Friday, February 6, 2015

Install pfSense on XenServer Part 1

In this post I'll walk through the steps required to install pfSense (and pretty much any other OS for that matter) on XenServer. And this is because we're going to cheat. That's right.

It's really easy in principle: Install Oracle VirtualBox on your PC, create your virtual machine there and import it. Done. If you feel confident enough, go ahead and do it yourself but I'm going to actually go through it, as it has 1 or 2 things that if you don't get right, you might end up with problems.

On with it then:

Step 1: Install pfSense on a VirtualBox VM:




While creating the VM, the important part is making sure your hard drive file type is importable by XenServer. Select VMDK and you can't go wrong.


 

Add the same number of NICs that your VM in your XenServer will have. This step is not as important as the others, but that's how I do it. In this case, I only have WAN/LAN interfaces so I only need two.




Don't forget to add a pfSense ISO in the CDROM of your VM


After that, boot it up and follow the install screen. After the pfSense installation is finished, go ahead and configure your IPs as they would appear in your XenServer VM.


Here's another important detail: Go to the pfSense's shell and type:

/usr/local/sbin/ufslabels.sh

This command converts /etc/fstab entries to UFS labels rather than disk device names. This is useful because in case of an upgrade, the disk device names might change and you might get stuck with an unbootable pfSense until you try and resolve the issue.



We're done with VirtualBox so halt the system. it's time to import it to XenServer.


The process is rather easy, but it's included here for completess' sake:





At this point, you will only have only one network as an option to add. No worries, we'll just select one of the correct NICs and add the second one later.
 


Don't worry about OS fixups. Just continue.




This is getting graphics heavy, so I'm going to make this a 2-part post.

3 comments:

  1. Great guide, thanks for this!
    A question; instead of your solution with the NICs, is it better topci-passthrough them to the pfsense VM? To get it faster and perhaps more secure?

    ReplyDelete
    Replies
    1. Sure. I can't see a reason for a NIC that's configured as pci-passthrough to not work with a pfSense VM. That's a good idea for a post in the future perhaps!

      Delete
  2. I cannot import my pfSense from vb to xenserver it says " fail to import"

    ReplyDelete