ASIX AX88179 USB to GigE
-
It is but it doesn't support that specific chip. I suggested looking in the FreeBSD forum for the product id. If an updated driver, in FreeBSD 9.* for example, does support it then it may be possible to backport it.
Steve
-
The best thing is just go straight to the source:
http://svnweb.freebsd.org/base/head/sys/dev/usb/usbdevs?revision=255238&view=markup/* ASIX Electronics products */ product ASIX AX88172 0x1720 10/100 Ethernet product ASIX AX88178 0x1780 AX88178 product ASIX AX88772 0x7720 AX88772 product ASIX AX88772A 0x772a AX88772A USB 2.0 10/100 Ethernet product ASIX AX88772B 0x772b AX88772B USB 2.0 10/100 Ethernet product ASIX AX88772B_1 0x7e2b AX88772B USB 2.0 10/100 Ethernet
No support for the AX88179 as of 2 weeks ago. :(
Perhaps that's not suprising. Net BSD only just got support for it.
http://mail-index.netbsd.org/source-changes/2013/09/14/msg047584.html
OpenBSD not long before that.
http://www.mail-archive.com/source-changes@openbsd.org/msg41366.htmlSignificant work required to make that adapter work with pfSense. Sorry.
Steve
-
It is but it doesn't support that specific chip. I suggested looking in the FreeBSD forum for the product id.
Ah, my bad, I somehow missed the word "FreeBSD", and thought you meant somewhere on this forum.
No support for the AX88179 as of 2 weeks ago. :(
Perhaps that's not suprising. Net BSD only just got support for it.
http://mail-index.netbsd.org/source-changes/2013/09/14/msg047584.html
OpenBSD not long before that.
http://www.mail-archive.com/source-changes@openbsd.org/msg41366.htmlSignificant work required to make that adapter work with pfSense. Sorry.
Steve
Well, poo. I guess I'll have to get another adapter, and make certain it has one of the chips in that list.
Is FreeBSD usually the last of the *BSDs to support something?
-
Not necessarily but the similarities between the BSDs means that once one has it the other usually get it shortly afterwards. It really depends who is maintaining the driver for each distro and what hardware they have available to them or whether someone is sponsoring the work.
Steve
-
Just as an update (if anyone's interested), I went and got one of these at Fry's (after researching it to confirm it had one of the above listed chipsets), and it seems to be working well. I still haven't finished the full configuration of all my devices on this new network, but it shows up in usbconfig (as an x772a chipset), it shows up in the Interfaces section, complete with a mac address, and the DHCP server is now set to serve up IPs on it. I think that counts as a success. ;)
Unfortunately, at least according to usbconfig, it shows up as a lowly FULL speed (12Mbit) USB device. But I think I'll manage with that for now, as my traffic to/from that network will largely be SSH. As I get all my devices situated on it, I'll try some throughput tests to see what kind of bandwidth & reliability I get from it; not that I'm expecting a lot of either one, but just as a frame of reference for anyone interested.
I decided to keep my Rosewill USB 3 to Gigabit adapter. I figure some time down the road, this chipset (& USB 3.0, for that matter) will be supported by FreeBSD, and eventually trickle down to pfSense.
-
At some point you will realize that this usb2ethernet thing is sh!t and will buy small manageable switch :)
-
At some point you will realize that this usb2ethernet thing is sh!t and will buy small manageable switch :)
I have no delusions about this being a particularly good setup, but hopefully by the time the inherent problems are too visible, I will have gotten my business development far enough along that it will have outgrown my home ;) In the meantime, it is a "good enough" solution–the connection thus far has been solid, no drop offs, and it provides me a way to segregate my network just fine. Not too shabby for $12.
-
https://github.com/freebsd/freebsd/blob/master/sys/dev/usb/net/if_axge.c?source=cc
Might be a good chance that it is in the v10 release now.
