Build your own Windows Cloud Infrastructure with LXD. To achieve this we use VMs on the LXD host with pfSense and Windows Server 2022.
I use an OVH dedicated server with the following specifications for this post:
– Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz
– 64 GB DDR4 ECC Reg
– 1 Public Host IP and 1 Single additional IP for pfSense
– 2x 450GB NVMe storage with 30G for /, 16G SWAP, 1G boot and 375G for ZFS
– ZFS mirror with compression enabled on LUKS encrypted partitions.
I prefer a dedicated IP address for pfSense, but you can also use the default NAT network in LXD for internet access. Use the proxy/NAT functionality to open ports from WAN to your pfSense installation.
Architecture:
– Router (pfsense) connected to LAN and WAN
– Windows Server connected to LAN
– LXD host is not part of the LAN network
– OpenVPN tunnel from home to pfSense to manage Windows servers with RDP or Admin Center.
Prerequisites:
– Ubuntu 22.04 with LXD snap (5 stable or newer)
– Public IP (macvlan) or network with NAT for WAN
– LAN network without NAT
– Check the default LXD profile before starting! (memory, disksize etc.)
Create LAN network:
lxc network create LAN ipv4.nat=false ipv6.nat=falseUnset IP addresses:
lxc network set LAN ipv6.address= ipv4.address=Check your LAN network:
lxc network show LAN
config:
ipv4.nat: "false"
ipv6.nat: "false"
description: ""
name: LAN
type: bridge
used_by: []
managed: true
status: Created
locations:
- noneDownload pfSense (USB Memstick Installer + VGA Console) and extract it to your LXD host.
Create the pfSense router (replace value in eth0 hwaddr= and replace eno1 with your parent host NIC):
lxc init pfsense --empty --vm -c limits.cpu=1 -c limits.memory=1GB -c security.secureboot=false
lxc config device add pfsense eth0 nic nictype=macvlan parent=eno1 hwaddr=00:00:00:00:00:00
lxc config device add pfsense eth1 nic name=eth1 nictype=bridged parent=LAN
echo -n '-machine pc-q35-2.6' | lxc config set pfsense raw.qemu -
lxc config device add pfsense install disk source=/home/user/pfSense-CE-memstick-2.6.0-RELEASE-amd64.img boot.priority=10
lxc start pfsense --console=vgaI prefer UFS without SWAP partition for flash storage. Follow the wizard to install pfSense.
Type the poweroff command after the setup (select shell) to power the VM off.
Change the bootorder (higher boots first) and remove the installation ISO:
lxc config device set pfsense root boot.priority=15
lxc config device remove pfsense iso
lxc start pfsense --console=vgaFollow the steps to configure pfSense.
eth0 = WAN
eth1 = LAN
Install the distrobuilder to repack the ISO with drivers for LXD:
snap install distrobuilder --classicapt install genisoimage libwin-hivex-perl wimtoolsDownload the Windows Server 2022 ISO (replace ws2022 with the ISO name) and repack windows:
distrobuilder repack-windows ws2022.iso ws2022-repack.iso --windows-version 2k22Create your Windows VM, connect it with LAN and follow the setup wizard:
lxc init server2022 --empty --vm -c security.secureboot=false -n LAN
lxc config device override server2022 root size=40GiB
lxc config device add server2022 iso disk source=/home/user/ws2022-repack.iso boot.priority=10
lxc start server2022 --console=vgaRemove the ISO after the setup:
lxc config device remove server2022 isoDon't forget to enable RDP (3389 TCP) after the installation.
Optional: Download and open the VirtIO ISO to update drivers in Windows.
There are currently no available drivers for vsock (1053) and 9p (1009).
Set up OpenVPN in pfSense to connect remotely to Windows servers in your LAN network.