Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense on PROXMOX with HomeAssistant

    Scheduled Pinned Locked Moved General pfSense Questions
    58 Posts 6 Posters 17.8k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bearhntrB Offline
      bearhntr
      last edited by

      I am currently running 2.5.2-RELEASE (amd64) / built on Fri Jul 02 15:33:00 EDT 2021 / FreeBSD 12.2-STABLE on an HP t620 Plus ThinClient with 128GB m.2 SSD and 16GB RAM as stand-alone install. The box has an on-board NIC and a PCI 4-port NIC (of which only one is used as LAN port).

      I have thought of adding a WiFi Card to the box and getting rid of my Netgear ORBI for WiFi AP. Is this possible/recommended?

      What I would like to know is best process to move to PROXMOX on this box, (making sure I have a backup of my current pfSense) and then on the PROXMOX installing pfSense 2.6.0 and then being able to restore the settings there from my 2.5.2, Is there a documented process for this?

      If I decide to go this route, what are the recommended settings for the VM in Proxmox?? Given the CPU is quad-core and has these specs:

      AMD GX-420CA SOC with Radeon(tm) HD Graphics
      4 CPUs: 1 package(s) x 4 core(s)
      AES-NI CPU Crypto: Yes (active)
      QAT Crypto: No
      Hardware crypto AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS

      HomeAssistant would be fine with 2 CPUs and 8GB RAM - I would think. 🤔

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        It's possible to add a wifi card to pfSense but not recommended. The wifi support in FreeBSD, and hence pfSense, is limited. The best you can do is an 802.11n 3x3:3 card.
        So, no, it probably won't replace an external AP.

        You can import your config into a VM as long as it has at least the same number of NICs available. There is no particular issue there.

        https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

        Steve

        bearhntrB 1 Reply Last reply Reply Quote 1
        • bearhntrB Offline
          bearhntr @stephenw10
          last edited by

          @stephenw10

          Well SHUCKS on the WiFi and AP stuff. :-(

          The only difference will be that (if I do this) the pfSense ( I intend to upgrade to 2.6.0 ) and it will be a virtual machine, instead of full hardware access.

          Should I upgrade the current >> make a full backup (off line storage) and then do the VM install and then some kind of restore? or would it matter?

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Doesn't matter. You can import a 2.5.2 config into 2.6 no problem. The interfaces are likely to be different so you'll need to re-assign them either way.

            bearhntrB 2 Replies Last reply Reply Quote 1
            • bearhntrB Offline
              bearhntr @stephenw10
              last edited by

              @stephenw10

              Thank you -- now to find a time to do this, and when I take pfSense down...no Internet. :-)

              1 Reply Last reply Reply Quote 0
              • bearhntrB Offline
                bearhntr @stephenw10
                last edited by

                @stephenw10

                I have hit a SNAG - I think.

                Whereas I had pfSense on its own box, I would like to move this to a PROXMOX VM on a box with on-board NIC and a 4-port ETH Card installed. As I now have no pfSense for router - I am confused.

                In the old configuration the ETH from the cable modem was in the on-board NIC (WAN) and port0 on the 4-port was (LAN) run out to my Netgear ORBI (in AP mode) to give me WiFi and access to other devices plugged into it.

                When I install Proxmox - it appears to be getting an IP address from Cable company - and it is a 98.232.xxx.xxx address and appears to be /21 address.

                How then would I get to the web page to setup PROXMOX and thusly build a pfSense VM ?

                P 1 Reply Last reply Reply Quote 0
                • P Offline
                  Patch @bearhntr
                  last edited by

                  @bearhntr maintain a backup router for when Proxmox fails. It just needs to provide minimal functionality to restore & debug Proxmox during fault conditions so an old multifunction router should be adequate.

                  bearhntrB 1 Reply Last reply Reply Quote 1
                  • bearhntrB Offline
                    bearhntr
                    last edited by

                    Took me some time...
                    ...and lots of help from the Internet.