Wed Nov 20 02:16:47 2013 1121 /* ASIX Electronics products */ 1122 product ASIX AX88172 0x1720 10/100 Ethernet 1123 product ASIX AX88178 0x1780 AX88178 1124 product ASIX AX88178A 0x178a AX88178A USB 2.0 10/100/1000 Ethernet 1125 product ASIX AX88179 0x1790 AX88179 USB 3.0 10/100/1000 Ethernet 1126 product ASIX AX88772 0x7720 AX88772 1127 product ASIX AX88772A 0x772a AX88772A USB 2.0 10/100 Ethernet 1128 product ASIX AX88772B 0x772b AX88772B USB 2.0 10/100 Ethernet 1129 product ASIX AX88772B_1 0x7e2b AX88772B USB 2.0 10/100 Ethernet
-
I loaded up a FreeBSD 8.3 VM and attempted building this from the FreeBSD git. I haven't tested it no adapter on hand. Will try to buy one later today if I can find one else will have to wait till next week. Just a note it looks like this driver will be showing up in FreeBSD 10.1
i386 Untested - Use at your own risk
To install
cd /boot/modules fetch http://fs08n3.sendspace.com/dl/671abb5cf606ffcd0e4268438f52a664/52e3a3b15d8244b8/a7az2c/if_axge.ko kldload if_axge.ko
Then to check that its loaded
kldstat
-
Sweet, so what version does that translate to for pfSense?
-
FreeBSD 8.3 is the base for 2.1 and now 2.1.1.
Steve
-
FreeBSD 8.3 is the base for 2.1 and now 2.1.1.
Steve
Actually, I was referring to FreeBSD 10. I realize we haven't even made the leap to FreeBSD 9 yet, so we may still be talking years away(?), I was just curious if there was an expectation as to what future pfsense version that might line up with?
-
In the meantime, I will definitely try out the driver you posted, Bryan. And I'll report back the results of my testing.
-
Ah sorry. 2.2 will be built on FreeBSD 10. Some very early pre-alpha builds have come out of the build servers so wer're hopefully not talking years. Not ready for public consumption yet though.
Steve
-
Interesting, I would have thought that a leap from FreeBSD 8.3 to 10/10.1 would have warranted a major (not just a minor) version change on the pfsense side as well. But that gives me hope, since now I know I don't have to wait two full versions away, but just one!
-
Interesting, I would have thought that a leap from FreeBSD 8.3 to 10/10.1 would have warranted a major (not just a minor) version change on the pfsense side as well. But that gives me hope, since now I know I don't have to wait two full versions away, but just one!
backporting drivers is fairly common. Note that the driver wont be in freebsd release until 10.1 not 10.
-
I would have thought that a leap from FreeBSD 8.3 to 10/10.1 would have warranted a major (not just a minor) version change
Yes I see what you mean. However I would argue that the changes that went into 2.1 were much more extensive from a pfSense point of view than even though the base system only incremented from FreeBSD 8.1 to 8.3. The 2.2 release will not have many new features as I understand it, the devs are concentrating purely on bringing the base system up to FreeBSD 10 so from that point of view pfSense will not have changed dramatically. It's being built as 2.2 currently but who knows the devs might decide it warrants a major change and go straight to 3.0. Just have to wait and see. ;)
Steve
-
backporting drivers is fairly common. Note that the driver wont be in freebsd release until 10.1 not 10.
Duly noted! But I would suppose that it's generally easier to backport within the same major version, as opposed to jumping between two major versions.
Yes I see what you mean. However I would argue that the changes that went into 2.1 were much more extensive from a pfSense point of view than even though the base system only incremented from FreeBSD 8.1 to 8.3. The 2.2 release will not have many new features as I understand it, the devs are concentrating purely on bringing the base system up to FreeBSD 10 so from that point of view pfSense will not have changed dramatically. It's being built as 2.2 currently but who knows the devs might decide it warrants a major change and go straight to 3.0. Just have to wait and see. ;)
Steve
Fair enough. It's a worthy cause, as I'm sure that if nothing else, there's a lot of security updates between 8.3 & 10. Perhaps we'll see a goodly amount of bug fixes as well.
-
Hiya,
I attempted to load the axge module provided, but get an exec format error.
I'm using release 2.1 i386. Have I missed something?[2.1-RELEASE][root@pfSense.localdomain]/boot/modules(38): ls -la
total 125
drwxr-xr-x 2 root wheel 512 Jan 28 19:09 .
drwxr-xr-x 7 root wheel 512 Sep 11 23:51 ..
