Passing a trunk to the vnic is supported long ago.
Just create a network over a nic/bond that is connected to a trunk port and do not define any VLAN (we call it non vlan network).
In oVirt, a non-vlan network will ignore the VLAN tag and will forward the packets as is onward.
It is up to the VM vnic to define vlans or use a promisc mode to see everything.

OVS can add a layer of security over the existing, by defining explicitly which vlans are allowed for a specific vnic, but it is not
currently available.

I was wondering if open vswitch will get round this problem. Has anyone tried it?

Ovirt user interface does not allow to input 4095 as a tag vlan number ... Only values between 0 and 4094.

This is useful to me too. Maybe any other way ?

Have you tried use Vlan 4095 ? On VMware it used to be the way to pass all Vlans from a vSwitch to a Vlan in a single port. And yes I have used it also for pfSense.


Is it possible to pass multiple VLANs to a VM (pfSense) using a single virtual NIC? All my existing oVirt networks are setup as a single tagged VLAN. I know this didn't used to be supported but wondered if this has changed. My other option is to pass each VLAN as a separate NIC to the VM however if I needed to add a new VLAN I would have to add a new interface and reboot the VM as hot-add of NICs is not supported by pfSense.

