Join Log in
Score:1
Lost_Ones avatar Server

Installing pfsense 2.5.2 ( freebsd 12 ) in KVM

cn flag
Lost_Ones

Seems that I am having an issue installing pfsense firewall which is build on freeBSD12 into a qemu/kvm in Ubuntu.

When it starts to boot, prior to the 'Install Box' I get a kernal panic Image of fail

Here are my versions

bridge-utils is already the newest version (1.6-2ubuntu1).
libvirt-clients is already the newest version (6.0.0-0ubuntu8.15).
libvirt-daemon-system is already the newest version (6.0.0-0ubuntu8.15).
qemu-kvm is already the newest version (1:4.2-3ubuntu6.19).
virt-manager is already the newest version (1:2.2.1-3ubuntu2.1).
virtinst is already the newest version (1:2.2.1-3ubuntu2.1).

It seems that there had been a bug in the past where you needed to have the chipset to i440fx, however that is where I am set.

I have tried with both qcow2 and ISO storage as other posts that i have read suggested, but to change to the error. I also have re-downloaded the install pfsense ISO form a different mirror, as well as tried to install just freebsd 12. I get the same kernel panic.

I am not sure if this is a setting that I am missing in kvm, as I am new to it, or if the version that I am using has issues with freebsd?

As a side note / update, I have been able to install OPNsense which uses a different BSD as I recall.

virt-manager Config XLM

domain type="kvm">
  <name>freebsd12.0</name>
  <uuid>ec3e8b14-bceb-49d9-a4bd-1608af31fc9d</uuid>
  <metadata>
    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
      <libosinfo:os id="http://freebsd.org/freebsd/12.0"/>
    </libosinfo:libosinfo>
  </metadata>
  <memory unit="KiB">1048576</memory>
  <currentMemory unit="KiB">1048576</currentMemory>
  <vcpu placement="static">1</vcpu>
  <os>
    <type arch="x86_64" machine="pc-i440fx-focal">hvm</type>
    <boot dev="hd"/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <vmport state="off"/>
  </features>
  <cpu mode="host-model" check="partial"/>
  <clock offset="utc">
    <timer name="rtc" tickpolicy="catchup"/>
    <timer name="pit" tickpolicy="delay"/>
    <timer name="hpet" present="no"/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <pm>
    <suspend-to-mem enabled="no"/>
    <suspend-to-disk enabled="no"/>
  </pm>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type="file" device="disk">
      <driver name="qemu" type="qcow2"/>
      <source file="/home/jc/Virtual Machines/pfsense.qcow2"/>
      <target dev="vda" bus="virtio"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x07" function="0x0"/>
    </disk>
    <disk type="file" device="cdrom">
      <driver name="qemu" type="raw"/>
      <target dev="hda" bus="ide"/>
      <readonly/>
      <address type="drive" controller="0" bus="0" target="0" unit="0"/>
    </disk>
    <controller type="usb" index="0" model="ich9-ehci1">
      <address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x7"/>
    </controller>
    <controller type="usb" index="0" model="ich9-uhci1">
      <master startport="0"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0" multifunction="on"/>
    </controller>
    <controller type="usb" index="0" model="ich9-uhci2">
      <master startport="2"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x1"/>
    </controller>
    <controller type="usb" index="0" model="ich9-uhci3">
      <master startport="4"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x2"/>
    </controller>
    <controller type="pci" index="0" model="pci-root"/>
    <controller type="ide" index="0">
      <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x1"/>
    </controller>
    <controller type="virtio-serial" index="0">
      <address type="pci" domain="0x0000" bus="0x00" slot="0x06" function="0x0"/>
    </controller>
    <interface type="bridge">
      <mac address="52:54:00:55:83:9c"/>
      <source bridge="br1"/>
      <model type="virtio"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0"/>
    </interface>
    <serial type="pty">
      <target type="isa-serial" port="0">
        <model name="isa-serial"/>
      </target>
    </serial>
    <console type="pty">
      <target type="serial" port="0"/>
    </console>
    <channel type="spicevmc">
      <target type="virtio" name="com.redhat.spice.0"/>
      <address type="virtio-serial" controller="0" bus="0" port="1"/>
    </channel>
    <input type="mouse" bus="ps2"/>
    <input type="keyboard" bus="ps2"/>
    <graphics type="spice" autoport="yes">
      <listen type="address"/>
      <image compression="off"/>
    </graphics>
    <sound model="ich6">
      <address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x0"/>
    </sound>
    <video>
      <model type="qxl" ram="65536" vram="65536" vgamem="16384" heads="1" primary="yes"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0"/>
    </video>
    <redirdev bus="usb" type="spicevmc">
      <address type="usb" bus="0" port="1"/>
    </redirdev>
    <redirdev bus="usb" type="spicevmc">
      <address type="usb" bus="0" port="2"/>
    </redirdev>
    <memballoon model="virtio">
      <address type="pci" domain="0x0000" bus="0x00" slot="0x08" function="0x0"/>
    </memballoon>
  </devices>
</domain>