-r-xr-xr-x 1 root wheel 103996 Sep 11 23:51 bwi_v3_ucode.ko
-r-xr-xr-x 1 root wheel 15890 Jan 28 19:08 if_axge.ko[2.1-RELEASE][root@pfSense.localdomain]/boot/modules(39): usbconfig
ugen0.1: <uhci root="" hub="" intel="">at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
ugen1.1: <ehci root="" hub="" intel="">at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE
ugen1.2: <product 0x8000="" vendor="" 0x8087="">at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE
ugen1.3: <ax88179 asix="" elec.="" corp.="">at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON[2.1-RELEASE][root@pfSense.localdomain]/boot/modules(40): kldload if_axge.ko
kldload: can't load if_axge.ko: Exec format errorCheers</ax88179></product></ehci></uhci>
-
Hiya,
I attempted to load the axge module provided, but get an exec format error.
I'm using release 2.1 i386. Have I missed something?[2.1-RELEASE][root@pfSense.localdomain]/boot/modules(38): ls -la
total 125
drwxr-xr-x 2 root wheel 512 Jan 28 19:09 .
drwxr-xr-x 7 root wheel 512 Sep 11 23:51 ..
-r-xr-xr-x 1 root wheel 103996 Sep 11 23:51 bwi_v3_ucode.ko
-r-xr-xr-x 1 root wheel 15890 Jan 28 19:08 if_axge.ko[2.1-RELEASE][root@pfSense.localdomain]/boot/modules(39): usbconfig
ugen0.1: <uhci root="" hub="" intel="">at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
ugen1.1: <ehci root="" hub="" intel="">at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE
ugen1.2: <product 0x8000="" vendor="" 0x8087="">at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE
ugen1.3: <ax88179 asix="" elec.="" corp.="">at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON[2.1-RELEASE][root@pfSense.localdomain]/boot/modules(40): kldload if_axge.ko
kldload: can't load if_axge.ko: Exec format errorCheers</ax88179></product></ehci></uhci>
Are you running amd64?
i386 Untested - Use at your own risk
-
Turns out it was the download link. I manually downloaded and sftp'd the file from windows to the pfsense box and I was able to load the module.
However, as soon as I attempt to assign the interface to a role, the machine crashes with reference to the algx module.
Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x8 fault code = supervisor read, page not present instruction pointer = 0x20:0xc5091e46 stack pointer = 0x28:0xd6775c94 frame pointer = 0x28:0xd6775ca0 code segment = base 0x0 limit 0xffffff, type 0x1b = DPL 0, pres 1, def 32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 14 (axge0) trap number = 12 panic: page fault
-
Turns out it was the download link. I manually downloaded and sftp'd the file from windows to the pfsense box and I was able to load the module.
However, as soon as I attempt to assign the interface to a role, the machine crashes with reference to the algx module.
Well that sucks. Can you get the exact error?
-
Ok. Well I am redoing the environment I compiled that in. My new adapter will be here on friday.
Cable Matters SuperSpeed USB 3.0 to RJ45 Gigabit Ethernet Adapter
-
Cool. Thanks for the response. I suspect you noticed, but I added the crash error to my previous post.
Hopefully, the new build environment will help, as will having the hardware for testing. -
Cool. Thanks for the response. I suspect you noticed, but I added the crash error to my previous post.
Hopefully, the new build environment will help, as will having the hardware for testing.Thanks for updating that. What exactly did you do to produce the issue. So I can try reproducing.
Also here is the md5 for that module: F313B0FA8A7C38CF1E3A8A4DD39F2C22
-
I checked the md5sum and it was fine. Here's the steps I took to cause a crash. 100% reproducible.
