pfSense on PROXMOX with HomeAssistant
-
If you have already created your pfSense-VM. Click on it in the management interface in Proxmox, click Hardware and see if there are any interfaces assigned to it in the list. With your setup you should have vmbr1 and vmbr2. If not, and it's ok to create a VM without any network interface, then you can add as per the following procedure.
Click Add -> Network Device at the top menu under hardware.
In the box that appears you have a similar drop down as in your picture above where it sais Bridge: vmbr0. Click the drop down and you should see all bridges available through Proxmox. Select vmbr1 and click OK (uncheck firewall perhaps).
Then do the same thing again but this time select vmbr2.Restart the VM and you should now see both interfaces in pfSense.
-
Yes - as when I was building the VM - when I got to Network - there was nothing showing. I had to create the bridges to see the NICs. Unless I need to change something in Proxmox.
-
-
-
This is what I used to build my pfSense in Proxmox.
https://forum.netgate.com/topic/162083/pfsense-vm-on-proxmox-qemu-agent-installation
-
@bearhntr
So did you try adding an IP to vmbr2? -
I am not sure what you mean on this.... 'adding an IP to vmbr2'
@stephenw10 and @Gblenn
So I just found this. https://www.servethehome.com/how-to-pass-through-pcie-nics-with-proxmox-ve-on-intel-and-amd/
I did the IOMMU thing on the existing machine - HP T620+ ThinClient - and do not think that it actually likes it. In the link above it show adding the NICs as PCI Devices - not as Network Adapters.
I would like to get this all setup and working - but problem being - when I shut down the current pfSense to build a new on - - I lose Internet. I could fall back to my old ORBI as the Router and DHCP - but it really mucks up things until I go back around and reboot many things in the house.
I have a new box that has a much more powerful CPU and it appears that the IOMMU settings are working there. Where I was planning on moving the current pfSense - once I figured out this NIC thing. This new box is the same -- has a PCI Card with 4-ports and an onboard NIC.
I do not have a problem setting up the pfSense again - all over - but wanted to know if there was a better way to do it.
-
You can see that there is an IP address on vmbr0. If you edit vmbr2 you can add an IP address there too. If it's in the pfSense LAN subnet I expect to be able to use that access Proxmox. Though I should say I've never tried that and cannot test it here directly since I only have one NIC.
Edit: I was able to test that and it doesn't work. So something more would be required there.
Edit2: Actually it looks like that will work fine I just need to reboot Proxmox to apply it and can't do that right now.
-
Ok so you have pfSense up and running now with a working configuration. Do you really need to move it to the new machine? Even if you can utilize IOMMU there, you will probably not notice any difference in throughput. However the WebUI will likely be more snappy if it has a more powerful CPU. Also if you have more memory and cores you can of course boost it in that regard as well (2 GB is a bit low isn't it?).
I suppose there are two ways you could get it working on the new machine...
-
Make a copy of the VM from within Proxmox and restore it on the new machine: And to do that you can create a VM running Proxmox Backup Server. Add it to the Datacenter on both machines and then you backup and restore (or "move") VM's betweenr machines.
-
Make a full backup of your current pfSense configuration from within pfSense. Build a new VM on the new machine using the 2.6.0 ISO. Go through the basic setup and then simply do a restore and it should be up and running exactly like the previous one.
Depending on chipset on the Ethernet cards on each respective machine, you may have to go in and rename the Interfaces in pfSense after the restore.
-
-
I could give it an address vmbr2 - it DOES have one...in pfSense that is the LAN port - and pfSense gives it 192.168.10.254. I do not know that it would make any difference.
How do you do pfSense on a machine in Proxmox without only 1 (one) NIC?
I hate to seem dense - but when I was playing at home with VMWare ESXi (the machine I had it on has just ONE NIC) and had no problems with it and with 4 VMs on there. Only thing is - none of them were pfSense (router or anything like that). I had one VM as Server 2019 and it was a Domain Controller and pfSense was on a stand-alone HP ThinClient which handled DNS and DHCP....the DC just pointed to it as the DNS Forwarder. I gave up on the DC - as I could never get IPv6 to do what I wanted...and thus that ESXi box got formatted and turned into a PLEX box.
