Noobie install: Virtualbox in Arch Linux host - great stuff!
-
Love it! After some fiddling of Virtualbox settings (network cards etc) and turning off the vigor 100's dhcp server, it all just clicked last night and I now have a functioning pfSense install in Virtualbox under an Arch Linux host (64-bit all round).
Hardware is an i5-750 and I've given the VM 1 core and 768MB of RAM on an 8GB virtual drive. NIC is an Intel i350-T4, with eth0 (em0) running bridged as WAN and pppoe into my ADSL2 modem.
LAN is eth1 (em1), also bridged, into an asus-rt68 now just acting as wireless AP and wired switch. To get the host to connect I've "looped back" from the switch into the NIC's 3rd port (eth2).
Static IP addresses on the LAN, static routes, ddns (afraid.org), ntp and port forwarding are all straight forward - whoever said pfSense had an overly complicated interface? Actually easier than the Asus to set a specific DNS to a specific MAC - no scripting required.
Tonight's task is to get my openVPN server up and running - I want to import my existing rsa keys, which looks slightly convoluted :)
And perhaps I'll try to get this running in qemu/kvm, if there is any advantage to doing so. I had almost planned to pick up an atom mini itx box, or recycled old PC (i2500), but as this is working so well, and this host runs 24/7 for other purposes, I'm glad the Virtualbox option seems so good. This is especially as I'm only running this as a home network (1 desktop, 2 laptops, 2 smart phones and a Roku) - so not exactly taxing. with 100/20 fibre on the way later this year though, I didn't want to be maxing out a consumer router (the rt-ac68) with AES-256 openVPN running.
-
UPDATE:
Still loving the install - does everything I need, and has solved several network issues I was having with my ASUS rt-ac68. 5-stars to pfSense!
Only niggly problem is that the i350-T4 under Virtualbox and kvm uses 30-40% CPU when downloading at ~20Mbit/sec. The problem with kvm is that on my hardware (p7p55d-e-pro M/B and i5-750) I can't do vt-d passthrough of the PCI-e slot, hence the i350 NIC has to run using emulation (have tried with both the e1000 and virtio driver under pfSense 2.2.4, and disabled hardware checksum offloading).
I contemplated upgrading to vt-d capable hardware (not that easy with consumer motherboards - grrrr ASUS/MSI/Gigabyte!), but an additional hassle was the odd occasion when I want to boot into windows (from Arch linux) and have to refiddle to get the virtualised pfsense router rebooted and running, which results in internet and LAN downtime (hence lower WAF). I also don't want to be bothered to move my multiple OS installs to a hypervisor environment, as they're currently multibooting from separate hard drives.
So I have now purchased an ex-lease PC for use as a standalone pfSense box. I've gone with an HP Compaq 6300 Pro (i3-3220, 4GB, 500GB) which should be relatively low power consumption and have more than enough grunt for my current and future needs which at present are: 100/20 Mbit WAN, half a dozen LAN clients, and openVPN server for me as single-client road-warrior. Most importantly, the HP box has a PCIe slot for the i350-T4 - did not want that $60 to be wasted!