Jump to content
SpaceInvaderOne

*VIDEO GUIDE* A comprehensive guide to pfSense both unRAID VM and physical

49 posts in this topic Last Reply

Recommended Posts

Hi First off thank you for the videos. because of those on youtube I decided to try unraid first for my new server and so far I am absolutely loving it.

 

On 5/2/2018 at 9:01 PM, Tal said:

Just spent the last few hours rattling my brain after watching part 3. My board (MSI P55-GD65) has 2 network ports so I was thinking I could use one for the connection to the internet and the other to my internal network but I just cannot get it to work. If you could suggest where I'm going wrong that would be mighty helpful. Awesome videos by the way. You're videos are the reason I'm using unraid at all. ?

 

Tal had the same idea I had and I was hoping I could get it work with the 2 nics on my board first for more testing to see if I actually like having pfsense on my server instead of a physical device.

 

Would you be able to help us out and point us in the direction on how to use one for wan and the other for lan. this must be possible right?

Share this post


Link to post

My dual 2670 report AES enabled repeating the following 32 times.  But when I change pfSense to support Cryptographic Hardware I get the following on pfSense  2.4.3-RELEASE (amd64) on noVNC:

 

pfsense padlock0 no ace support

 

root@Tower:~# grep flags /proc/cpuinfo
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm epb pti ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid xsaveopt dtherm ida arat pln pts

I changed it back to disabled for now pending advice on this error.  Is AES enabled in spite of this error?

 

Edited by tr0910

Share this post


Link to post

Thanks for the video series. I've been trying to get everything set up on my unraid server and everything seems to be working except for one thing. My unraid server doesn't seem to be getting an ip address from the pfsense VM. I have passed the 4 port Gigabit Network Card to the VM but my original Gigabit NIC that unraid uses is not being passed to the pfsense. Could that be the reason why it's not assigning my unraid server an ip address? I also have a separate physical network card for IPMI which doesn't seem to be getting an ip address either from the pfsense VM. I've assigned static IP addresses for both my unraid server (under network settings) and also my IPMI in my bios but I don't see it anywhere under DHCP leases in the pfsense menu.

Share this post


Link to post
20 minutes ago, bobokun said:

My unraid server doesn't seem to be getting an ip address from the pfsense VM.

Can you describe your physical connections? For example, port 1 of 4 port nic plugged into 16 port gigabit switch, port 2 plugged into ISP modem, etc.

Share this post


Link to post
12 hours ago, jonathanm said:

Can you describe your physical connections? For example, port 1 of 4 port nic plugged into 16 port gigabit switch, port 2 plugged into ISP modem, etc.

 

My Unraid server has 2 eth ports (On Motherboard) + 1 IPMI Port + 4 port NIC (Intel PCIe Gigabit card). Only the 4 port NIC has been passed to the pfsense VM. 

 

4 Port NIC:

Port 1 = WAN

Port 2 = LAN (Direct connection to PC) -> This is used to connect to pfsense to configure settings

Port 3 = WIFI/SWITCH (Using my old router AC68U in Access Point mode, it also has 4 ports + WAN port which I want to utilize as a switch)

Port 4 = Empty

 

The 2 eth ports on my motherboard and IPMI are not physically connected to anything, but I have also tried physically connecting the ethernet port on motherboard and the IPMI port to my AC68U which is connected to port 3 of the 4 port NIC. Ideally I want to avoid physically connecting anything from my motherboard/IPMI port to anything in order to save ports/ethernet cables on the AC68U

Edited by bobokun

Share this post


Link to post

Any interface that needs an IP address assigned has to be physically on the same segment of the passed through port that pfSense is running a DHCP server. If you have DHCP assigned on port 3, then you have to plug your server and IPMI into that same segment.

 

Since you have 2 LAN interfaces defined in pfSense, you could have 2 different sets of firewall rules and such on the 2 ports, for example you could have a switch plugged in to port 2 and have both your IPMI and pfSense on the same segment, with extremely restrictive rules, while putting your general network traffic on the other interface.

 

There is no way that I am aware of to software bridge the passed through ports to the unraid box, you have to physically connect them somehow.

 

If you want to save one port, you could define a LAN segment on port 4 for your unraid box, and just connect a short bit of cable from the motherboard port to port 4.

 

If the particular LAN port as defined in pfSense doesn't have a DHCP server running with valid settings, you won't get an IP address assigned to anything plugged into it.

Share this post


Link to post

Heres the next part in the pfSense series added to the top of this thread post.

 

Part 7 - Firewall rules, Portforwarding/NAT, Aliases and UPnp

Share this post


Link to post

Heres the next part in the pfSense series added to the top of this thread post

 

Part 8  Open NAT for XBOX ONE and PS4

 

Share this post


Link to post

I am trying to get pfSense up and running using the Part 3 of the video series. The video is fantastic, but still I am clueles at some point.

 

I have 4 ethernet ports on my unRAID server:

eth0: Broadcom on the MB. Before installing pfSense, unRAID normally used this port (192.168.1.100). Currently nothing is connected

eth1: Broadcom on the MB. Nothing.

