 PF Sense and a virtual machine. So this is a guide to how to set up PF Sense in XCPNG. Now, I'm not gonna go through the whole install of PF Sense. I have another video about getting started with PF Sense. Everything follows the same as far as the, how to install it. There's nothing special you do on the install. And as stated here, when creating a VM, just choose the other install VM template. And that's right here, because there's not a BSD template. And then just build out your PF Sense virtually, however you wanna build it with how many network interfaces and parameters, CPUs, memory, et cetera, and choose the PF Sense ISO and go through the install. So that part's pretty straightforward. Next, they talk about this. And this is the part that is technically incorrect here because you don't need the guest tools.iso in order to get this package installed. So that can be eliminated. Maybe I'll suggest a request to edit and remove that. But we do need this. And the way you install the package for XE guest utilities, XE guest utilities are built into BSD repository. So you go package install XE guest utilities. Now you can do that from, I got my lab up and running here. You can do that by logging into the council and putting the commands in here. I happen to have SSH enabled on my VM here. So I'm just gonna SSH into it. So it's at 172.16, 69, one more two. Go to shell. Then now we can actually just paste in the command. I know you shouldn't copy and paste things off of the internet, some website and paste them in there. But for expediency and rather than much time, make a bunch of typos. And there we go. Package install XE guest utilities, order repositories up to date, fetching meta attacks, et cetera, et cetera. It says it's already up to date because I've already loaded it on here. Now the next couple of things we need to do are these here. Echo enable yes to the RC local. Then you create a symbolic link here and then service Zen guest start. Now the reason you put this in here so it runs on startup. So if we did service Zen guest, you can see Zen guest is already running. And if we go to vi, so et C RC, RC comp.local, we can see I put it in here. And all it is is then guest enable yes. And then that's symbolic link that it also said to create. Now those are the only things you have to do to get it up and running. And once you start the service, you don't even need to reboot PF sense again, but the goal is not to have to start it every time manually. So that's what this does is start it up automatically. After that, we can just exit out of the council because there's nothing else we have to do with this particular inside of PF sense council. So now PF sense is configured and has the guest utilities running, but there's still one more step. And this is the way PF sense handles the offloading. Now I think I had mistakenly said another video. Well, because that was video was done over a year ago, I didn't know the workaround for this. So I had actually said to turn off hardware offloading if you had problems and with certain network cards that seem to have problems, but there's an easier way where you just turn off inside of XC PNG and set the parameters here. And this part's all correct and does solve any weird quirks you may run into with the network card. So they walk you through and this is, I'll show you quickly what this does. Let me go back over here. And if we do XC VM list, and we can dump a list of the VMs and then walk through everything they said and find the network attached to it. And that works, their methodology's correct for that, but I'm gonna show you a shortcut to doing this. So go over here and go to networks. I'm using Zen Orchestra, which can makes a lot of things convenient. One, if you wanna know the UUID of PF Sense or whatever VM you're running, you can click here and copy it. But we can go right to the point that they're getting to, which is set the parameters on the network. So we're gonna go here and we can see each network parameter and each one of the UIDs. Now, technically you should be setting these with a shutdown because, or you have to restart it when you're done setting parameters. When you apply these parameters you have to shut down, not restart, but shut down a VM and restart it and it'll come back alive with the parameters. You can set the parameters while it's live, but they don't take effect until you shut down that VM and restart it back up. Not restart it, but go through the process because that's when it will pull all the new parameters when it starts back up after being in an off state. So here's the MAC address, here's virtual interface one and this needs to be, like they said, completed for each interface that you have. So we just click this to copy it, go back over here and put in XE-VIF-ParamSetUUID equals and Control Shift Insert, if you didn't know is the default for paste. And then we just paste it in that UUID that we pulled from there and then it's other config, ethetool-txoff. That's it, we set it. Now, I'm just gonna up arrow and then I can repeat this by deleting the UUID and paste one each in and away we go and it'll set the parameter. So that was already done because this is my lab machine. Now we're gonna do param list for this UUID and then you can see under other config ethetool-txoff and this is what fixes that. That's now shows that it's been set on this particular interface. Now a couple of things about setting this on this interface, you're probably wondering what happens when you clone at time because you're always cloning to do these. You're