PFSense + HyperV & An odd setup. Will it blend?

I was looking for a 2nd PC to use PFSense on or maybe a decent router for 2.3gb internet with Yayzi... but then I had a thought...

Could I do something else... This: ?

Connect the ONT at the wall to a dual port 2.5gb nic that is passed to pfsense running in hyper v on my PC. Then that is connected via the 2nd port to the 2.5gb on my motherboard.
I also pass though a USB gigabit adapter I use to pfsense that can connect to my router to provide wifi. Or I could use the wifi on my motherboard directly as it is 6E and actaully faster than my AX3000 TPlink router.

Would this work out at all? Is there a better layout I am not thinking of?

£30 odd on a dual 2.5gb network card (id have to check it could send/receive 2.5gb of data at the same time via the 2 ports or it be usless) is far cheaper than £100+ for a router and will have the added security of pfsense.

I'm hoping that would work. Downside is my PC would have to be on 24/7 but its on most the time anyway.

Thoughts?

Edited by Seansmit17 (Sat 25-May-24 04:59:57)

I can't vouch for how pfSense runs in Hyper-V but have run in on a Mac Xserve (rack server) under Virtualbox
and under KVM (Linux+QEMU+LibVirt) on PC hardware.

So personally I'd be doing as KVM physical host with Windows and pfSense guests
that way the attack surface of the host system would be reduced (as would not install the desktop environment)
as Windows (guest) could then be shutdown or even just suspended when not in use.

It's as much a matter of taste though, and experience on how well you can secure either setup.

Edited by prlzx (Sat 25-May-24 15:28:35)

With your approach, if Hyper-V creates virtual network adapters, you don't need to patch the second port of the dual back into your main board built-in.

Your Windows host and pfSense can both have a virtual adapter on the same internal network (or virtual switch if you like) for that and won't actually flow over any physical NIC or be constrained to their speed.

To pfSense it will be a LAN on one of its NICs and to Windows it will see an extra NIC and be able to get its addressing from that pfSense LAN.

You could call that internal network the host-to-guest LAN or whatever makes sense logically.

However you play it you will need to think about your default route though as Windows will sometimes have 2 default gateways while setting it all up and will choose what it thinks has the better metric, unless you configure one of them manually or manage the routes persistently (with route -p add)

Edited by prlzx (Sat 25-May-24 15:54:16)

Thanks,

So a dual port was a waste.. but that being said it was only a little bit more. And when I DO build a dedicated box for this task It will be useful to have a dual port card as then i dont need to worry about either buying another 2.5g card or finding a mobo that has onboard 2.5g networking.

The card arrives tomorrow so I might try getting everything set up but working with my VM connection (hub is in modem mode) just so i know more about what I am doing when my new connection from Yayzi is installed.

Having a play about to get used to how things work with pfsense and networking. Networking is not my strong suit but I can get most things I need to do done.

I have pfsense working in a VM. I have set up an internal switch and set one of my network adapters to be used as well. That is connected to my VM hub in modem mode and things are working... mostly.

I am on the internet fine but pfsense says it does not have an IP from the WAN.. but it must do as I am connected to the net lol

Fun times ahead.

I run OPNsense which is a cousin of Pfsense on a Qotom box with an Intel processor.
The Dashboard shows the IP addresses of the interfaces.

I have hit a roadblock I am unable to get past.

I have pfsense working from what I can tell. I am online at any rate.

But I still need wirless access. So, I put my router in AP mode. Disabled DHCP and set an IP manually (192.168.1.2) pfsense is on 192.168.1.1.

I have my router connected to another network card in my PC and have passed that though to the pfsense vm same as i did for the network card im using for the wan thats connected to my virgin hub.

But I can not access the router from my pc, wifi clients are failling to connect as they are not getting an IP from DHCP. If I set an IP manually there is not internet access and I can not access pfsence either.

I have made sure the interfaces are enabled and even tried to bridge the connections in pfsense and still nothing.

I have no idea what is wrong or what i a doing wrong.

Any ideas?


EDIT:

I did notice one thing.... The VM was off and I still had internet.... So DHCP was getting the VM ip info in windows and not via the VM.. Opps? Maybe thats an issue.. Will investigate


EDIT 2:

FIXED

I dont know what the issue was but after booting, rebooting, unplugging, everything 60 times... POP all of a sudden OPNSense had a WAN IP from VM... And my router thats in AP mode for wifi just popped up on DHCP as well as all my other wifi devices..

Thank god for that. Only took me 6 hours! And I am still not sure what the issue was. I think it was something to do with how the network interfaces were set up in Hyper V's switch manager.

Just glad its all working. Got some practice in for when CityFibre is installed and I got to go and tweak this to work with that set up.

Now I get to play with OPNSense firewall etc etc... but first some sleep to give me heart a rest xD

Edited by Seansmit17 (Sun 26-May-24 05:11:56)

you changed from pfsense to opnsense? as you said opnsense right at the end.

I am surprised opnsense is as popular as it is, it seems to have more users than pfsense now, but so much stuff on it is unpolished, unfinished etc.

If you get the problem again, potential gotchas that can cause LAN connectivity issues.

VLAN configuration.
On hypervisors, virtual switch configuration.
On hypervisors, firewall configuration.
On opnsense, pfsense etc. if using wrong NIC for LAN/WAN.

Edited by Chrysalis (Wed 29-May-24 22:19:34)

Have you seen the Aliexpress Topton/CW/Kingnovy 4 port i226 N100 boxes?

These are ideal for this and will probably pay for itself just in power saving in a year or less depending on how much power your PC uses.

I have a couple (running Proxmox) with one a cold standby and they are pretty much perfect for this.

I have considered them, But I decided on a full desktop to use as a server so i can use it for pfsense as well as a web and game server.

Picked up a 2nd hand I5 4690 system. Planning on sticking a i7 4790K in it soon.

Its got enough power to do what i need. Yes it uses a bit more juice, about 66w at idle currently.

I am having other issues with opnsense/pfsense now but I am still working my way into learning how it all works.

Im sure Ill be posting again soon with issues