Comment on Setting Up OPNsense on Proxmox: Doubts regarding NIC setup
NarrativeBear@lemmy.world 2 days ago
I have been running PfSense on Proxmox for ages now.
What I do is the following.
- Pass the NIC card through to PfSense.
- Your motherboards ethernet port is plugged into your network switch (think of proxmox as just another pc on your network)
- In PfSense your NIC can now be seen and all ports can be assigned as needed. Assign one as WAN and the others as LAN.
Set your pfSense /OPNsense to start at boot when you power on proxmox.
FYI, you might occasionally run into issues where the NIC “GUID” changes so your VM won’t be able to start.
When this happens your pfSense/OPNsense VM won’t start so your network will be in a “down state”. This means DHCP won’t be working either, and any PC that were not assigned a static IP won’t be able to access the Proxmox GUI to quickly fix the issue.
You might occasionally need to hook up a temporary router between a PC and your Proxmox host to access the web GUI as a result. At least this is what I do when my outrage is longer then a hour.
Thanks, i may go this route.
I think this is the same issue as a Linux host forgetting where to mount a disk since the UUID was not written in fstab.
But why does the GUID change? Can’t it be hard-coded?
NarrativeBear@lemmy.world 1 day ago
Honestly I don’t know enough to answer that question fully.
From what I understand PCI addresses (01:00.0) are dynamically assigned by the motherboard’s BIOS at boot. Adding or removing PCIe devices, enabling M.2 drives, or adjusting BIOS settings often shifts your device addresses up or down which can prevent a VM from starting up.
Reading online though, there now seems to be a workaround to this issue. I might need to give it a shot on my Proxmox machine.
“PCI ID overrides” is the term in this document to search for.
pve.proxmox.com/wiki/PCI(e)_Passthrough
I have one more doubt.
(Nothing setup as of now, just checking all possible angles)
Since, as per your suggestion, I have passed the NIC to OPNsense, so Proxmox won’t see the dual NIC card. The onboard ethernet port
eth3is connected to a switch and Proxmox will useeth3.Image Here’s a fresh diagram
You can see that I have a Ubuntu VM. How will the PC communicate with the VM? (Links E and D are hypothetical. I don’t know which one is better given my scenario). Will it be
C -> B -> DorC -> A -> E?Case #1:
C -> B -> DThe switch must differentiate between uplink traffic/proxmox traffic/other physical devices connected to the switch (phone/TV). I prefer this solution because even if OPNsense is down, I can still access the Ubuntu server. But the switch must handle this complexity. I will be getting a managed switch anyway.
Case #2:
C -> A -> EThe interface
eth2, which OPNsense is using, must have some sort of routing table which redirects to linksEorFdepending upon destination IP (Probably implemented using virtual bridge or virtual switch). This is simpler for the switch but if OPNsense is down, i lose direct network access to the VM. I can probably access it via Proxmox web-interface.Can you tell me which one is preferred or which one you would have done?
Sorry for my ramblings.