pfSense on PROXMOX with HomeAssistant
-
Thanks for the assist. So I think I have one more final question.
Do I have to have 3 physical NICs (one of for the Proxmox management port, one for WAN and one for LAN)?
I ask - because I ran a script to install HomeAssistant in Proxmox, and it installed - with no errors and it started up - it got a DHCP Address from pfSense and I could access the web page for it. When I looked...it had grabbed the NIC that I have configured as vmbr0 (my management port).
-
- pfsense will see the virtual NICs you set up in Proxmox.
- If you want pfsense to work with a saved configuration, the VM will need to have the same number of virtual NICs as your saved configuration.
In summary
- if you want your pfsense VM to use a Management lan then you will need to provide one.
- If you want your pfsense VM to use vlans you will need to ensure the virtual NIC support vlans or use NIC pass through (as I do).
-
Thanks for the reply. Yes. I understand that I have to setup vmbr# for the ports I want to use in pfSense. I am not using VLANs.
Currently in Proxmox - I have 3 of the 5 ports in this computer setup with vmbr0, vmbr1 (WAN), vmbr1 (LAN). The vmbr0 I set a static IP to be the mgmt port for Proxmox.
What I am questioning is...do I have to do that?
Currently there is a ETH from the modem into the WAN port - it is DHCP and gets IP from ISP.
The LAN port has an IP set to it from within pfSense (statis IPv4 and for DHCPv6 as Track Interface (pointing to WAN)) and it gets an IPv6 from there. There is an ETGH cable from there into my wireless AP (the old WAN port there). It used to be my Router, now in AP mode.
From one of the other ports, I have ETH cable plugged into the 3rd (mgmt) port on the Proxmox. What I am wondering -- is this required?
-
@bearhntr
The vmbr are effectively virtual Ethernet switches, so can be used similar to a hardware switch.
I would normally connect the Proxmox management interface to my lan. This can be done using the internal vmbr switch or externally using a hardware switch.Note if you use pass through (like I do) there in no internal Proxmox virtual switch.
-
You could use the LAN bridge to manage Proxmox. My Proxmox host here only has one NIC and it's not a problem. You would want at least two if you're using it to host your main firewall though.
Steve
-
Makes a little more sense. I am not understanding best way to do this. As the PC has 5x NICs (one on the system board and a 4-port PCI card). As I read what you are saying I would only need to setup/use 2 of them (total)?
How would this work to do the install? Plug the ETH into the on-board NIC - then install Proxmox? That MAC currently has a DHCP reservation in pfSense (to get 192.168.10.252) --- but since pfSense is currently "ON" this Proxmox as a VM - not sure how I make the change. When I installed Proxmox - I set this NIC to be vmbr0.
As in pfSense I used 2x of the NICs on the 4-port and one is WAN (connects to cable-modem) and is vmbr1 in Proxmox and another one as vmbr2 (the LAN port in pfSense -- this one I set in pfSense to be 192.168.10.254).
-
@bearhntr said in pfSense on PROXMOX with HomeAssistant:
When I installed Proxmox - I set this NIC to be vmbr0.
Then make vmbr0 the LAN bridge. Change the pfSense LAN NIC to use that instead of vmbr2.
Or just add a management IP in the LAN subnet to vmbr2 and access proxmox there. Then do whatever with vmbr0 and the port attached to it.
When you're running the edge. firewall as a VM though it's always a bit of a chicken/egg situation.
-
Something may not be right - as when I create a new VM, I do not seem to have anything but the vmbr# that I created.
This what I see in networking:
-
Not sure what you mean. I see 3 bridges shown.
If you simply add an IP address on vmbr2 in the pfSense LAN subnet can you access Proxmox on that IP?
-
If you have already created your pfSense-VM. Click on it in the management interface in Proxmox, click Hardware and see if there are any interfaces assigned to it in the list. With your setup you should have vmbr1 and vmbr2. If not, and it's ok to create a VM without any network interface, then you can add as per the following procedure.
Click Add -> Network Device at the top menu under hardware.
In the box that appears you have a similar drop down as in your picture above where it sais Bridge: vmbr0. Click the drop down and you should see all bridges available through Proxmox. Select vmbr1 and click OK (uncheck firewall perhaps).
