Proxmox support with no PCI passthrough #59
Labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: hhf/pfatt#59
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Some people can't make PCI passthrough work due to hardware reasons. The readme tells that there is an option for this case
Is it possible to explain a bit on how would you do this? I can directly attach the USB dongle but not the main PCI interface, as my proxmox breaks if I try to.
I do this with Promox and OPNsense-VM as well as VyOS-VM to bridge across a BGW210. You still need 3 nics, and cables connected as pfatt describes but no netgraph. Use whatever interface names you have, but I'll call them eth0 (connected to ONT_IF), eth1 (connected to RG_IF), and Lan can be whatever Proxmox IF/vmbr you choose as normal. You then create 2 Proxmox linux bridges through the Proxmox GUI or editing /etc/network/interfaces (you will need to edit this file to add the necessary post-up command), I'll call them vmbr10 and vmbr11.
auto vmbr10iface vmbr10 inet manualbridge-ports eth0.0bridge-stp offbridge-fd 0#Vlan0 to ONT AT&T bypass
auto vmbr11iface vmbr11 inet manualbridge-ports eth0 eth1bridge-stp offbridge-fd 0post-up echo 8 > /sys/class/net/vmbr11/bridge/group_fwd_mask#bridge RG to ONT for EAP Auth
post-up echo 8 > /sys/class/net/vmbr*/bridge/group_fwd_maskallows the EAP-auth magic to occur. This specific proxmox linux bridge (vmbr11 in this example) will not be used directly by any VM (in fact I hide it from my Proxmox GUI by creating a file named eap_auth in /etc/network/interfaces.d using br0 as the bridge name) but that is not necessary. Give your virtual router the vlan0 bridge (vmbr10 in this example) to use as wan. You can spoof the RG mac address either at the Proxmox router VM network device level or within the *sense wan setup in your case.I have setup the config as directed:
While running tcpdump on proxmox I can see that EAPOL from the GW is not being forwarded as intended. I also checked group_fwd_mask and its correctly set
GW ONT interface:
WAN interface (connected to fiber ONT):
As you can see, the external ONT is sending some EAPOL messages and the firewall is trying to do DHCP but since the first packet was not bridged it does not succeed.
Is there anything you may think is missing? Do I need to do a reboot of the host at some point? Changes were applied successfully as I did reboot the network
I assume enx3c8cf8ebc108 is the USB dongle? I'Ll be honest that I have only used this with onboard or PCI nics. I would at least try unplugging the ONT and RG with Proxmox and the USB already initialized and up and running, in case the USB is slower to power up and start relative to the nics.
@rdelcorro I know this is an old thread/issue but I hit this problem as well and in my case it turned out that the VM inside proxmox is actually attached to a SECOND bridge that also needed to have the group mask set.
In my case this was
fwbr500i2, the name is formatted fwbri so this is for the second interface on VM ID 500. Once I set 0x8 into/sys/class/net/fwbr500i2/bridge/group_fwd_mask.@natebc I ran into this as well. Thanks @A-vesalius for pointing me to this thread.
Any thoughts why some users can get away without having to set the fwbr.... flag while others have to set it?
Perhaps the physical nic has something to do with it? I had to set this on a i211 nic.