After a quick test install of pfSense 2.2’s beta image (dated 1017 – I see there are two newer builds up since then), I’m pleased to report that Xen support works with pfSense 2.2 without rebuilding it! yay!
I’ve been running a build of pfSense 2.1 I built over a year ago (crikey.. already?), to add Xen support myself. Its been great, but after Electric Sheep Fence locked down their git repository (bastages!), I haven’t bothered upgrading. Here’s my current build:
As you can see, I’m running it with 2 threads on my Xeon X3450, and have given it 2GB of memory to work with, as its not just being a router/firewall, but is also running a Squid transparent http caching proxy, as well as being the endpoint for my AirVPN connection.
So for those looking to do your own install of pfSense 2.2 based on FreeBSD 10, on a Xen environment, here’s the config file I used to run up the installer:
# # pfSense 2.2 pvhvm installation # name = 'pfsense22' builder = 'hvm' maxmem = 2000 memory = 2000 vcpus=2 acpi=1 apic=1 vif = [ 'bridge=xenbr0, mac=00:3e:16:02:02:99' ] disk = [ 'phy:/dev/vg_ssd/pfsense22,xvda,w', 'file:/mnt/isos/bsd/pfSense-LiveCD-2.2-BETA-amd64-20141017-1127.iso,hdb:cdrom,r' ] # Boot from the cdrom device boot='d' vnc=1 vncunused=0 vnclisten = '0.0.0.0' vncdisplay=20 vncconsole=1 serial='pty' on_poweroff = 'destroy' on_reboot = 'destroy' on_crash = 'destroy'
Once the install is complete, when it goes to reboot, it will terminate, thanks to the “destroy” for the on_reboot entry. That gives me the chance to edit the file for actual use, rather than just install. Also note that I have it set to create a VNC console on the dom0 for the console – this is something I do for all my VM’s, as I like to have console access available sometimes.
For production use, the lines I change or add are:
#disable the xen bridged virtual network interface #vif = [ 'bridge=xenbr0, mac=00:16:3e:00:99:03' ] #Remove the ISO image and add a data drive for the Squid cache disk = [ 'phy:/dev/vg_ssd/vm_pfsense22,xvda,w', 'phy:/dev/vg_hdd/pfsense_data,xvdb,w'] #set the boot drive to the primary "disk" boot='c' #put the reboot interrupt back to rebooting the VM on_reboot = 'restart' # Passthrough two physical network cards for duty as LAN/WAN interfaces. These are connected to two physically separate network subnets. pci = ['03:00.0','03:00.1']
Note that I don’t run Xenserver – so if any of you reading this do, and give pfSense a test, please report back as to whether it includes the xen-tools support, for the benefit of others. In a week or two, I’ll be grabbing the latest beta snapshot and installing it to actually run my network, with the fallback of booting up the VM I’ve been using for the last year if anything is too broken 🙂