absolutely right. And that's actually a nice thing about the way XCP and G works. So we're gonna go ahead and shut down my PF sense and then we're gonna make a clone of it. So we're gonna go ahead and just halt this instance. All right, and we will fast clone this real quick. So we have another lab set up instantly. There's my cloned lab. There's the network interfaces for it, which when you clone it does create new MAC addresses but duplicates all the interfaces. So they're all connected to the same network they were. And like I said, this is actually my process for making a new one and go into lab and then it'll be whatever demo I have. Some demo, there's our demo one. Now let's look at the parameters on these. So we're gonna copy this one here and it's a different UUID than what we had before. So the UUID the one we checked before was 291F was the last couple digits here. So we'll just up arrow again or more specifically AB8, AB8F5, this is the one for this. And there's the same config, it copies them over. So this is attached to the VM. So even when you clone the VM, move it back and forth between other units in the pool, this parameter follows it. And this is what allows me to easily create these and get these lab demos up and running, delete them, won't destroy them and away we go. So one last thing about it, and I'll show you here and we get it. There's starter PFSense back up here. So even though PFSense is virtualized, if you have an AES and ICPU, now this is not a requirement to PFSense but the AES and I parameters are helpful when doing things like VPN and they do pass through perfectly fine because these will pass right through the virtualization layers and be passed on and those features of the processor go within PFSense. So if you want to have the faster VPN via the AES and I, yes, that does pass through. Someone had asked that before as a curiosity. So it likes, it's not a requirement. There's a big debate about that where they were talking about making a requirement. It's not required, but still AES and I crypto does help with VPN speeds. So if you are running this in virtualized and a VPN, it will work and pass that right through so you can get good performance. Now, the last thing I'll show you in case people are curious is does it work? Will it do gigabit routing? Now, these are connected to gigabit. These are separate VMs running. So let's just do a quick test on that. So we have my Debian 9 here, looking at the council and this is actually sitting at the network of 69207. PFSense lab is 69112 and now let's spin up a VM behind it. So we'll put this in VLAN 10 lab. This is 10-1-10-107 and we're gonna go ahead and do an IPerf test to the 172-69207, which is on the same network as the WAN of the PFSense. And we're getting pretty much gigabit speed out of it. And then you can see the data being passed through from here to LAN 2. So it works perfectly fine. Gigabit speed is not a problem with it. Like I said, these are physically running on two separate machines. That way it's passing across there. You're gonna get faster if you're all running it in one single machine because of a network never leaves. That's a different topic. I won't get into that today. But to give you an idea, yes, that works. Yes, it works at full network interface speed. Granted, it shares this network interface, particularly on my machine with several other VMs that I have running. So there are other factors that may come into there, but for the most part, you can see I'm getting over 900 speed on there, even though it's shared with a few other things, which doesn't include a camera system that may be degrading a little bit of the performance that's getting on there. But that's it. That's all you gotta do to get it up and running. And it works perfectly fine. Like I said, I do all my labs with this. I haven't had a problem. I know a lot of people have run production systems in virtualization. I don't mind doing that, depending on the circumstances provided you have plenty of failover and high-end machines to be able to have it there. I still currently run mine not in AVM, but in a physical machine. That way, if I ever have to take down my XCPNG servers for whatever reason, it doesn't take down my internet at the same time, but that's just my personal preference. But it is perfectly fine. Lots of people have run it inside of here. And if you're wondering about running in other virtualization stacks, far as I know it works fine in all of them. I don't have everyone to test, but I do know that they offer packages. If you wanna run a VMware, natively installed right from here without having to go to the command line and do it, it does have a package. Maybe one day they'll insert the Zen package so you can install it as an available package. But obviously it was quite arbitrary to install it from the command line, pretty easy as it's built into the BSD system. All right, thanks. Thanks for watching. If you liked this video, give it a thumbs up. If you wanna subscribe to this channel to see more content, hit that subscribe button and the bell icon, and maybe YouTube will send you a notice when we post. If you wanna hire us for a project that you've seen or discussed in this video, head over to laurancesystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you wanna throw at us. Also, if you wanna carry on the discussion further, head over to forums.laurancesystems.com where we can keep the conversation going. And if you wanna help the channel out in other ways, we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.