                    I have a pfSense installation in Proxmox 7.2-7 and everything appears to be working.

                    Just a shout-out to all the helpers:

                    @Patch
                    @stephenw10
                    @viragomann

                    D 1 Reply Last reply Reply Quote 1
                    • D Offline
                      darcey @bearhntr
                      last edited by

                      @bearhntr Regarding wifi AP. Since pfsense is not recommended for wifi duties due to the lack of supported hardware in FreeBSD, you might consider an OpenWRT x64 VM or container now you are successfully running Proxmox. I thought about that and had it running for a short while. However the wifi hardware I used was not equal to the performance of my old router. So now I continue to run the old router as AP only using freshtomato on an RT-N66U which provides for vlans.
                      The all in one idea appealed to me. However it is hard to find wifi hardware to compete with dedicated APs and it can make siting antenna inconvenient.

                      bearhntrB 1 Reply Last reply Reply Quote 1
                      • bearhntrB Offline
                        bearhntr @darcey
                        last edited by

                        @darcey

                        Thanks for the idea -- did some googling and got some reading to do this weekend.

                        1 Reply Last reply Reply Quote 0
                        • bearhntrB Offline
                          bearhntr @Patch
                          last edited by

                          @Patch

                          So -- I did get this all working. It is nice. 2 questions:

                          1. I would like to think about moving this to my new Proxmox box - much more RAM and better CPU than this HP ThinClient. Suggestions on best method? (I was thinking a BACKUP then restore on new install??)

                          2. Looking these OpenWRT on Proxmox instructions. Ever done that?

                          P 1 Reply Last reply Reply Quote 0
                          • P Offline
                            Patch @bearhntr
                            last edited by

                            @bearhntr said in pfSense on PROXMOX with HomeAssistant:

                            moving this to my new Proxmox box

                            I assume you have now installed pfsense on different hardware bare metal and got that system running and would now like to move pfsense to your Proxmox sever.

                            If so, well done, you have done the hard bit as you have pfsense working and have a backup system.

                            Next steps

                            1. Create a VM on Proxmox. You will need to think about how WAN get into Proxmox and LAN connection(s) get out of Proxmox
                            2. Install pfsense on that VM
                            3. Import the pfsense configuration from your other installation
                            4. Reassign NICs
                            bearhntrB 2 Replies Last reply Reply Quote 0
                            • bearhntrB Offline
                              bearhntr @Patch
                              last edited by

                              @patch

                              Nope -- pfSense is running on Proxmox on my HP t620+ ThinClient where it was bare-metal.

                              The system has onboard NIC - which took me forever to get working as the 'mgmt port' for Proxmox, and a 4-port NIC in the PCI Slot. Port 0 on there is the WAN and Port 3 is the LAN port which connects to the ORBI (in AP mode) and everything is working.

                              I had ordered an HP Z240 SFF machine - which finally arrived. The RAM for it should be here today (64GB) and I would like to move the pfSense from the Proxmox it is on now - to the new one. I am very familiar with VMware ESXi and moving things many times requires a tool to move the VMs to another host. I am hoping this is easier in Proxmox.

                              If it is just as simple as making a BACKUP and then a RESTOR - should be easy enough...as I am planning on moving the 4-port NIC to this new Z240.

                              1 Reply Last reply Reply Quote 0
                              • bearhntrB Offline
                                bearhntr @Patch
                                last edited by

                                @patch

                                Thanks for the assist. So I think I have one more final question.

                                Do I have to have 3 physical NICs (one of for the Proxmox management port, one for WAN and one for LAN)?

                                I ask - because I ran a script to install HomeAssistant in Proxmox, and it installed - with no errors and it started up - it got a DHCP Address from pfSense and I could access the web page for it. When I looked...it had grabbed the NIC that I have configured as vmbr0 (my management port).

