Comment

Comment on virtualizing PFSense. What else works besides ESXi for virtual networking?

<- View Parent

TCB13@lemmy.world ⁨10⁩ ⁨months⁩ ago

And in about 2 years you’ll switch to LXD/Incus. :P

source

Sort:hotnew top

BlueEther@no.lastname.nz ⁨10⁩ ⁨months⁩ ago
I’m currently off work with a broken shoulder, have you just given me a project?

source
- TCB13@lemmy.world ⁨10⁩ ⁨months⁩ ago
  Ahahaha that’s up to you. All best for your shoulder!
  
  source
tofubl@discuss.tchncs.de ⁨10⁩ ⁨months⁩ ago
Incus looks cool. Have you virtualised a firewall on it? Is it as flexible as proxmox in terms of hardware passthrough options?

I find zero mentions online of opnsense on incus. 🤔

source
- TCB13@lemmy.world ⁨10⁩ ⁨months⁩ ago
  Yes it does run, but BSD-based VMs running on Linux have their details as usual. This might be what you’re looking for: discuss.linuxcontainers.org/t/…/15799
  
  Since you want to run a firewall/router you can ignore LXD’s networking configuration and use your opnsense to assign addresses and whatnot to your other containers. You can created whatever bridges you might want and vlans on your base system and them assign them to profiles/containers/VMs. For eg. you manually create a cbr0 network bridge using systemd-network and then run lxc profile device add default eth0 nic nictype=bridged parent=cbr0 name=eth0 this will use cbr0 as the default bridge for all machines with the default profile and LXD won’t provide any addressing or touch the network, it will just create an eth0 interface on those machines attached to the bridge. Then your opnsense can be on the same bridge and do DHCP, routing etc.
  
  When you’re searching around for help, instead of “Incus” you can search for “LXD” as it tend to give you better results. Not sure if you’re aware but LXD was the original project run by Canonical, recently it was forked into Incus (and maintained by the same people who created LXD at Canonical) to keep the project open under the Linux Containers initiative.
  
  source
  - tofubl@discuss.tchncs.de ⁨10⁩ ⁨months⁩ ago
    With Incus only officially supported in Debian 13, and LXD on the way out, should I get going with LXD and migrate to Incus later? Or use the Zabbly repo and switch over to official Debian repos when they become available? What’s the recommended trajectory, would you say?
    
    source
    TCB13@lemmy.world ⁨10⁩ ⁨months⁩ ago
    It depends on how fast you want updates. I’m sure you know how Debian works, so if you install LXD from Debian 12 repositories you’ll be on 5.0.2 LTS most likely for ever. If you install from Zabbly you’ll get the latest and greatest right now.
    
    My companies’ machines are all running LXD from Debian repositories, except for two that run from Zabbly for testing and whatnot. At home I’m running from Debian repo. Migration from LXD 5.0.2 to a future version of Incus with Debian 13 won’t be a problem as Incus is just a fork and stgraber and other members of the Incus/LXC projects work very closely or also work in Debian.
    
    Debian users will be fine one way or the other. I specifically asked stgraber about what’s going to happen in the future and this was his answer:
    
    We’ve been working pretty closely to Debian on this. I expect we’ll keep allowing Debian users of LXD 5.0.2 to interact with the image server either until trixie is released with Incus available OR a backport of Incus is made available in bookworm-backports, whichever happens first.
    
    I hope this helps you decide.
    
    source
    -> View More Comments
  - tofubl@discuss.tchncs.de ⁨10⁩ ⁨months⁩ ago
    OPNsense running in the Incus live demo. Fun!
    
    Image
    
    source
    TCB13@lemmy.world ⁨10⁩ ⁨months⁩ ago
    Enjoy your 30 min of Incus :P
    
    source
  - tofubl@discuss.tchncs.de ⁨10⁩ ⁨months⁩ ago
    I have another question, if you don’t mind: I have a debian/incus+opnsense setup now, created bridges for my NICs with systemd-networkd and attached the bridges to the VM like you described. I have the host configured with DHCP on the LAN bridge and ideally (correct me if I’m wrong, please), I’d like the host to not touch the WAN bridge at all (other than creating it and hooking it up to the NIC).
    
    Here’s the problem: if I don’t configure the bridge on the host with either dhcp or a static IP, the opnsense VM also doesn’t receive an IP on that interface. I have a br0.netdev to set up the bridge, a br0.network to connect the bridge to the NIC, and a wan.network to assign a static IP on br0, otherwise nothing works. (While I’m working on this, I have the WAN port connected to my old LAN, if it makes a difference.)
    
    My question is: Is my expectation wrong or my setup? Am I mistaken that the host shouldn’t be configured on the WAN interface? Can I solve this by passing the pci device to the VM, and what’s the best practice here?
    
    Thank you for taking a look! 😊
    
    source
    TCB13@lemmy.world ⁨10⁩ ⁨months⁩ ago
    I think there’s something wrong with your setup. One of my machines has a br0 and a setup like yours. 10-enp5s0.network is the physical “WAN” interface:
    
    root@host10:/etc/systemd/network# cat 10-enp5s0.network [Match] Name=enp5s0 [Network] Bridge=br0 # -> note that we're just saying that enp5s0 belongs to the bridge, no IPs are assigned here.
    
    root@host10:/etc/systemd/network# cat 11-br0.netdev [NetDev] Name=br0 Kind=bridge
    
    root@host10:/etc/systemd/network# cat 11-br0.network [Match] Name=br0 [Network] DHCP=yes # -> In my case I'm also requesting an IP for my host but this isn't required. If I set it to "no" it will also work.
    
    Now, I have a profile for “bridged” containers:
    
    root@host10:/etc/systemd/network# lxc profile show bridged config: (...) description: Bridged Networking Profile devices: eth0: name: eth0 nictype: bridged parent: br0 type: nic (...)
    
    And one of my VMs with this profile:
    
    root@host10:/etc/systemd/network# lxc config show havm architecture: x86_64 config: image.description: HAVM image.os: Debian (...) profiles: - bridged (...)
    
    Inside the VM the network is configured like this:
    
    root@havm:~# cat /etc/systemd/network/10-eth0.network [Match] Name=eth0 [Link] RequiredForOnline=yes [Network] DHCP=ipv4
    
    Can you check if your config is done like this? If so it should work.
    
    source
    -> View More Comments
  - tofubl@discuss.tchncs.de ⁨10⁩ ⁨months⁩ ago
    Very informative, thank you.
    
    I am generally very comfortable with Linux, but somehow this seems intimidating.
    
    Although I guess I’m not using proxmox for anything other than managing VMs, network bridges and backups. Well, and for the feeling of using something that was set up by people who know what they’re doing and not hacked together by me until it worked…
    
    source
    TCB13@lemmy.world ⁨10⁩ ⁨months⁩ ago
    
    I guess I’m not using proxmox for anything other than managing VMs, network bridges and backups.
    
    And LXD/Incus can do that as well for you. Install it an by running incus init it will ask you a few questions and get an automated setup with networking, storage etc. all running and ready for you to create VMs/Containers.
    
    What I was saying is that you can also ignore the default / automated setup and install things manually if you’ve other requirements.
    
    source
    -> View More Comments