NIC passthrough for OPNSense VM, Intel NIC 2 ports

SpookyAction

New Member
Oct 29, 2023
10
2
3
Hi,

Using Proxmox 8.0.4, planning to install latest OPNSense 23.7.x. I am familiar with Linux but new to both Proxmox and OPNSense. Looking for advice for the general direction to read further documentation and practice.

The Proxmox host has 3 physical NICs
  • enp4s0 = Realtek RTL8125 built-in in the motherboard. Currently is used by vmbr0 bridge, created at Proxmox installation time.
  • enp2s0f0, enp2s0f1 = Intel card, PCIe 2 ports. Currently not used by Proxmox
My plan is to create a VM and install OPNSense. Which would use
  • enp2s0f0 = for OPNSense LAN interface, connected to a new linux bridge vmbr1. This vmbr1 bridge would also be used later for other VMs and LXC containers, as network device.
  • enp2s0f1 = for OPNSense WAN interface. This NIC will be passthrough, only be used by the OPNSense VM. For beginning while I am learning OPNSense, this NIC will be connected to the home router to get internet. Later on, it will be connected directly to the cable modem. At that point the OPNSense VM will replace the home router.
QUESTIONS:

Q1. Is the plan above doable? Especially the way I plan to use the 2 ports of the same Intel NIC PCIe card: one port for the vmbr1 bridge. One port as PCIe passthrough.

Q2. In case Q1 is possible, I would appreciate if you can suggest links to documentation how to create a new vmbr1 bridge.

Q3. For PCIe passthrough. I find this page Enable Proxmox PCIe Passthrough easier to follow than the Proxmox Wiki, PCI Passthrough. Nevertheless, if you know of any beginner friendly doc to setup NIC passthrough for Proxmox VM, I would greatly appreciate.

Thanks very much for any help.


INI:
# On Proxmox host
cat /etc/network/interfaces

auto lo
iface lo inet loopback

iface enp4s0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.1.80/24
gateway 192.168.1.250
bridge-ports enp4s0
bridge-stp off
bridge-fd 0

iface enp2s0f0 inet manual
iface enp2s0f1 inet manual
 
@wallacio thanks for the documentation, appreciated a lot.

You can't passthrough a single ethernet port on a NIC - you pass through the whole device.

What a disappointment. I could passthrough the built-in Realtek NIC. But unfortunately OPNSense uses FreeBSD which doesn't have good driver for Realtek devices. So I guess my best option for now is to give up on passthrough NICs and use linux bridges instead.
 
  • Like
Reactions: showiproute
I agree with @SpookyAction .

If you want to get into passing through PCIe devices or VFs (Virtual Functions) it's the best to get Intel devices as they usually have good driver support in mostly any OS.
 
If you want to get into passing through PCIe devices or VFs (Virtual Functions) it's the best to get Intel devices as they usually have good driver support in mostly any OS.

What is the relationship between "Virtual Functions" and PCIe passthrough? Can you please direct me to some documentation?
 
What is the relationship between "Virtual Functions" and PCIe passthrough?
Virtual function is when you assigned ens2f0 to vtnet0, you can plug cable from your ISP in and it automatically pass through whereas with PCIe passthrough, you passthrough the entire device. In my setup that's how I have mine, instead of passing through the entire NIC, I let the NIC stay with the kernel and just passthrough the Ethernet port. For instance, I have a Intel i350xt4 and assigned ens2f0=vtnet0=vmbr1 just plug the cable in and pfSense WAN has an IP. In your case, WAN would be: enp2s0f0=vtnet0=vmbr1...
Ideally, one needs at least three Ethernet ports.
 
  • Like
Reactions: SpookyAction
I meant VF in context of SRIOV. So you have one physical card but can create multiple "virtual cards" out of it which can be passed to a VM.
So a VM would be able to see and access the real hardware.
 
  • Like
Reactions: SpookyAction

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!