Proxmox officially does not run in Raspberry Pi but Pimox does [Link].

Pimox is an adapted build of Proxmox that was tailored to work on the Raspberry Pi 4 (ARM64 architecture).


  • Raspberry Pi 4
    • 2 GB of RAM works but limited,
    • 4 GB of RAM works well,
    • 8 GB of RAM is the recommended.
      • 1.5 GB needs to be reserved to the host system.
  • Storage
    • Min of 16 GB microSD / USB,
    • Recommended >32 GB of fast SSD / NVMe / M.2 over USB.
  • Accessories
    • Power supply,
    • A closed case,
    • Heatsink (passive cooling),
    • 5V fan (active cooling) like a Fanshim [Link].

If necessary, update the RPi’s firmware to prioritize USB boot over microSD.

Write the latest image of the Raspberry Pi OS Lite to the storage media of choice, and fire it up.


Do NOT proceed with the installation via SSH because it will drop the connection, interrupting the installation.

Using the console (physical keyboard, mouse, and a monitor), run the following commands as root, do NOT use sudo.

sudo su
curl >
chmod +x

Note: it will ask for an static IP because it does NOT work with DHCP. Just follow the prompts.

It will show the address of the Proxmox web interface at the end.

Increasing the default swap of the Host:

nano /etc/dphys-swapfile
systemctl enable dphys-swapfile


LXC (Linux Containers) are recommended over VMs to maximize the performance and resources utilization. Read more at [Link].

Make sure the LXC repository you will download from is trustworthy. Only the file rootfs.tar.xz is required [Link].

VM (Virtual Machines) I could not make it work and I doubt it does. Some people on the Internet claim it does. Ubuntu offers ISO files compiled for ARM64 at [Link].


Out-of-the-box Proxmox creates a Bridge network vmbr0 linked to the physical port eth0 and the wireless adapter wlan0 becomes unusable (coming soon a work around for it).

Additional private networks might be required to

  • vmbr0
    • Any CT or VM will have its own MAC address to the network interface and will get an IP from the network attached to the Ethernet port.
  • vmbr1
    • It is always great to have a private network that applies NAT to provide internet access but recycle the IP address of the Host. See steps ahead.
  • vmbr2
    • An isolated network that does not allow internet access can be useful for sandboxing applications or to perform local workloads.
  • vmbr3
    • (in progress – a network linked to the wireless interface)


On the Pimox host, navigate to System > Network > click on Create > Linux Bridge.

Enter in IPv4/CIDR. No other field is required.

This will create a private network capable of communicating with the Host server but no traffic will be routed out.

Setting up the DHCP server via SSH or Shell to the Host.

sudo apt-get update && sudo apt-get install isc-dhcp-server -y
sudo nano /etc/default/isc-dhcp-server

Limit the DHCP server to only bind on vmbr1 only for IPv4 (disabling IPv6).


Specify the DHCP parameters.

sudo nano /etc/dhcp/dhcpd.conf

Append the following to the file content.

default-lease-time 600;
max-lease-time 7200;
option subnet-mask;
option broadcast-address;
option routers;
option domain-name-servers;
option domain-name "host.local";
subnet netmask {

Apply the changes.

sudo systemctl restart isc-dhcp-server
sudo systemctl enable isc-dhcp-server
sudo systemctl status isc-dhcp-server

At this point, any net CT or VM attached to this network will be able to receive an IP automatically.

Setting up the Forwarding / Routing via SSH or Shell to the Host.

sudo ufw enable
sudo nano /etc/ufw/sysctl.conf

Uncomment this configuration or add if you do not find it:


Do the same for /etc/sysctl.conf.

Edit/create the startup script:

sudo nano /etc/rc.local

Add the following content.

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Port forwarwind rules must be placed here
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
exit 0

Apply the changes.

sudo chmod +x /etc/rc.local
sudo /etc/rc.local

Traffic might be able to reach the Internet from the guests in vmbr1 now.

Optionally, a DNS server can be installed on the Host [Link] or deploy a Pi-Hole in a CT [Link].


Kali Remote Terminal

apt update && apt dist-upgrade -y
apt install ssh wget nano man inetutils-tools iputils-* kali-defaults zsh zsh-syntax-highlighting zsh-autosuggestions kali-linux-arm -y
systemctl start ssh && systemctl start ssh
adduser kali
usermod -aG sudo kali

Kali Remote Desktop

Install all the same packets from the Kali Remote Terminal before proceeding.

apt install kali-desktop-xfce xorg xrdp -y
apt purge network-manager -y
systemctl enable xrdp

The routing rules from the Host could be changed as follows to forward the RDP port to the Remote Desktop.

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A FORWARD -i $WAN -o $LAN -p tcp --dport 3389 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -i $WAN -p tcp --dport 3389 -j DNAT --to-destination
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
exit 0

Tor Proxy Gateway

A Tor Proxy Gateway is a server that offers SOCKS5 Proxy through Tor Network for maximum privacy.

It can be located between vmbr0 or vmbr1, that have Internet access, and an isolated network, suck as vmbr2.

apt update && apt upgrade -y && apt install tor nano curl -y
nano /etc/tor/torrc
systemctl restart tor && systemctl enable tor
curl --socks5-hostname

Compare the output IP with your real public IP. The applications on guest systems in the isolated network vmbr2 shall use SOCKS5 Proxy from the Tor Gateway server.

CloudFlare Bridge

Navigate to CloudFlare > Zero Trust > Access > Tunnels

apt update && sudo apt upgrade -y && sudo apt install curl -y
curl -L --output cloudflared.deb
dpkg -i cloudflared.deb
cloudflared service install **********

Replace ********** with the connector string.

Installing a GUI on Ubuntu 22.04

Prepare the system.

apt update && apt upgrade -y

Choose one of the option below:

For Xfce (lighwight)

apt install xfce4 xrdp -y

For Gnome

apt install ubuntu-desktop-minimal xrdp -y

For KDE (heaviest)

apt install kde-plasma-desktop xrdp -y

Complete by enabling RDP by on startup.

systemctl enable xrdp && reboot