 

eth2: Intel NIC on PCIe (pfSense WAN)

eth3: Intel NIC on PCIe (pfSense LAN) This is connected to the switch.

 

All seems OK. 2 port intel nic is passed through to the pfSense VM. I can reach pfSense VM on 192.168.1.1 but cannot get unRaid on 192.168.1.100. The video gives a solution on DNS resolver page. But I don't use any domain name for unRAID.

 

How can I access to unRAID from LAN which had an IP of 192.168.1.100 previously. If I connect eth0 to the switch separately, unRAID becomes accessible. But, surely this is not an elegant way.

 

Thanks for any support.

Edited by sse450

Share this post


Link to post
On 4/24/2018 at 11:12 AM, gridrunner said:

Hi @joelones Just set in the bios of the pfsense to enable wake on lan. When the machine is off it will still power the lan port for wake on lan.

I use @Squid excellent user script plugin to send a wol ping using etherwake command

This script runs on array stop

 


etherwake 00:01:3e:4e:5a:b8

 

I also use another script for when the array starts

This uses ssh to login to the pfsense machine and shut it down this way only one pfsense is running at a time

ie 


ssh admin@10.10.20.1 /etc/rc.halt

You will need to generate some ssh key pairs on unRAID and copy the public key to the admin user in pfsense.

 

All of this will be covered in my pfsense videos

 

Did this video ever get made, this is exactly what i am looking for, I have a seperate 1u box in the rack that is my pfsense, would love to run it in a VM environment.

Did you also think of a good way to update the configuration on the physical box?

 

Thanks

Myk

Share this post


Link to post
 
Did this video ever get made, this is exactly what i am looking for, I have a seperate 1u box in the rack that is my pfsense, would love to run it in a VM environment.
Did you also think of a good way to update the configuration on the physical box?
 
Thanks
Myk
I think this is still in his queue as he developed a full vm install that can be replicated to bare metal. Next video might be the fail over process.

Sent from my BND-L34 using Tapatalk

Share this post


Link to post
2 hours ago, ijuarez said:

I think this is still in his queue as he developed a full vm install that can be replicated to bare metal. Next video might be the fail over process.

Sent from my BND-L34 using Tapatalk
 

 

That is what I am hoping, and want to do with my setup

 

 

Share this post


Link to post

Another question trying to set this up, what would be the best way to have the unRAID machine and bare metal machine connected to the modem so they can auto switch?  Can you put a small switch after the modem and have both hooked up since only one at a time would be trying to connect to the modem?

Share this post


Link to post
Another question trying to set this up, what would be the best way to have the unRAID machine and bare metal machine connected to the modem so they can auto switch?  Can you put a small switch after the modem and have both hooked up since only one at a time would be trying to connect to the modem?
if you look back at his first video I think he made a diagram on how he had them connected and that's how I think he was going to do the videos

Sent from my BND-L34 using Tapatalk

Share this post


Link to post

Okay, so I have a dumb question. I have pfSense as a VM in unRaid.  I have a quad Intel nic passed through to the VM. Port Designated WAN goes to cable modem, LAN goes to switch, which then goes to all my wired devices and wireless AP's. One of these ports on the switch goes back to the unRaid server onboard nic, which is used to give unRaid network access. This all works great until I restart the unRaid Machine. Obviously, unRaid starts before the pfSense VM can, resulting in the unRaid machine getting assigned a 169.xxx.xxx.xxx address which then results in not being able to access unRaid, have to put the old router back in place to get access again. Am I missing something? / Is there a way to resolve this?

Share this post


Link to post
1 minute ago, adamfritzsche said:

Okay, so I have a dumb question. I have pfSense as a VM in unRaid.  I have a quad Intel nic passed through to the VM. Port Designated WAN goes to cable modem, LAN goes to switch, which then goes to all my wired devices and wireless AP's. One of these ports on the switch goes back to the unRaid server onboard nic, which is used to give unRaid network access. This all works great until I restart the unRaid Machine. Obviously, unRaid starts before the pfSense VM can, resulting in the unRaid machine getting assigned a 169.xxx.xxx.xxx address which then results in not being able to access unRaid, have to put the old router back in place to get access again. Am I missing something? / Is there a way to resolve this?

 

Set a static IP address in unRaid network settings and make it locked/registered to the MAC address of your unRaid server in pfsense.

 

you can always access it via hostname tower.local or whatever you set it too. Just might a little longer to resolve without a dhcp server on the network.

Share this post


Link to post
37 minutes ago, 1812 said:

 

Set a static IP address in unRaid network settings and make it locked/registered to the MAC address of your unRaid server in pfsense.

 

you can always access it via hostname tower.local or whatever you set it too. Just might a little longer to resolve without a dhcp server on the network.

 

Ah, yes. That makes sense. Thank you.

Share this post


Link to post

Hello!

Yuo helped me a lot with your videos and after all your tutorials i followed i pulled the trigger on an intel 4 1gb ports nic.

