Remote Lab, Part 2: Configuring Proxmox

By Mike Jones 13 Feb 2019, 22:02

Part 2: Configuring Proxmox and setting up the base virtual machines for our remote virtual lab.

Now, we’ll need to install Proxmox on the server. I won’t cover the basic installation in this post, but I am using Proxmox VE 5, which is available as a template during installation with OVH’s wizard.

Securing Proxmox’s web interface

Once you have installed your hypervisor and logged in, I recommend taking a couple of extra steps to improve security, because the web interface is public facing:

  1. Set up your own administrative user and disable the default one.
  2. Set up two-factor authentication. I followed this guide.
  3. Get a valid SSL certificate. I followed this guide to get a certificate from Let’s Encrypt using acme.sh (but the steps using certbot look good, too).
  4. Disable password authentication over SSH and use key authentication instead.

Disabling the enterprise apt repository

Unless you have a Proxmox subscription, apt will fail with an exit code of 100. This is because it is trying to read from the subscription-only enterprise apt repository.

Comment out the only line in /etc/apt/sources.list.d/pve-enterprise.list and run apt update.

Network bridges

For the most basic setup, three network bridges are required (which will become the WAN, LAN and OPT1 interfaces in our router). These are configured in the host node’s network settings.

Name Type Ports/Slaves IP address Subnet mask Gateway
vmbr0 Linux bridge eth0 Primary IP address (ex. 5.39.50.60) 255.255.255.0 Primary gateway address (ex. 5.39.50.254)
vmbr1 Linux bridge dummy0 (none) (none) (none)
vmbr2 Linux bridge dummy1 (none) (none) (none)

Virtual hardware for pfSense

Below are the current specifications for my router’s virtual hardware. Your mileage may vary.

Item Value Notes
CPU 2 vCPU A type of "host" (for host-passthrough) is required if you would like to use AES-NI CPU Crypto
RAM 4G
Storage 32G I am using a VirtIO disk
Network Device 1 vmbr0, VirtIO (or E1000) This will be used as the WAN interface
Network Device 2 vmbr1, VirtIO (or E1000) This will be used as the LAN interface
Network Device 3 vmbr2, VirtIO (or E1000) This will be used as the OPT1 interface

In the next part, we’ll install pfSense and configure the basic interfaces.

Read part 3