Some sort of virtual router, like pfSense or Smoothwall

I run IPFire from ipfire.org as a VM on my PVE system. It runs a modern linux kernel and has the Virtio drivers baked in, so I can use physical ethernet cards to separate the router/firewall from the rest of the system. Runs like a champ on my 30Mb/s fiber connection at full bandwidth with the Virtio drivers and hardly uses any CPU.
 
Modern kernel?

In the case of a standalone machine running IPFire... then you have modern hardware support, especially the all important NIC support for integrated mobos. In this case (VM environment)... baked in Virtio support that works very well. I've tried many different router distros under Hyper-V and Proxmox, and none of them would work properly, at all, or reliably with native drivers. If I used emulated drivers I would max out their bandwidth capabilities at 15-20Mb/s. Since I have a 30Mb/s fiber connection to the home, I wanted to take full advantage of that full upstream and downstream speed.

IPFire got me close on Hyper-V with their baked in "Integrated Services" driver for Hyper-V... bandwidth was a full 30Mb/s for me but during the speed tests when the pipeline was maxed out, it would sometimes lock up the VM. It worked fine under normal usage, but in extreme cases it was not really reliable.

So I then tried IPFire under Proxmox with Virtio support and had very little manual tweaking to do other than starting the install with emulated drivers, and then adding in the Virtio NICs afterwards. Then run through the basic setup again to use the Virtio NICs. It got me full use of my bandwidth with very little (max 12% on the virtual CPU) CPU usage. And this is on a AMD X4 620. It runs just as reliable as my old Smoothwall and pfSense standalone boxes.


Most importantly, it allowed me to consolidate my stand-alone linux router box into my virtual platform, eliminating another power sink. Plus the ability to backup and restore the router through Proxmox's backup capabilites in case of catastrophies.

IPFire has some nice features, and good add-on abilites, which I don't use... as I am a firm believer in one task per VM. But since we have the ability of play around in virtual environments, IPFire could serve other functions within your virtual LAN or production LAN.
 
I haven't fully implemented it the way you describe your "dream scenario" but I have run pfSense 2.0 in Proxmox with no issues. I didn't try virtio drivers, but I've read it's supposedly supported in the FreeBSD kernel now. Give it a shot! pfSense rocks, just like Proxmox.
 
pfsense? I tried that. In the installation, how did you get it to recognize when you plug in a cable to one of the nics so that it can auto detect them. It wouldn't work for me.
 
It wouldn't work like that. I don't think you can "trick" Proxmox to use pfSense as if it were a true hardware device. However, if you VLANed everything out, I believe it would work the way you want it to. But you would need to VLAN it ... I think.
 
Oh so you used VLANs? I haven't experimented with them at all. How would they help me to accomplish that?
 
puwaha


Could you please show me how you setup IPFire within proxmox? The step-by-step process on setting up IPFire as a virtual host within proxmox?

Thanks....
 
I'm looking for a way (how-to?) to install Untangle 9.01 x32 in a Proxmox KVM. Does anyone have experience with this? I've tried and have received message about unmet dependencies resulting in no installable kernel found.
TIA.
 
Actually, Untangle was the one router distro that worked for me. However, it took forever to boot, was a bit sluggish, and had too many features that you had to pay for. My advice with your issues though: Check the MD5sum of the iso. You might have gotten a corrupted download.
 
Thank you for the quick reply Serg.

Want Untangle for the reporting, but will consider others. What FW do you recommend?

I'll look at the cksum. Thanks.
 
pfsense is good if you can get it to work with proxmox. smoothwall isn't bad either, though it seems to be less full featured.
 
I run IPFire from ipfire.org as a VM on my PVE system. It runs a modern linux kernel and has the Virtio drivers baked in, so I can use physical ethernet cards to separate the router/firewall from the rest of the system. Runs like a champ on my 30Mb/s fiber connection at full bandwidth with the Virtio drivers and hardly uses any CPU.

Can you point how can you 'use physical ethernet cards' mapped to Virtio ??
I will like to install it on a Proxmox box with three ethernet cards (may be two):
-One for WAN (RED on ipFire)
-One for Lan (Green on IPFIRE)
-One for Proxmox maintenance/configuration (eth0/vmbr0)

A short 'how to' with these basic settings will be highly appreciated.

Thanks in advance

Vicente
 
IPFire does not support PPTP VPN (atleast not on their WebSite) whilst pfSense does.

I've tryed to make pfsense work, also without success. It seems I'm missing some basic but necessary config for Proxmox...

I would like to use a Proxmox server with two dedicated ethernet cards for router purposes, and assing them to the router (pfsense) virtual machine

Can you please post a working config , stating the addresses I should use for each lan/device ?

Best Regards

Vicente
 
Run pfSense in a KVM by using the pfSense ISO image.
Use 2 or 3 LAN cards (e1000) in the VM.
Use a 2GB qcow2-disk for the VM.
Thanks for your answer.
Could you give me an example of ethernet addresses for:
- the physical cards in Proxmox.
- the LAN cards in the VM.

Regards.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!