Virtualization + WLAN?



  • Hello guys,

    I’m moving soon and my new home will have two separate internet connections which I plan to loadbalance with pfsense.
    Since I have a beefy quadcore homeserver running 24/7 already, it would be a good idea to virtualize pfsense instead of getting another box for it.

    The server is running OpenSolaris as the host OS and a couple of VMs in Virtualbox. I have plenty of NIC slots available for pfsense, the only thing that worries me is WLAN.

    Is it possible to use pfsense as a WLAN AP within a VM? I figure it should be possible by using an USB wlan stick and passing that directly into the VM.
    Using a PCI WLAN adapter on the other hand seems impossible and using an external router as an AP is what I will fall back to if nothing else works.

    (new idea: could I set up the Host-OS as an AP and then bridge that connection into the pfsense vm?)



  • I not sure about wireless support, with virtual box and OpenSolaris.  This is the same issue I am facing with my XenServer.

    My solution was to create a second interface in PFSense and stick a second nic in the virtual server.  From there I connected a 4 port 2-Wire AP provide by Embarq.  It's working great.  I am not having any issues with it.

    I hope this helps.
    RC


  • Rebel Alliance Developer Netgate

    As far as I can tell there isn't any way to access a WLAN nic in VirtualBox, at least on Windows.

    Even if I bridge to it, I get nothing.

    Perhaps if it was USB wireless, you could use the USB filters to get there, but that's about the only way I could foresee working.



  • The easiest way would be to connect an external access point. The advantage of this is that you can choose where to place it regardless of where your server is. You don't really need a separate router, just an AP, although they aren't really very popular anymore. Some companies still make them though, such as the Netgear WNHDE111-100FSS wifi-n access point.

    Watch out though, wifi-b and wifi-g (2.4ghz) devices can't connect to wifi-n access points. You could either find one that's compatible with both, use 2 APs, or just use only wifi-g if you don't require much bandwidth, if you need wifi-g support (eg for a smartphone or PSP, the kind of devices you tend to forget about)



  • You can turn any wireless router into a normal AP if you just do not connect to wan port and disable dhcp.



  • The only way to have a pci or pci-e card passed to a virtual machine is with XEN opensource not Xenserver from citrix.



  • Free version of XenServer 5.5 lets you assign a nic directly to a vm.  There are two wireless adapters that are compatible.  I don't remember which but look at the hardware compatiblity list for sure.
    RC



  • For nics you dont actually need to pass the physical nic to the VM but can set it in the config file to access the nics. The nics can also be assigned to other VM at the same time the virtual switch in XEN will take care of all traffic automagically for you. I personally picked XEN opensource so that i could pass pci or pci-e cards like telephony card to trixbox or asterisk and hylfax. Also to add video capture cards for zoneminder.



  • Well, this is my setup that I have under testing and seems to work.

    Physical Hardware:

    Laptop with 1 Ethernet and 1 Wireless built in.
    1 dir-825
    1 dir-655
    1 dwa-160 (usb 2.4/5Ghz card)
    Siemens Gateway

    I have the Seimens gateway outward facing as it is being used as the ADSL modem > dir-825 as access point > dwa-160 > laptop > ethernet > dir-655 as second access point.

    Stupidly complex setup but all i have is a laptop which I use for everything and the dir 655 is only in the equation to test how pfsense works as a NAC/router and AP.

    As for software typology, I have pfSense as a guest OS inside VMWare 7. (versioning doesn't matter, I originally intended to try and figure out how I could fit esxi into the equation to eliminate all hardware routers and strictly have everything running as softawre and virtualised). Anyway, pfSense as a VM only has two Virtual adapters. The WAN and LAN (for now). On Windows 7, I had VMware create only 1 Vmnet adapter that I will be using.

    In VMware (not pfSense webgui), I bridged what would be pfSense's WAN interface to my dwa-160 which is connected to the DIR-825. So now pfSense connects directly to my physical network and obtains the physical internal network ip address of 192.168.0.xxx

    I set vmware to also bridge what would be pfSenses LAN interface to my physical LAN adapter. I put the ethernet cable into anything but the WAN port of the dir-655 (since i am still double nated this way) after turning off DHCP in the router. With both virtual adapters bridged to physical adapters, I am able to test pfSense outside the virtual environment. IE: how physical computers will be affected by pfSense. I did however have to set static IP address for the LAN adapter within pfSenses network segment.

    Now, to test the network as an access point, I just connect my built in wifi adapter (not the dwa-160, remember I listed I had 2 wifi cards) to the dir-655 which is now successfully hardwired to the laptop and see if the wifi adapter gets an IP address from pfSense, which is a success. However I can't test against pfSenses functionality because Win7 will be using my dwa-160 as it's internet connection and any changes to it will affect network connectivity with the AP and pfSense. For THAT, I load up Win7 in VMware and connect the laptops built in Wifi card directly to it. Once the Virutal Win7 see's the card as a real device, I then do the same, connect it to the dir-655. I get an IP address from pfSense, great, AND I get internet as expected. Traffic is flowing through pfSense as it should and so is the L7 and other QoS rules and the portal. I am sure that it will communicate just fine with the radius server as well.

    So in terms of a wireless router hardwired to the machine that is running pfsense as a vm and having it act as an AP, yes it's do-able.

    If your method of connectivity includes a modem that has wireless capabilities ie:Gateway, then the method I described above will work fine. Your physical machine will not be affected by pfSense but you will should still maintain access to the webconf without having to load up a seperate VM.

    If you want to have VitualBox use a wifi usb as a passthrough device, you will have to check on the HCL if the wifi chipset is a supported device and if OpenSolaris supports it, otherwise VirtualBox won't detect it. My guess is that you may have a lot of device hacking and scripting that you may have to play with.


Locked