*** Welcome to pfSense 2.1-RELEASE-nanobsd (i386) on pfSense *** WAN (wan) -> re0 -> v4/DHCP4: 192.168.1.162/24 LAN (lan) -> em0 -> v4: 192.168.1.6/24 0) Logout (SSH only) 8) Shell 1) Assign Interfaces 9) pfTop 2) Set interface(s) IP address 10) Filter Logs 3) Reset webConfigurator password 11) Restart webConfigurator 4) Reset to factory defaults 12) pfSense Developer Shell 5) Reboot system 13) Upgrade from console 6) Halt system 14) Disable Secure Shell (sshd) 7) Ping host 15) Restore recent configuration Enter an option: 1 Valid interfaces are: usbus00 (up) em0 00:16:3e:9c:ae:88 (up) Intel(R) PRO/1000 Legacy Network Connection 1.0.4 re0 00:16:3e:39:ad:93 (up) RealTek 8139C+ 10/100BaseTX usbus10 (up) ue0 00:24:9b:09:84:0f (down) USB Ethernet Do you want to set up VLANs first? If you are not going to use VLANs, or only for optional interfaces, you should say no here and use the webConfigurator to configure VLANs later, if required. Do you want to set up VLANs now [y|n]? n *NOTE* pfSense requires *AT LEAST* 1 assigned interface(s) to function. If you do not have *AT LEAST* 1 interfaces you CANNOT continue. If you do not have at least 1 *REAL* network interface card(s) or one interface with multiple VLANs then pfSense *WILL NOT* function correctly. If you do not know the names of your interfaces, you may choose to use auto-detection. In that case, disconnect all interfaces now before hitting 'a' to initiate auto detection. Enter the WAN interface name or 'a' for auto-detection: ue0 Enter the LAN interface name or 'a' for auto-detection NOTE: this enables full Firewalling/NAT mode. (or nothing if finished): em0 Enter the Optional 1 interface name or 'a' for auto-detection (or nothing if finished): The interfaces will be assigned as follows: WAN -> ue0 LAN -> em0 Do you want to proceed [y|n]?y Writing configuration...done. One moment while we reload the settings... done!
-
I checked the md5sum and it was fine. Here's the steps I took to cause a crash. 100% reproducible.
*** Welcome to pfSense 2.1-RELEASE-nanobsd (i386) on pfSense *** WAN (wan) -> re0 -> v4/DHCP4: 192.168.1.162/24 LAN (lan) -> em0 -> v4: 192.168.1.6/24 0) Logout (SSH only) 8) Shell 1) Assign Interfaces 9) pfTop 2) Set interface(s) IP address 10) Filter Logs 3) Reset webConfigurator password 11) Restart webConfigurator 4) Reset to factory defaults 12) pfSense Developer Shell 5) Reboot system 13) Upgrade from console 6) Halt system 14) Disable Secure Shell (sshd) 7) Ping host 15) Restore recent configuration Enter an option: 1 Valid interfaces are: usbus00 (up) em0 00:16:3e:9c:ae:88 (up) Intel(R) PRO/1000 Legacy Network Connection 1.0.4 re0 00:16:3e:39:ad:93 (up) RealTek 8139C+ 10/100BaseTX usbus10 (up) ue0 00:24:9b:09:84:0f (down) USB Ethernet Do you want to set up VLANs first? If you are not going to use VLANs, or only for optional interfaces, you should say no here and use the webConfigurator to configure VLANs later, if required. Do you want to set up VLANs now [y|n]? n *NOTE* pfSense requires *AT LEAST* 1 assigned interface(s) to function. If you do not have *AT LEAST* 1 interfaces you CANNOT continue. If you do not have at least 1 *REAL* network interface card(s) or one interface with multiple VLANs then pfSense *WILL NOT* function correctly. If you do not know the names of your interfaces, you may choose to use auto-detection. In that case, disconnect all interfaces now before hitting 'a' to initiate auto detection. Enter the WAN interface name or 'a' for auto-detection: ue0 Enter the LAN interface name or 'a' for auto-detection NOTE: this enables full Firewalling/NAT mode. (or nothing if finished): em0 Enter the Optional 1 interface name or 'a' for auto-detection (or nothing if finished): The interfaces will be assigned as follows: WAN -> ue0 LAN -> em0 Do you want to proceed [y|n]?y Writing configuration...done. One moment while we reload the settings... done!
Try this one went a different route with it this time:
rename to if_axge.ko and check md5 afterwards.
if_axge.ko md5: 69F1819099F9183865E5895D97A6E9EE
Also if it fails can you please setup the interface manually on the shell one step at a time. Maybe your system log showing the last error happening would be helpful as well. I don't know what part of the assign script actually triggered the problem. I figure though it must have been in the axge_ifmedia_upd() function it was calling a updated function from an updated file. This time instead of bringing in the update I switched it back to calling the original function.