                                P 1 Reply Last reply Reply Quote 0
                                • P Offline
                                  Patch @bearhntr
                                  last edited by Patch

                                  @bearhntr

                                  • pfsense will see the virtual NICs you set up in Proxmox.
                                  • If you want pfsense to work with a saved configuration, the VM will need to have the same number of virtual NICs as your saved configuration.

                                  In summary

                                  • if you want your pfsense VM to use a Management lan then you will need to provide one.
                                  • If you want your pfsense VM to use vlans you will need to ensure the virtual NIC support vlans or use NIC pass through (as I do).
                                  bearhntrB 1 Reply Last reply Reply Quote 0
                                  • bearhntrB Offline
                                    bearhntr @Patch
                                    last edited by

                                    @patch

                                    Thanks for the reply. Yes. I understand that I have to setup vmbr# for the ports I want to use in pfSense. I am not using VLANs.

                                    Currently in Proxmox - I have 3 of the 5 ports in this computer setup with vmbr0, vmbr1 (WAN), vmbr1 (LAN). The vmbr0 I set a static IP to be the mgmt port for Proxmox.

                                    What I am questioning is...do I have to do that?

                                    Currently there is a ETH from the modem into the WAN port - it is DHCP and gets IP from ISP.

                                    The LAN port has an IP set to it from within pfSense (statis IPv4 and for DHCPv6 as Track Interface (pointing to WAN)) and it gets an IPv6 from there. There is an ETGH cable from there into my wireless AP (the old WAN port there). It used to be my Router, now in AP mode.

                                    From one of the other ports, I have ETH cable plugged into the 3rd (mgmt) port on the Proxmox. What I am wondering -- is this required?

                                    P 1 Reply Last reply Reply Quote 0
                                    • P Offline
                                      Patch @bearhntr
                                      last edited by Patch

                                      @bearhntr
                                      The vmbr are effectively virtual Ethernet switches, so can be used similar to a hardware switch.
                                      I would normally connect the Proxmox management interface to my lan. This can be done using the internal vmbr switch or externally using a hardware switch.

                                      Note if you use pass through (like I do) there in no internal Proxmox virtual switch.

                                      bearhntrB 1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        You could use the LAN bridge to manage Proxmox. My Proxmox host here only has one NIC and it's not a problem. You would want at least two if you're using it to host your main firewall though.

                                        Steve

                                        bearhntrB 1 Reply Last reply Reply Quote 1
                                        • bearhntrB Offline
                                          bearhntr @stephenw10
                                          last edited by

                                          @stephenw10

                                          Makes a little more sense. I am not understanding best way to do this. As the PC has 5x NICs (one on the system board and a 4-port PCI card). As I read what you are saying I would only need to setup/use 2 of them (total)?

                                          How would this work to do the install? Plug the ETH into the on-board NIC - then install Proxmox? That MAC currently has a DHCP reservation in pfSense (to get 192.168.10.252) --- but since pfSense is currently "ON" this Proxmox as a VM - not sure how I make the change. When I installed Proxmox - I set this NIC to be vmbr0.

                                          As in pfSense I used 2x of the NICs on the 4-port and one is WAN (connects to cable-modem) and is vmbr1 in Proxmox and another one as vmbr2 (the LAN port in pfSense -- this one I set in pfSense to be 192.168.10.254).

                                          stephenw10S 1 Reply Last reply Reply Quote 0
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator @bearhntr
                                            last edited by

                                            @bearhntr said in pfSense on PROXMOX with HomeAssistant:

                                            When I installed Proxmox - I set this NIC to be vmbr0.

                                            Then make vmbr0 the LAN bridge. Change the pfSense LAN NIC to use that instead of vmbr2.

                                            Or just add a management IP in the LAN subnet to vmbr2 and access proxmox there. Then do whatever with vmbr0 and the port attached to it.

                                            When you're running the edge. firewall as a VM though it's always a bit of a chicken/egg situation.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.