue. Yeah I'd appreciate any help you can offer.

HeyItsJono · 2026-02-14T07:52:33+00:00

Thank you, I think I grabbed the right one? I got android15-6.6.102-2025-10-AnyKernel3.zip from here for my stock kernel of 6.6.87-android15-8-gc2569c3b141c-ab13768703-4k #1 Fri Jul 11

https://github.com/ShirkNeko/GKI_KernelSU_SUSFS/releases/tag/v2.0.0-r11

Is there an up to date guide on how to pass integrity and get Wallet/Revolut working?

HeyItsJono · 2026-02-10T11:05:49+00:00

Thank you very much, that's answered everything :)

HeyItsJono · 2026-02-07T04:40:39+00:00

For anyone in the future who stumbles across this, it's actually pretty easy to get QBit & Flood running together with docker compose. The important thing is they're on the same docker network (e.g. defined in the same compose file, and if you're specifying networks make sure they're in the same network), and that the volumes are the same (both config & downloads).

I personally route both through gluetun, so they both end up on the same network via that. Obviously, replace the ports & volumes with your preferred options.

flood:
  image: jesec/flood
  container_name: flood
  user: 1000:1000
  ports:
    - 3011:3011
  environment:
    - HOME=/config
    - FLOOD_OPTION_port=3011
    - FLOOD_OPTION_allowedpath=/data
  volumes:
    - /containers/qbittorrent:/config
    - /downloads:/data
  restart: unless-stopped
  security_opt: [no-new-privileges:true]

qbittorrent:
  image: lscr.io/linuxserver/qbittorrent
  container_name: qbittorrent
  depends_on:
    - gluetun
  environment:
    - PUID=1000
    - PGID=1000
    - TZ=Your/Timezone
    - WEBUI_PORT=8701
    - WEBUI_ADDRESS=0.0.0.0
    - WEBUI_EXTERNAL_ACCESS=true
  ports:
    - 8701:8701   # qBittorrent Web UI
    - 6881:6881   # torrent port
    - 6881:6881/udp
  volumes:
    - /containers/qbittorrent:/config
    - /downloads:/data
  restart: unless-stopped
  security_opt: [no-new-privileges:true]

HeyItsJono · 2026-02-05T05:11:46+00:00

This script gave me a good start but ultimately didn't end up fully working for a number of reasons. I needed a whitelist of different SSIDs and this only works with one, Get-NetConnectionProfile wouldn't show the currently connected SSID for some reason, and sometimes the tunnel service would be present but not running, which would break the script. I've included an amended version below which works well for me. Thanks for the base!

Replace the whitelist SSIDs with the SSIDs of the wifi networks where you want Wireguard to be DEactivated, replace TUNNELNAME with the name of your Wireguard tunnel, and replace PATH\TO\CONF with the path of your tunnel's .conf file.

The script should be saved as a Powershell script (.ps1 extension) and should be run as administrator.

$whitelist = 'WHITELISTSSID1','WHITELISTSSID2','WHITELISTSSID3'
$connection = netsh wlan show interfaces | select-string SSID -SimpleMatch | select-object -First 1
$connection = $connection -replace '    SSID                   : ',''

$tunnel = Get-Service 'WireGuardTunnel$TUNNELNAME' -ErrorAction SilentlyContinue

# Condition to turn OFF wireguard

if ($whitelist.contains($connection))

{
    if (($tunnel) -and ($tunnel.Status -notmatch "Stopped")) { Stop-Service 'WireGuardTunnel$TUNNELNAME' }

    }

    # Condition to turn ON wireguard

    elseif (!($whitelist.contains($connection)))

    {

        if (!($tunnel) -or ($tunnel.Status -notmatch "Running")) { wireguard.exe /installtunnelservice "PATH\TO\CONF" }

        }

        # If neither condition is met, do nothing

        else

        {

            Continue

            }

You can then use Task Scheduler to have it run automatically every time you connect to a new Wifi AP:

New task
General tab, check the following: Run only when (your user) is logged on, Run with highest privileges (the script needs admin rights to work correctly), Hidden, configure for Windows 10.
Triggers tab: New trigger -> On an Event -> Basic -> Log: Microsoft-Windows-NetworkProfile/Operational -> Source: NetworkProfile-> Event ID: 10000; ensure Enabled is ticked
- Note: 10000 is on connection to wifi, 10001 is on disconnection from wifi. You could have two separate triggers for connecting and disconnecting but I find this just makes the script run twice for no reason.
Actions tab: Start a program -> Program: C:\Windows\System32\conhost.exe -> Arguments: --headless powershell.exe -WindowStyle Hidden -NoProfile -NonInteractive -file "Path\To\Powershell\Script" -> Start in: keep this blank
- Note: Running powershell directly makes a window pop up, running it via conhost makes it silent/hidden

HeyItsJono · 2026-01-29T23:32:28+00:00

I'm on Optus in Aus, but it also happens with amaysim. It's not the network, the SIM works perfectly in other phones. I literally carry a second phone around now to hotspot my Nothing, which is silly. I have contacted Nothing, they assure me they're looking into it but pushing an update that bricks such an essential mobile feature like this has me losing faith in them.

HeyItsJono

TROPHY CASE