-
Boom! Great work!
This new version seems to work fine. I've now got a working connection.
I've yet to do thorough testing but it all looks good! Here's the ifconfig which I ran using a SSH login shell.[2.1-RELEASE][root@pfSense.localdomain]/root(2): ifconfig ue0 ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8000b <rxcsum,txcsum,vlan_mtu,linkstate>ether 00:24:9b:09:84:0f inet6 fe80::224:9bff:fe09:840f%ue0 prefixlen 64 scopeid 0x9 inet 192.168.1.6 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex,master>) status: active [2.1-RELEASE][root@pfSense.localdomain]/root(3):</full-duplex,master></performnud></rxcsum,txcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast>
-
Boom! Great work!
This new version seems to work fine. I've now got a working connection.
I've yet to do thorough testing but it all looks good! Here's the ifconfig which I ran using a SSH login shell.[2.1-RELEASE][root@pfSense.localdomain]/root(2): ifconfig ue0 ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8000b <rxcsum,txcsum,vlan_mtu,linkstate>ether 00:24:9b:09:84:0f inet6 fe80::224:9bff:fe09:840f%ue0 prefixlen 64 scopeid 0x9 inet 192.168.1.6 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex,master>) status: active [2.1-RELEASE][root@pfSense.localdomain]/root(3):</full-duplex,master></performnud></rxcsum,txcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast>
Haha hardcore. First Freebsd thing I ever messed with. Maybe I didn't even need to buy one for $20 hahahaha. Can you test the throughput? There may be another change to get it to do usb 3.0 speeds. Are you on usb 2.0 or 3.0?
What is your output of usbconfig
-
Nice one! ;D
There's no USB3 support at all in FreeBSD 8.3 as far as I know so that getting that working would be significantly more complex.Steve
-
Nice one! ;D
There's no USB3 support at all in FreeBSD 8.3 as far as I know so that getting that working would be significantly more complex.Steve
Are you sure? Seems like it started getting support in 8.2
I have compiled for amd64 now as well. I am posting both.
1\. download 2\. rename to if_axge.ko 3\. place in /boot/modules 4\. md5 if_axge.ko and check against the md5 listed below
#i386 md5 if_axge.ko MD5 (if_axge.ko) = 69f1819099f9183865e5895d97a6e9ee
#amd64 md5 if_axge.ko MD5 (if_axge.ko) = afb51043416a0cc6cad7dfbe875a9809
-
Hmm, fairly sure. There are many reports of the USB3 subsystem not showing up at all and I think at least some of them have been since 2.1 was released. Don't let me stop you trying though. ;)
Steve
-
[[b]update] I wasn't able to get the host to see the USB3 PCIe Adapter. I'm guessing driver support isn't included in this kernel.
-
[[b]update] I wasn't able to get the host to see the USB3 PCIe Adapter. I'm guessing driver support isn't included in this kernel.
Which one? :P
Also I got my Cable Matters adapter! Haha. Here are my results of some fiddling around.
Virtualbox -> freebsd passthrough = Deteched sends SOME packets SOMETIMES
ESXI -> debian = Works but limited to 12mbit in my setup. Verdict usable but needs some work
ESXI -> pfsense = Works much better than the debian passthrough for some reason. Verdict maybe workable[2.1-RELEASE][root@pfsensedev.localdomain]/(12): ./speedtest-cli Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Testing from Electronic Box (xxx.xxx.xxx.xxx)... Selecting best server based on ping... Hosted by TELUS (Montreal, QC) [7.35 km]: 96.083 ms Testing download speed........................................ Download: 44.66 Mbit/s Testing upload speed.................................................. Upload: 9.64 Mbit/s
44.66 Mbit is not half bad! I am going to be moving away from esxi to ganeti (KVM maybe XEN) so I will see how it does in passthrough there later on.
[2.1-RELEASE][root@pfsensedev.localdomain]/(25): ./speedtest-cli Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Testing from Electronic Box (xxx.xxx.xxx.xxx)... Selecting best server based on ping... Hosted by Colo-Serv Communications (Montreal, QC) [7.35 km]: 83.923 ms Testing download speed........................................ Download: 57.40 Mbit/s Testing upload speed.................................................. Upload: 10.27 Mbit/s [2.1-RELEASE][root@pfsensedev.localdomain]/(26):
This is with emulated E1000. It is just a VM with 256mb of ram and really low priority. It is not routing through its own wan but it is still routing through my main pfsense on the same atom box ;) Maybe I will do a LAN to LAN test later
-
I did some testing with pfSense and m0n0wall using the USB adapter as my WAN connection.
