Issues with installation of pfSense in Proxmox VM on Qotom

Pizzabroodje

Hi!

I installed pfSense on my Qotom Q878GE in a Proxmox VM using this guide:
https://fuzzyitlogic.com/2018/11/05/install-opnsense-in-proxmox-ve-on-a-qotom-q355g4/

(I know the guide is for OPNsense but it should work for pfSense too.)

I want to run pfSense in a VM so I can run a UniFi Controller in another VM. The Qotom is more than powerful enough for it.

I have an issue though: I can't connect to the pfSense web interface although everything seems to be configured properly. Can anyone help me with this?
I have the first port of the Qotom configured as WAN and connected to my ISP's router (will put the router in Bridge later), and the fifth port of the Qotom configured as LAN, which I currently just have a laptop connected to to access the Proxmox web interface.

Pinging my router's IP address, other devices connected to that router, and google from pfSense works, but pinging the pfSense IP address (192.168.1.1) from the laptop connected to the LAN port doesn't work, so I suspect something is wrong with the LAN configuration, I just can't figure out what.

Patch

@pizzabroodje
In Proxmox -> pfsense virtual machine -> console
Does that show pfsense is running OK

Have you confirmed relationship between the physical labeling and software labeling of your net ports. Mine run in the opposite direction. As a test connect your laptop to each network port in turn to see which behaves as the LAN port.

Pizzabroodje

@patch yes it does, that's also where I'm pinging from.

And yes I figured out which port is which. There's 8 ports, 4x i211-AT and 4x i350. Numbered from right to left like on the Qotom itself, first the i211s and then the i350s.

Patch

@pizzabroodje More information is required.

1. Proxmox -> pve -> Network
   What is showing there. A screen capture would help

2. Proxmox -> pfsense virtual machine -> Hardware
   What is showing there. A screen capture would help

3. Proxmox -> pfsense virtual machine -> Firewall -> options
   Is this disabled, What is showing there.

4. When you reboot pfsense from Proxmox -> pfsense virtual machine -> console
   What start up information do you see. What port assignments?

Failing the above you maybe best to initially run pfsense bare metal then later load proxmox and run it as a VM

Pizzabroodje

@patch

I don't see any port assignments though

Patch

@pizzabroodje Nothing obvious stands out to me, although I'm not sure the NIC are in different IOMMU groups.
However I would commission your system in stages though

1. pfsense bare metal on Qotom

2. pfsense without pass through on Proxmox on Qotom

3. pfsense all network interfaces pass through on Proxmox on Qotom

4. pfsense mixed network interface pass through or not on Proxmox on Qotom

By the way, I don't understand why you want option 4. Option 3 makes more sense to me because then pfsense can have hardware offload enabled.

@pizzabroodje said in Issues with installation of pfSense in Proxmox VM on Qotom:

I want to run pfSense in a VM so I can run a UniFi Controller in another VM. The Qotom is more than powerful enough for it.

Sound sensible to me. I'm planning a similar solution but also running 3cx in another virtual machine. Aim is a DIY all in one "router"

• pfsense router / firewall
• UniFi wifi
• 3cx VoIP

Pizzabroodje

I think I got it working! I couldn't access the Proxmox web interface anymore either no matter what I tried so I reinstalled Promox entirely. After reinstalling it still didn't work, so I tried again using another subnet in the network configuration during setup, and manually connecting my laptop to that subnet. After that I was able to access the Proxmox web interface again, so I continued following the steps like I did before. I was now able to connect to the pfSense interface too. I think the issue was with DHCP not working yet because the setup of pfSense in the web interface wasn't completed yet; the new subnet I used is the same subnet I used for pfSense (192.168.1.x), so that's probably why I was able to connect now.

For now I can't test any further until tomorrow because our switch is in my parents bedroom, and they're asleep now. I did test another laptop and that did immediately get an IP within the subnet, it also was able to connect to the internet.