@Patch
Seems like a bridge is the simplest network.
I've drawn up this network topology.
Is there any easy to follow pfSense guide for the Ubuntu bridge setup?
alt text

I am new here so, a moderator may kindly mark this thread as solved.
Thank you.

@eiger3970-0 said in Is remote access possible with virtualisation?:

Something to do with the ISP's CGNAT?

Look up that word in this forum.
It's known this makes NAT-not-possible.

@root1ng said in Can someone explain to me how i can do this ?:

the network card of the motherboard is disabled in the bios

Most of us who use Proxmox reserve that port for Proxmox...makes it a lot easy, and once you passthrough the PCIe NIC in your setup, Proxmox won't have a gateway. Please visit here: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

Hi,
Thanks for sharing that issue. I've exactly the same. Took long time to define the issue.
So, on Proxmox 8 at least, when installing pfsense in a standard way without UEFI, we are able to start the firewall and so on. issue is that when restarting on Proxmox 8, pfsense doesn't restart (note that if trying multiple time, seems some of the versions may restart. So, consider it also as a random issue).
Point of attention may be that it is working fine under Proxmox 6. Absolutely no issues with that version.

@Bob-Dig I got it to work! I think it was a conflict with trying to force a static IP on that LAN adapter. Allowing it to automatically get IP fixed it. I knew I was over complicating something. Much appreciated!

I don't use HAProxy, I couldn't really say how that might affect it. But anythijng that applied to I would expect to equally affect traffic from external IPs and it is not. The only significant difference there is the source IP used which I guess some of those might see. But I wouldn't expect a delay, it would just reject it instantly.
Just how 'slow' is it from internal clients?

@SteveITS cheers :-) muchly appreciated

That leaves me with the other option of me at some point configuring the OPT1 and OPT2 rules, in a way which I wouldnt normally configure them, then forgetting about it. Trip to the docs on the cards......

Labbing multiple scenarios and builds can mess with your head - at least I have an answer now!

@john24634
So you might want to be able to communicate with the outside world without limits.

So you should create a bridge in Debian first and then connect the VM to the bridge.

NAT means that the VM is on another subnet and the host nats the traffic.
Isolated means that the subnet cannot talk to the outside world, but only to other VMs, which are connected to the same virtual network.

Consider that you can add multiple virtual interface to the VM even if you have only a single physical NIC. For instance an isolated network to communicate with other VMs.

@DEHAAS I had a similar problem with a windows vm in proxmox. So I guess this is not specific to the VM OS, just Proxmox.

@eiger3970-0 I have never used OpenVPN because I don't allow any access to my internal network from the Internet, I just know that such access is best achieved through a VPN. I can't help you with OpenVPN config.

Regarding passing through the NIC, this is straightforward and explained here. After IOMMU setup, simply add a new PCI Device to your pfSense VM and pick your NIC [port] from the list. After rebooting pfSense, re-run the network configurator and choose the passed-through device as your WAN interface. Note: this directly connects the NIC (port) device to your pfSense VM, it will no longer be available to any other VM - this is usually preferable because everything on the local network should be behind the firewall.

The best way to intuitively understand VPNs is by imagining that the Internet doesn't exist and you have a really long Ethernet cable connecting the external device directly to the internal network i.e. it should pick up an internal IP address from your LAN's DHCP server.

Another point about OpenVPN in particular is that it supports 'split-tunnelling', which means that you can choose which traffic on your external device is routed through the VPN. All traffic is the default option but remember that this will increase latency and use up more of your home network Internet bandwidth. Maybe you only want Remote Desktop type software to route through, or SSH apps?

@jmaffie said in Slow bridge on proxmox:

I get a slow speed ~4GB/sec.

Only 4GB/sec... Don't run a firewall-appliance I guess.

@Patch Thanks, this is working now, just need to sort out some port forwards.