Throughput on incoming traffic was really poor 0.5mbit/s but upload was fine at 10.5mbit/s.
The net connection also stopped responding on two separate occasions and I was forced to reboot the pfSense VM.I installed a Debian based router instead as a test and I had full speed 125mbit/s and 10.5mbit/s speeds on my LAN clients. I'm not sure what the issue is to be honest, but it renders pfSense unsuitable for me at this point in time.
-
I did some testing with pfSense and m0n0wall using the USB adapter as my WAN connection.
Throughput on incoming traffic was really poor 0.5mbit/s but upload was fine at 10.5mbit/s.
The net connection also stopped responding on two separate occasions and I was forced to reboot the pfSense VM.I installed a Debian based router instead as a test and I had full speed 125mbit/s and 10.5mbit/s speeds on my LAN clients. I'm not sure what the issue is to be honest, but it renders pfSense unsuitable for me at this point in time.
FreeBSD integration ranges from very poor to not as poor depending on your hypervisor choice.
1. What are you using as a hypervisor?
2. Does the hypervisor host OS support the usb nic?
3. Are you passing through the usb device? -
1. What are you using as a hypervisor?
I've been using a Xen 4.3 Wheezy based Hypervisor. I backported Xen and added PVUSB support to a recent kernel version. The VM is a QEMU traditional based HVM.
2. Does the hypervisor host OS support the usb nic?
Yes the host OS has drivers for it. In a debian VM it also works fine with PCI Passthrough.
3. Are you passing through the usb device?
I'm passing through the USB controller directly to the VM. The pfSense VM is then in control of both the USB driver and the NIC driver. I think I downloaded a PVHVM build of pfSense somewhere. That might have better luck..
-
I've been using a Xen 4.3 Wheezy based Hypervisor. I backported Xen and added PVUSB support to a recent kernel version. The VM is a QEMU traditional based HVM.
You are using Xen on wheezy with Qemu-dm is what I gather?
Yes the host OS has drivers for it. In a debian VM it also works fine with PCI Passthrough.
This is probably because the debian has proper passthrough support.
I'm passing through the USB controller directly to the VM. The pfSense VM is then in control of both the USB driver and the NIC driver. I think I downloaded a PVHVM build of pfSense somewhere. That might have better luck..
Why not just create a virtual wan network using that as the physical adapter on the host and then using a virtual nic in the guest pfsense?
-
You are using Xen on wheezy with Qemu-dm is what I gather?
Yes, not the upstream version
Why not just create a virtual wan network using that as the physical adapter on the host and then using a virtual nic in the guest pfsense?
I'm guessing this would work, but I was keen to keep the WAN external to the main hypervisor. I'm not an expert but I would think by passing through the device it would be more secure and reduce the amount of overhead required to communicate between the hypervisor and the guest. Given that Xen support and FreeBSD seems immature compared to it's linux brethren so it might be easier to go that route.
With regards to the loss of connectivity, I think this might solve the issue with USB network interfaces.
https://forum.pfsense.org/index.php/topic,72019.msg393187.html#msg393187 -
You are using Xen on wheezy with Qemu-dm is what I gather?
Yes, not the upstream version
Why not just create a virtual wan network using that as the physical adapter on the host and then using a virtual nic in the guest pfsense?
I'm guessing this would work, but I was keen to keep the WAN external to the main hypervisor. I'm not an expert but I would think by passing through the device it would be more secure and reduce the amount of overhead required to communicate between the hypervisor and the guest. Given that Xen support and FreeBSD seems immature compared to it's linux brethren so it might be easier to go that route.
With regards to the loss of connectivity, I think this might solve the issue with USB network interfaces.
https://forum.pfsense.org/index.php/topic,72019.msg393187.html#msg393187I would keep it simple in regards to your WAN. Linux is far ahead in hardware support and integration with hypervisors that is for sure.