How to well done a pfsense migration to proxmox ?

W

whitewater

Member
Nov 26, 2012
107
0
16
france
Hello,
I would like to migrate a pfsense machine from physical to proxmox.
i'm using ipsec vpn, openvpn, nat & firewall rules, traffic shapping for QoS with VoIP.
I have 2 ADSL link. One PPPoE (1st) and one with static address (2nd).

I have followed this link to have all virtio drivers.
https://doc.pfsense.org/index.php/VirtIO_Driver_Support

I have tested this in the virtual machine :
* WAN with PPPoE :
don't work with a bridged ethernet port.
OK with with PCI passthrough with the ethernet port.

no solution with a bridged ethernet port ?

* IPSEC on the 2nd ADSL link with other pfsense.
VPN link don't work with a bridged ethernet port.
OK with with PCI passthrough with the ethernet port.

no solution with a bridged ethernet port ?

* backup / restore
i restore a backup from the physical machine.
I re-assign interface.
all is ok. but no traffic shapping.
PC client on LAN can't go to internet.
If i remove traffic shapping, it's ok.

is there a way to correct restore a configuration from physical to a VM machine ?

thank you.
 
Last edited:
>> with PPPoE :
>>don't work with a bridged ethernet port.
>>OK with with PCI passthrough with the ethernet port.

>>no solution with a bridged ethernet port ?

Hi, it should work, but you need to have a dedicated bridge to only plug the ppoe device and pfsense interface. (maybe use a dedicated vlan for this)

 
Hi Spirit,
i have done those tests :
- a vmbr0 bridged port.
- a cisco modem wag 120n plugged.
- pfsense : wan interfaces with PPPoE configuration.

On physical machine : OK
On pfsense VM proxmox : i have the green arrow wan up, but no ip displayed, no connection.wan gateway status : pending.

I have a linksys am200 modem. i have got the same results.
maybie some specifics parameters to change ?
 
whitewater said:
Hi Spirit,
i have done those tests :
- a vmbr0 bridged port.
- a cisco modem wag 120n plugged.
- pfsense : wan interfaces with PPPoE configuration.

On physical machine : OK
On pfsense VM proxmox : i have the green arrow wan up, but no ip displayed, no connection.wan gateway status : pending.

I have a linksys am200 modem. i have got the same results.
maybie some specifics parameters to change ?
Click to expand...

seem that dhcp is filtering or blocked.

can your try

" iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM"

on host ?

(I have already have this kind of problem with dhcp)
 
whitewater said:
is there a way to correct restore a configuration from physical to a VM machine ?
Click to expand...


Why not use a Cloning program such as CloenZilla, clone entire pfSense physical machine into an ISO image. Then create an empty pfSense VM in Proxmox, then restore the ISO to the virtual pfSense drive? You will get ALL of your pfSense machine that way. Only thing you will have to reconfigure is proper ethX. It would work better if you dedicate couple NICs in your proxmox node for pfSense WAN facing network only. So no other internal traffic going through the same ethX. Much safer that way should your firewall be compromised.
 
Hi Symmcom,
Well, i don't know if it should be very different, because my fresh pfsense install work.
Restoring a backup give same pfsense configuration as a clonezilla. I should have too reconfigure ethX like restoring backup.
and maybie, same problem with the clonezilla, because ipsec and pppoe connection problems are a "virtualisation ethernet" problems.
With PCI passthrough, i haven't them.
Only traffic passtrough problem : queue aren't display when i choose "status, queue".
Maybie something, a cache, to clear ?
I think i will try to reconfigure each parameters from my pfsense to the VM.
 
whitewater said:
Hi Symmcom,
Well, i don't know if it should be very different, because my fresh pfsense install work.
Restoring a backup give same pfsense configuration as a clonezilla. I should have too reconfigure ethX like restoring backup.
and maybie, same problem with the clonezilla, because ipsec and pppoe connection problems are a "virtualisation ethernet" problems.
Click to expand...

Yes with restore using Clonezilla you will have to reconfigure your ethX, since the backup will not find the original physical NIC anymore. But after reconfiguring all virtual NIC properly, everything should just work.

whitewater said:
With PCI passthrough, i haven't them.
Only traffic passtrough problem : queue aren't display when i choose "status, queue".
Maybie something, a cache, to clear ?
Click to expand...
I am not quite sure what you meant here.

whitewater said:
I think i will try to reconfigure each parameters from my pfsense to the VM.
Click to expand...
You do not have to reconfigure item by item. There is a Backup/Restore feature in pfSense that you can use to transfer all configuration from one pfSense to another. The option is under pfSense > Diagnostics > Backup/Restore.
 
what will the difference between clonezilla and backup / restore solution ?
because i think my problem aren't configuration but virtualisation. so, use backup / restore or clonezilla give me the same problems, i think.


with PCI passtrough, i haven't the problems of PPPoE and IPSEC connection, like i have described at my topic.


when i restore traffic shapping parameters, LAN traffic doesn't work. So, i click to "status, queue".
i should have all queue status. But i haven't that.


Status queue page show :
"No queue statistics could be read".


if i delete traffic shapping rules, LAN can go to internet.
 
To spirit,
does your command line affect anything else ?
" iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM"
 
Hi,

not sure which version of pfsense you are using but I had problems with VirtIO drivers for my ethernet cards. So I changed them back to E1000 because I do not have so much throughput that it would make a difference if I use VirtIO or not. As you said you are using ADSL then you will probably have no problems using E1000 as NIC.

I had problems when running my LAN interface on VirtIO and running squid. Traffic which wasn't going through port 80 (transparent squid) worked without any problems. Traffic through squid didn't work or a webpage took ~10min to load. Bypassing squid for a specific computer solved the problem. After many searches I changes from VirtIO to E1000 and everything worked. I do not have any explanation for that.

So at the moment I am running pfsense I386 with KVM Hardware Virtualization, CPU=host, NICs=E1000 and the VirtIO HDD drivers. This works in my environment.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back