Or do it manually.
Takes about 2 minutes using (paste from a cheat sheet works)

Diagnostics -> Edit file Diagnostics -> Command prompt -> Execute Shell Command

Hello @MikeFromOz,

Indeed, I went to Orange with the Max 2 Gbps/800 Mbps offer, which is extremely stable, in my area anyway.

I use the 2.5 Gbps port of the Livebox 6 with pfSense to benefit from the 2 Gbps, even if I have a ready installation with an ONU SFP GPON 2.5 Gbps module because I sometimes had problems with the link re-establishing during a physical disconnection test. I totally agree that Free's hardware is very good and much more "flexible".

@Khoomn Proxomx management port needs to be connected to your lan.

If you are using pass through for the pfsense NIC that will need to be done by connecting a third NIC on your Proxmox box to your physical network switch.

If you are connecting the pfsense VM to virtual NICs then you will be connecting each virtual NIC to a bridge (software switch) in Proxmox. You can then connect your Proxmox management interface to the LAN virtual switch (define an IP address for it in the Proxmox network tab)

@yobyot said in Do you have performance tips for Proxmox virtualized pfSense?:

Actually, no.

pfSense was running on an external Vault. When I migrated it to Proxmox, I put it on vmbr1. I haven't found a way to renumber the bridges so that it "looks" right and now I kinda like it.

Well, if it works for you, hooray...I just shared what the pfSense document says...like I installed using UEFI for pfSense on Proxmox, as well as, install Proxmox on ZFS.

I waited for 2.7.0 but the issue remains there. That's very, very bad. Seems to be an issue with underlying FreeBSD as this is recognized there too, also in OPNSense. Irritating is for me the fact that there are different amounts of LAN interfaces causing this issue. Clean booting a newer pfSense image hits the same issue...

@NollipfSense Thanks for the reply. Ifconfig doesn't have a setting for FEC, but fortunately I found the solution by using the intel driver specifically for the E823-L which offers a wide range of tunable parameters.

Unfortunately that driver doesn't compile correctly using the the latest FreeBSD 14.0 CURRENT release and the RELEASE version has been delayed. So it looks like I'm stuck on pfSense 2.6 until I can compile a driver for the latest update.

@Patch said in Some packages fail to start after issuing "reboot VM" command on Proxmox:

Try it.
When watching the process on the Proxmox console for pfsense it proceeds cleanly.

I actually did, a boot up though using Proxmox...just can't see myself doing a shutdown.

@viragomann

I didnt change anything, its set to VMX3, not e1000

@jacky said in Proxmox hosted pfSense Netgate Device ID changes on reboot:

The changes on the MAC address on this USB NIC is the cause of the changes of the NDI.

Interesting, indeed; that will do it....

@digdug3 Thank you, your suggestion still works.
link text

@andrew_241 I thought you would be using esxi or something. I like Hyper-V better as it's native in Windows and works really good now.

Unfortunately I have zero control over the hypervisor… I’ll ask the hoster

@provels Thanks I'll give that a try. I think what im going to do first is make a new backup of the physical box tested with that isnt using PFSense Plus and try to restore that config to the VM first to see what happens. If that doesn't work I'll do as you suggested.

@NollipfSense that's why it works correctly, it disables it automatically (although it's always good to disable it ALSO manually)

Thank you very much

@Richard-1 said in No DHCP on proxmox:

On my Win11 VM I receive ip configuration from DHCP server, on my physical PC no DHCP configuration received, I need to enter ip, subnetmask, gateway, ... manually to connect to network.

It's the way you have it setup...please see here: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

Did you connect your physical PC to pfSense LAN? Nothing is wrong to connect manually though. You should consider amending your title as Proxmox doesn't do DHCP.

@nasheayahu

pfSense is a GUI based router firewall.
So, use the GUI ( 😊 ).

575ffff5-d821-49ed-83a0-db734ea93c72-image.png

All, this means every config file, like /etc/hosts, are created upon boot or system GUI config only.
You should not modify them manually.

The entire system config is read from /cf/conf/config.xml upon boot. Go have a look.

Solved - https://forum.netgate.com/post/1110576