-
The reason that I want to move it to the new machine - is because it has better CPU and 64GB RAM (I bought it to be a new Proxmox Host) -- then look into possibly using the HP T620+ (which "was" my pfSense box - before putting on Proxmox) for something else. Maybe some sort of HA configuration.
I want to install HA (which is on an HP T620 ThinClient) as another VM on this box. I was also looking at an OpenWRT Router (for WiFi - and get rid of the ORBI) - but do not really need a Router with pfSense. pfSense does not work well with WiFi - so I have read.
The ultimate goal to get rid of machines and make VMs out of them. Been looking into AgentDVR and some other stuff for Cameras and such too.
-
@bearhntr
I suggest you-
Install pfsense on both of your hardware devices. That way if you break one you can then use the other one to rapidly restore internet access. This will be a useful backup in the future when you update Proxmox (occasionally IT changes do not go to plan).
-
Experiment with multiple VM running pfsense (only one running at a time to start with). Again it enables you to easily compare different setup options. I have a VM configured for pass through and another using Proxmox bridges. After you find the configuration you prefer, set it to start automatically on restart. The VMs you don't like as much can be deleted later.
-
-
@bearhntr said in pfSense on PROXMOX with HomeAssistant:
How do you do pfSense on a machine in Proxmox without only 1 (one) NIC?
In my case all the pfSense VMs there have a WAN connection to a bridge that has the one real NIC on it. Then they all have other interfaces to other bridges that don't have a NIC, they only exist internally in Proxmox.
I use that for testing pfSense not for routing my real traffic. If I wanted to have connections to two external subnets (wan and lan) I would need to use VLANs.Steve
-
I am considering putting pfSense back on the HP T620+ like it was before I got started in this Proxmox madness
That way I can leave it until I figure out his NIC stuff on the new HP Z240 that I want to be a Proxmox host.
I just took one of my old slow-ass machines with a single on-board NIC and put ESXi 6.7U3 on it. I know this product and want to see how a pfSense on there works with only the ONE physical NIC.
-
I know zilch about VLANs - but someone told me I should do something like that with my SmartHome stuff and keep it separate from my other stuff....also said I should have 2x WiFi Networks for that too (not a Guest and Main - which I already have when people visit and want to use my WiFi).
Someday I will be able to get a UniFI system here.
-
You have multiple NICs so no need VLANs. But, yes, you would use that for an access point with multiple SSIDs. They're not that complicated.
Steve
-
Ok -- got the ESXI setup. While I probably did not need it, I followed this and and installed pfSense in there (only the WAN pulled an IP from my DHCP on the other running pfSense) -- no biggie. I basically wanted to see the differences. If I can grasp this part - I will have a better understand on building this in Proxmox.
https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-esxi.html
SO - given that ESXi 6.7 uses Virtual Switches and Port Groups (
why can everyone not use the same names....lol )Which of these corresponds to what in Proxmox? Again -- the box where I put ESXi - only has ONE physical NIC. It got the 192.168.10.11 from the 'other' pfSense
-
I'm guessing the Virtual switches tab where you have defined WAN and LAN are the equivalent of Linux Bridge vmbr1/2 in Proxmox. Either way you will see the device name and can assign them during the setup of pfsense. In proxmox you do that via the Console for the VM. Double click a VM, or right click ans select Console. I would imagine there is something similar in ESXi?
You would see enp1s0f0 in pfsense but the UI for ESXi doesn't seem to reveal that info? -
Oh Yeah - there is a 'Physical NICs' tab in ESXi -- show you this. (just has another naming format).
-
Proxmox and ESXi handle VLANs very differently.
On ESXi you define a vSwitch backed by the physical NIC and set a VLAN ID on that vSwitch so it operates on just that one VLAN. Then in the guests each interface would talk on a different vswitch dedicated to different VLANs.
On Proxmox you don't get that convenience, at least with bridges. You setup a bridge to the one physical NIC and then you pick that same
vmbrXinterface on the guests but you manually set the VLAN ID for each network in the guest NIC configuration.For example in my lab Proxmox setup it only has one upstream connection to my switch, and the switch is tagging all VLANs on that port:
When I set a guest VM to use different VLANs, I set the ID in its NICs:
Note how the two "external" interface here both use
vmbr0with differenttagvalues.For example:
I haven't messed with openvswitch (OVS) but I've read it works differently and may be closer to ESXi, but it's not as simple to work with.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
