Hi, I tried and it works. Only problem is the chronyd service not starting for permissions reasons, despite the container being unprivileges. Have you encountered the same problem?
Strange, on first install in LXC it reports error for chronyd. This is a limitation that I have always encountered in containers or the permission denied to time management. However I use neth7 as VM with virtulabox for 2 years and then migrated to cluester proxmox for 1 year. I found LXC interesting as it is very fast but unfortunately for some limited functions.
LXC use the kernel of the host, probably for shorewall you could have some issue I bet, KVM is an isolated host and inside you can install whatever compatible x_64 distro with your processor (even if with qemu you can install some ARM distro)
Yes indeed, very fast but unfortunately I found limitations in the management of time and ssh on lxc linux credited on AD nethserver and login user domain. To keep it simple, linux lxc join on AD nethserver but if you try to ssh login with user @ at nothing to do, permission denied errors appear!
To allow external connections to a LXC, you must disable "unpriviledged Container) and enable some “Features”.
And running as AD, you NEED external connections! How else is a client supposed to do auth on the NethServer when no connections is allowed?
Also: Turn of the standard Proxmox Firewall (On the virtual NIC) of each VM!
Sthepanè the photo is mine, if you refer to the image. If yes my pfsense is not a test it works perfectly with 4 interfaces, vpn captive portal and zabbix client to be monitored. The only limitation is no qemu-guest-agent!
OPNsense also works very well as a KVM in Proxmox, also no qemu-guest-agent available.
This is good enough for productive use (eg spare firewall) or even for clustering with CARP.
Very useful for testing / learning / practicing CARP with 2 virtual Firewalls!
Both OPNsense and PFsense fully support VirtIO, so you get nice 10 GBE NICs on your virtualized Firewall!
And using a larger, eg 120 GB Disk, allows Squid Proxy to run here!
I’ve run all three BSDs on Proxmox, the QEMU Agent is not really necessary.
Read here about the development status:
The guest-agent FreeBSD port is not complete, it does not support fsfreeze/thaw (for consistent backups), so this, the most important feature is missing.
The only advantage you will get, is have the network/ip data shown in PVE - VM summary, if this is worth to compile and run an unstable piece of software in your VM?
sadly there is not more support in development…
Only issues are a non clean shutdown, eg when invoked by UPS…
I use an external Raspberry as NUT server, and also connect my virtual OPNsense to this NUT server, then I have no issues with the UPS.
BSDs Softupdates in the FS prevent corrupt Filesystems very well.