And in about 2 years you’ll switch to LXD/Incus. :P
Comment on virtualizing PFSense. What else works besides ESXi for virtual networking?
BlueEther@no.lastname.nz 4 months agoits not too bad. i switched from esxi to proxmox about 2 years ago.
i run a virtualized opnsense with 2 nic’s passed through and another 2 virt, so it can be done
TCB13@lemmy.world 4 months ago
BlueEther@no.lastname.nz 4 months ago
I’m currently off work with a broken shoulder, have you just given me a project?
TCB13@lemmy.world 4 months ago
Ahahaha that’s up to you. All best for your shoulder!
tofubl@discuss.tchncs.de 4 months ago
Incus looks cool. Have you virtualised a firewall on it? Is it as flexible as proxmox in terms of hardware passthrough options?
I find zero mentions online of opnsense on incus. 🤔
TCB13@lemmy.world 4 months ago
Yes it does run, but BSD-based VMs running on Linux have their details as usual. This might be what you’re looking for: discuss.linuxcontainers.org/t/…/15799
Since you want to run a firewall/router you can ignore LXD’s networking configuration and use your opnsense to assign addresses and whatnot to your other containers. You can created whatever bridges you might want and vlans on your base system and them assign them to profiles/containers/VMs. For eg. you manually create a
cbr0network bridge usingsystemd-networkand then runlxc profile device add default eth0 nic nictype=bridged parent=cbr0 name=eth0this will usecbr0as the default bridge for all machines with thedefaultprofile and LXD won’t provide any addressing or touch the network, it will just create aneth0interface on those machines attached to the bridge. Then your opnsense can be on the same bridge and do DHCP, routing etc.When you’re searching around for help, instead of “Incus” you can search for “LXD” as it tend to give you better results. Not sure if you’re aware but LXD was the original project run by Canonical, recently it was forked into Incus (and maintained by the same people who created LXD at Canonical) to keep the project open under the Linux Containers initiative.
tofubl@discuss.tchncs.de 4 months ago
With Incus only officially supported in Debian 13, and LXD on the way out, should I get going with LXD and migrate to Incus later? Or use the Zabbly repo and switch over to official Debian repos when they become available? What’s the recommended trajectory, would you say?
tofubl@discuss.tchncs.de 4 months ago
OPNsense running in the Incus live demo. Fun!
tofubl@discuss.tchncs.de 4 months ago
I have another question, if you don’t mind: I have a debian/incus+opnsense setup now, created bridges for my NICs with systemd-networkd and attached the bridges to the VM like you described. I have the host configured with DHCP on the LAN bridge and ideally (correct me if I’m wrong, please), I’d like the host to not touch the WAN bridge at all (other than creating it and hooking it up to the NIC).
Here’s the problem: if I don’t configure the bridge on the host with either dhcp or a static IP, the opnsense VM also doesn’t receive an IP on that interface. I have a br0.netdev to set up the bridge, a br0.network to connect the bridge to the NIC, and a wan.network to assign a static IP on br0, otherwise nothing works. (While I’m working on this, I have the WAN port connected to my old LAN, if it makes a difference.)
My question is: Is my expectation wrong or my setup? Am I mistaken that the host shouldn’t be configured on the WAN interface? Can I solve this by passing the pci device to the VM, and what’s the best practice here?
Thank you for taking a look! 😊
tofubl@discuss.tchncs.de 4 months ago
Very informative, thank you.
I am generally very comfortable with Linux, but somehow this seems intimidating.
Although I guess I’m not using proxmox for anything other than managing VMs, network bridges and backups. Well, and for the feeling of using something that was set up by people who know what they’re doing and not hacked together by me until it worked…
b3an@lemmy.world 4 months ago
Hey! I have been using ESXi about three year now. I have two identical NIC I bought. One for WAN and one for LAN. I also discovered I had to use the onboard LAN port (3rd port!) just to be able to access the web control. (Is that normal?)
Anyway, I want to move to Proxmox, and then virtualize my OPNSense like I have on ESXi.
I get so confused by how the adapters should be. Ideally I would love to have the LAN connect to a (dumb) switch, and provide Wi-Fi. But one thing I never tried before is a VLAN to protect the LAN from the Wi-Fi traffic, but still allowing some systems to still work like streaming data from the wired PC on the LAN to the NVIDIA Shield Pro. But then keeping the Alexa/Echo system on a more restricted WiFi.
Can I do all this? I’m thinking I can, but. The hurdle of learning vlans and configuring the new Proxmox (which I’m pretty damn new to) is a daunting challenge.
I’m ready to try this though. I have a 4G wireless plus WiFi system to keep the other half happy while I tinker to get it all working.
Thoughts/Tips? Anyone?
BlueEther@no.lastname.nz 4 months ago
All doable, you might need a managed or smart switch though
I have 4 bland at home plus untagged all through proxmox and a smart switch
b3an@lemmy.world 4 months ago
Notes about the switch. What is tagging? The purpose and where?
BlueEther@no.lastname.nz 4 months ago
vlan tags, they make vlans work