The problem is that i realized too late my 2500k doesn't support vt-d, so i can't passthrough the PCI-e card to the VM. 

Are there any ways i can install pfSense on a VM?

The hardware configuration is like this:

ISP Modem/Router -> Switch -> unRaid Machine at eth port on motherboard.

I am not a pro in networking and i can't figure out how to configure the 4 ports nic.
 

Share this post


Link to post

Hi All,

 

I'm trying to install this and am not able to boot into the vm.  It won't connect via vnc and gives me a message saying login to server failed.  I've tried OVMF and Seabios with no success on either.  On OVMF, I've tried all the Q35 versions.  I'm able to pass through my 4 port NIC.  Everything was done exactly as in video part 3.  What could be the issue?

 

It's f'ng Safari that is the problem.  Works with Chrome.  Go figure.

Edited by Mlatx

Share this post


Link to post

Hi All,

 

I successfully have offense running as a vm on unraid. I just need to get a cheap backup device. I’m having issues connecting to https with internal sites and through let’s encrypt.  I other words, I can’t connect and no message to proceed with caution. 

 

I have nextcloud setup according to spaceinvader’s video. It’s running under my own domain and proxynet. With my old isp router, port forwarding worked, and I was able to connect. Now with offense, I cannot. I don’t get any errors within let’s encrypt’s logs. 

 

I can’t connect to my OpenVPN server either. I put in the rule for private domain equals unraid.net in DNS resolver. 

 

What could I be missing here? I’ll continue to search but found nothing yet. 

Share this post


Link to post

Hi @SpaceInvaderOne.  

First off thanks for all of your videos.  They have been beyond helpful!  Quick question about pfsense in particular to part 3 of your video.   I have the same 4 port intel nic you have; instead of applying the pci patch to separate out the nic is there any reason why we couldn't do the host dev method you've mentioned in another one of your videos?

Share this post


Link to post

Hello All You Helpful People!! (hint, hint)

 

I want to run pfSense in a VM under Unraid 6.6.6. I followed SpaceInvaderOne's videos, but I'm a bit stuck.

 

I'm trying to get cute with my setup.  I have a SuperMicro server with 4 onboard Intel gigabit lan ports AND a two port 10 gigabit pci card.  All of this is connected to a Cisco L3 3560e switch, which I have configured vlans on. 

 

Now, I'm trying to do the following.  My WAN port from my cable modem goes into switchport 1 (Vlan 80) on my switch.  All my devices can reach the internet because I have InterVlan routing configured.  VLAN 10 is for computers.  VLAN 20 is for cameras.  VLAN 30 will be for ubiquity.  VLAN 50 will be for IOT.

 

Now, I think I can configure the 10 gigabit ethernet ports to be bonded and set up as a trunk port, which I can then use as the LAN port in pfSense.  But, I'm fuzzy as to how/what to configure as the WAN port.  Can I use VLAN 80 as my WAN port, or does it have to be a discrete interface (like one of the gigabit ports)?  Where do I plug in the gigabit port(s)--in VLAN 80, or in VLAN 10 with computers?  And finally, how do I route all traffic through pfSense?  Set it as the default gateway? Or does running the trunk port through it do this for me already?

 

Any help would be appreciated.  Thank you

Share this post


Link to post
1 hour ago, Moose_Flunky said:

Hello All You Helpful People!! (hint, hint)

 

I want to run pfSense in a VM under Unraid 6.6.6. I followed SpaceInvaderOne's videos, but I'm a bit stuck.

 

I'm trying to get cute with my setup.  I have a SuperMicro server with 4 onboard Intel gigabit lan ports AND a two port 10 gigabit pci card.  All of this is connected to a Cisco L3 3560e switch, which I have configured vlans on. 

 

Now, I'm trying to do the following.  My WAN port from my cable modem goes into switchport 1 (Vlan 80) on my switch.  All my devices can reach the internet because I have InterVlan routing configured.  VLAN 10 is for computers.  VLAN 20 is for cameras.  VLAN 30 will be for ubiquity.  VLAN 50 will be for IOT.

 

Now, I think I can configure the 10 gigabit ethernet ports to be bonded and set up as a trunk port, which I can then use as the LAN port in pfSense.  But, I'm fuzzy as to how/what to configure as the WAN port.  Can I use VLAN 80 as my WAN port, or does it have to be a discrete interface (like one of the gigabit ports)?  Where do I plug in the gigabit port(s)--in VLAN 80, or in VLAN 10 with computers?  And finally, how do I route all traffic through pfSense?  Set it as the default gateway? Or does running the trunk port through it do this for me already?

 

Any help would be appreciated.  Thank you

*** IANANA/E (i am not a network architect/engineer) ***

Have you planned out your network? Literally drawn up a map for it? I'm not good enough at network architecture to do anything beyond basic configuration without drawing up a diagram/map/<something> to make sure I'm not missing something. How do you plan on connecting VLAN 80 to pfSense?
 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now