Thoughts on what to try are greatly appreciated.

Regards,

165
0 + 0
mashuptwice avatar
ua flag
mashuptwice
There were quite a few bugs in the past involving freeBSD and KVM. Would you mind trying to install OPNsense?
0
Reply
Lost_Ones avatar
cn flag
Lost_Ones
I have had success with OPNsense install. No change to the settings that I tried with pfsense
0
Reply
drookie avatar
za flag
drookie
Is the panic identical each time - i.e. does the syslogd trigger the trap ?
0
Reply
Lost_Ones avatar
cn flag
Lost_Ones
The panic seems the same each time, is there a good way to see what triggers? I cant scroll up to see
0
Reply
drookie avatar
za flag
drookie
Seems or is. That was a simple question.
0
Reply
Lost_Ones avatar
cn flag
Lost_Ones
Is :), the screen shot results are the same each time.
0
Reply
drookie avatar
za flag
drookie
Then it's a FreeBSD bug and it should be reported into the FreeBSD bugtracker along with attaching the crashdump.
0
Reply
drookie avatar
za flag
drookie
But if the backtrace is random each time (even if it's still `fatal trap 12`) then it's not.
0
Reply
mashuptwice avatar
ua flag
mashuptwice
I just tried to reproduce the behavior on Arch and Debian, both work fine. The used versions of libvirt etc. seem pretty outdated.
0
Reply
mashuptwice avatar
ua flag
mashuptwice
@drookie I don't think this is a FreeBSD bug but rather one in KVM or libvirt
0
Reply
mashuptwice avatar
ua flag
mashuptwice
@Lost_Ones would you mind sharing your settings for the VM in virt-manager, preferably the XML?
0
Reply
Lost_Ones avatar
cn flag
Lost_Ones
I hope that when I go to overview, that has it all. Added it the original post
0
Reply
mashuptwice avatar
ua flag
mashuptwice
Just tried to also reproduce it on Ubuntu with the same config. For me it works without a problem. Which version of ubuntu are you using? The KVM related packages seem to be pretty outdated.
0
Reply
Lost_Ones avatar
cn flag
Lost_Ones
Kubuntu 20.04 VERSION="20.04.3 LTS (Focal Fossa)" Installed via sudo apt
0
Reply
Score:0
mashuptwice avatar Server
ua flag
mashuptwice

It seems you are using a very old version of libvirt.

You have the following options:

use OPNsense instead

OPNsense is a fork of m0n0wall as PfSense is. It has a similar set of features, but sometimes it feels a bit more complicated to do the same things. OPNSense builds on top of HardenedBSD, with overall better security and addresses various security issues of PfSense, like running the webinterface as root.

I switched from PfSense to OPNsense about half a year ago and so far haven't had any problems with it.

install newer version of Kubuntu

You could simply go with a non-LTS version of Kubuntu.

wait for Kubuntu 22.04 LTS

Ubuntu 22.04 LTS should be released on 21 April 2022.

Upgrading is quite easy and gives you access to newer packages.

If you can wait that long and want to stay on a LTS version, this would be the preferred option.

find a PPA with newer versions

The hardest part would be to find the PPA, adding it is quite easy.

build it yourself

Add the deb-src of a newer version of ubuntu to your sources.list and get the necessary packages, or get a tarball for each of them and compile them according to their documentation.

libvirt for example is compiled via meson.

0 + 0
Lost_Ones avatar
cn flag
Lost_Ones
Outstanding information. I have been using OPNsense for a few days now, and I found it rather straight forward to setup. I appreciate the attention and I will digest what route that I will go.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.