i’ve created my own wifi router & firewall using pci passthrough for the network card to a kvm/libvirt/qemu virtual machine running pfsense hosted on an ubuntu server and it works well enough; but the pci id changes roughly every other reboot.

i was thinking of adding another hack in the form of a bash script to launch the vm and then modify the virtual machine’s xml if there’s a problem and then attempt another relaunch; but this entire exercise has taught me the hard way that hack-on-top-of-hack-on-top-of-hack is impossible to remember and there will come a point where something will break and i’ll spend a couple of days relearning how to build my own router again.

any advice on how to make it all more mindless and/or graceful?

  • @eldaviOP
    link
    English
    2
    edit-2
    1 year ago

    i learned the hard way about a decade ago that i lack the patience and sufficient enough attention to detail to run a public facing server of any kind; so the biggest benefit of using pfsense is peace of mind.

    the 2nd biggest benefit is a perpetually self auto updating firewall and significantly improved capacity without having buy to a new router every few years. i started this rebuild because i’m anticipating a gigabyte connection and the previous network adapter i was using for pci pass through would have been the biggest speed bottleneck.

    the 3rd biggest benefit is that i also use the host as an everything server including backups, extra storage, internet accessible storage, print, media, torrent, automatic vpn, automatic ad blocker and tv via kodi and i don’t have to configure most of it since those capabilities are click-on-a-checkbox-to-turn-it-on easy thanks to the pfsense software.

    finally: each time i have to do it, i learn at least one new thing about the foss ecosystems/projects related to the components/services that i have to build and how they’ve changed or how alternatives are needed since the last time i did it.

    btw: the server is handling the dhcp and wifi using networkmanager because hostapd is about 25% slower and pfsense is only the firewall and most of those services i mentioned earlier.