Then do the same thing again but this time select vmbr2.Restart the VM and you should now see both interfaces in pfSense.
-
Yes - as when I was building the VM - when I got to Network - there was nothing showing. I had to create the bridges to see the NICs. Unless I need to change something in Proxmox.
-
-
-
This is what I used to build my pfSense in Proxmox.
https://forum.netgate.com/topic/162083/pfsense-vm-on-proxmox-qemu-agent-installation
-
@bearhntr
So did you try adding an IP to vmbr2? -
I am not sure what you mean on this.... 'adding an IP to vmbr2'
@stephenw10 and @Gblenn
So I just found this. https://www.servethehome.com/how-to-pass-through-pcie-nics-with-proxmox-ve-on-intel-and-amd/
I did the IOMMU thing on the existing machine - HP T620+ ThinClient - and do not think that it actually likes it. In the link above it show adding the NICs as PCI Devices - not as Network Adapters.
I would like to get this all setup and working - but problem being - when I shut down the current pfSense to build a new on - - I lose Internet. I could fall back to my old ORBI as the Router and DHCP - but it really mucks up things until I go back around and reboot many things in the house.
I have a new box that has a much more powerful CPU and it appears that the IOMMU settings are working there. Where I was planning on moving the current pfSense - once I figured out this NIC thing. This new box is the same -- has a PCI Card with 4-ports and an onboard NIC.
I do not have a problem setting up the pfSense again - all over - but wanted to know if there was a better way to do it.
-
You can see that there is an IP address on vmbr0. If you edit vmbr2 you can add an IP address there too. If it's in the pfSense LAN subnet I expect to be able to use that access Proxmox. Though I should say I've never tried that and cannot test it here directly since I only have one NIC.
Edit: I was able to test that and it doesn't work. So something more would be required there.
Edit2: Actually it looks like that will work fine I just need to reboot Proxmox to apply it and can't do that right now.
-
Ok so you have pfSense up and running now with a working configuration. Do you really need to move it to the new machine? Even if you can utilize IOMMU there, you will probably not notice any difference in throughput. However the WebUI will likely be more snappy if it has a more powerful CPU. Also if you have more memory and cores you can of course boost it in that regard as well (2 GB is a bit low isn't it?).
I suppose there are two ways you could get it working on the new machine...
-
Make a copy of the VM from within Proxmox and restore it on the new machine: And to do that you can create a VM running Proxmox Backup Server. Add it to the Datacenter on both machines and then you backup and restore (or "move") VM's betweenr machines.
-
Make a full backup of your current pfSense configuration from within pfSense. Build a new VM on the new machine using the 2.6.0 ISO. Go through the basic setup and then simply do a restore and it should be up and running exactly like the previous one.
Depending on chipset on the Ethernet cards on each respective machine, you may have to go in and rename the Interfaces in pfSense after the restore.
-
-
I could give it an address vmbr2 - it DOES have one...in pfSense that is the LAN port - and pfSense gives it 192.168.10.254. I do not know that it would make any difference.
How do you do pfSense on a machine in Proxmox without only 1 (one) NIC?
I hate to seem dense - but when I was playing at home with VMWare ESXi (the machine I had it on has just ONE NIC) and had no problems with it and with 4 VMs on there. Only thing is - none of them were pfSense (router or anything like that). I had one VM as Server 2019 and it was a Domain Controller and pfSense was on a stand-alone HP ThinClient which handled DNS and DHCP....the DC just pointed to it as the DNS Forwarder. I gave up on the DC - as I could never get IPv6 to do what I wanted...and thus that ESXi box got formatted and turned into a PLEX box.
-
The reason that I want to move it to the new machine - is because it has better CPU and 64GB RAM (I bought it to be a new Proxmox Host) -- then look into possibly using the HP T620+ (which "was" my pfSense box - before putting on Proxmox) for something else. Maybe some sort of HA configuration.
I want to install HA (which is on an HP T620 ThinClient) as another VM on this box. I was also looking at an OpenWRT Router (for WiFi - and get rid of the ORBI) - but do not really need a Router with pfSense. pfSense does not work well with WiFi - so I have read.
The ultimate goal to get rid of machines and make VMs out of them. Been looking into AgentDVR and some other stuff for Cameras and such too.
