I have this setup. Upfront, I would not recommend Proxmox, the update methods are annoying. The better way is straight Debian with Incus installed, then you get straightforward stable Debian updates automatically - they won’t break anything and you’re secure. Sometime I’ll redo it - I haven’t because, of course, it is my router and when its down I don’t have internet! So foreboding and on the back burner.
Also also Proxmox’s GUI leaves a lot to be desired (for me, it looks like ass and is confusing), Incus is nicer for VM control and Cockpit is nicer for host control. After typing all that I realize I’m a hater at this point
I haven’t really noticed downtime issues cause of Proxmox updates cause I just do it when nothing is happening. And Proxmox hasn’t bricked itself, though I am wary of it because that has happened to others due to their rolling release update style.
I’ve got a Dell Wyse 5070 Extended with a 2 port Intel NIC in it. I pass both ports through leaving the built-in port for managing Proxmox.
Here are my notes:
Set NIC PCIe Passthrough for Network Card
nano /etc/default/grub
Edit this line by adding intel_iommu=on to get
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"
update-grub
nano /etc/modules
Add these lines
vfio
vfio_iommu_type1
vfio_pci
vfio_virqfd
update-initramfs -u -k all
reboot
Click on 2nd level thing named router on the left side vertical bar hierarchy thing and then click in the top right the blue Create VM button.
General tab
Name: OPNsense
Start at boot: checked
Start/Shutdown order: 1
Startup delay: 15
OS tab
Use media: DVD version (usb might work) of OPNsense.iso
System tab
Machine: q35
Bios: OVMF (UEFI)
Storage: local-lvm
UNCHECK Pre-enroll Keys (HATE)
Hard Disk tab
Disk size (GiB): 15
Discard: checked
SSD emulation: checked
CPU tab
Cores: 4
Type: host {makes it not moveable between diff CPU types but will theoretically allow for more speed}
Memory tab
Memory (MiB): 2048
Minimum memory (MiB): 512
Network tab
No network device: checked
Confirm tab
Do not start on creation
After creation, go to Hardware tab in the 2nd left vertical list on the browser page and click add
Go to the Console tab in the 2nd left vertical list on the browser page and hit enter to get to a command line in the OPNsense VM
!Add expand storage via command line!
And lastly, during setup I have these notes
It will choose wrong (WAN gets igb1 and LAN gets igb0 -> we want WAN gets igb0 and LAN gets igb1)
Default User: root, PW: opnsense (they don't tell you anywhere, you don't have internet b/c this is your new router, fuck em)
**Access at 192.168.1.1 via pluging an ethernet cable into the 1st port in a setof forwarded ports**
*Note that we will move it so the 1st port is the WAN (can't access OPNsense from the WAN port for safety), so after following this you access via 2nd port*
So watch out for those things. Not sure quite what I mean by the 1st and 2nd port things, may be related to on setup it had the order of the ports I wanted wrong so they’re switched till setup is complete and it reboots.
I don’t remember doing this at this point, but maybe this info dump will help!
I have this setup. Upfront, I would not recommend Proxmox, the update methods are annoying. The better way is straight Debian with Incus installed, then you get straightforward stable Debian updates automatically - they won’t break anything and you’re secure. Sometime I’ll redo it - I haven’t because, of course, it is my router and when its down I don’t have internet! So foreboding and on the back burner.
Also also Proxmox’s GUI leaves a lot to be desired (for me, it looks like ass and is confusing), Incus is nicer for VM control and Cockpit is nicer for host control. After typing all that I realize I’m a hater at this point
I haven’t really noticed downtime issues cause of Proxmox updates cause I just do it when nothing is happening. And Proxmox hasn’t bricked itself, though I am wary of it because that has happened to others due to their rolling release update style.
I’ve got a Dell Wyse 5070 Extended with a 2 port Intel NIC in it. I pass both ports through leaving the built-in port for managing Proxmox.
Here are my notes:
Set NIC PCIe Passthrough for Network Card
nano /etc/default/grubintel_iommu=onto getGRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"update-grubnano /etc/modulesupdate-initramfs -u -k allrebootClick on 2nd level thing named
routeron the left side vertical bar hierarchy thing and then click in the top right the blueCreate VMbutton.OPNsensechecked115local-lvm15checkedchecked4host{makes it not moveable between diff CPU types but will theoretically allow for more speed}2048512checkedHardwaretab in the 2nd left vertical list on the browser page and clickaddPCI Device...01:00.0 I350 Gigabit...&...01:00.1 I350 Gigabit...(1st & 2nd ones)checkedGo to the
Consoletab in the 2nd left vertical list on the browser page andhit enterto get to a command line in the OPNsense VM!Add expand storage via command line!
And lastly, during setup I have these notes
It will choose wrong (WAN gets igb1 and LAN gets igb0 -> we want WAN gets igb0 and LAN gets igb1) Default User: root, PW: opnsense (they don't tell you anywhere, you don't have internet b/c this is your new router, fuck em) **Access at 192.168.1.1 via pluging an ethernet cable into the 1st port in a set of forwarded ports** *Note that we will move it so the 1st port is the WAN (can't access OPNsense from the WAN port for safety), so after following this you access via 2nd port*So watch out for those things. Not sure quite what I mean by the 1st and 2nd port things, may be related to on setup it had the order of the ports I wanted wrong so they’re switched till setup is complete and it reboots.
I don’t remember doing this at this point, but maybe this info dump will help!