pfSense Plus - licence - Proxmox Virtualization

Tigo · Oct 15, 2023, 1:26 AM

I've recently started to work with Proxmox, and virtualizing pfSense Plus. Changing configurations, backing up the VM machine, restoring the VM, changing its PID etc. I'm finding that after restoring a VM machine, or changing it's PID - I'm unable to update packages. When I check the Registeration of pfSense, it provides the empty blank box of not registered.

Do you order a new registeration token for every change - of PID - backup / restore? Or how do you manage things?

I understand that tokens are single use, and it's advised that all configurations are done in the CE 2.7 first then to move across to the plus. But, does this mean that you should have a CE 2.7 machine for all the experimenting - trials, and then, once all configuration is done, and to then just migrate that Plus. Set & forget.

For e.g., a lesson from the trials.
Configured a VM with the default setup within Proxmox - following instructions from netgate - using SeaBios for the machine & PCI passthrough for the WAN. The "IPsec-MB Crypto: Yes (inactive)" was inactive, slower OpenVPN connections.

Then, I noted the UEFI config at the bottom of the page, and tried to convert the VM - but that failed - too many errors, and then stopped booting. I created a fresh new VM using UEFI - and found "IPsec-MB Crypto: Yes (active)" - hmmm.

So, I created another VM machine using the HOST as CPU - and Seabios, PCI passthrough for the WAN. The "IPsec-MB Crypto: Yes (active)". Running pfSense in a UEFI machine is unnecessary.

Apologies for the long message, or if it's not in the correct forum area.

SteveITS · Oct 15, 2023, 1:26 AM

@Tigo The license is tied to the NDI which is recalculated with hardware changes. Sounds like you created new VMs so the ID changes. Once your BIOS config is set you could reinstall in the same VM and should be OK.

Tigo · Oct 15, 2023, 3:38 AM

@SteveITS
hmmm, you're correct, guess new VMs were created with trials. In the first attempt, it was a restore into a new VM - as I was testing destroying the VM and rebuilding it. Then, the other 2 attempts were different bios configs in new VMs. Didn't know of the NDI part. Had previously run pfsense on bare-metal, and that was straight-forward recognized, and no issues.

Seeing that it's a VM machine, I may add / remove network cards, or amend the memory / number of CPUs. Will that lead to changes to the NDI, and, then, the licence is lost, and I'd need to request - acquire a new licence?

If I'm going to lose the licence with every change, then it's probably best to make changes - run them for a couple of weeks - to make sure they're stable & what I want - then, after a fair bit of time to pick-up a licence, once everything is stable.

Can I request from netgate to reset the NDI with the licence tokens that suddenly became unused. Or it's fine'ish....

thanks

SteveITS · Oct 15, 2023, 3:47 AM

@Tigo said in pfSense Plus - licence - Proxmox Virtualization:

Will that lead to changes to the NDI, and, then, the licence is lost, and I'd need to request - acquire a new licence?

Correct. I believe Netgate has posted they will transfer a paid license once. I suspect the theory is most people are not changing hardware on production firewalls that often.

Tigo · Oct 15, 2023, 3:53 AM

@SteveITS said in pfSense Plus - licence - Proxmox Virtualization:

Correct. I believe Netgate has posted they will transfer a paid license once. I suspect the theory is most people are not changing hardware on production firewalls that often.

Thank you - sounds good. Then, I'll experiment with the CE edition all that I can to arrive at a good working form, then upgrade that to the Plus, and leave it for normal software updates.