I'm currently running OPNsense virtualised in Proxmox. It's a little confusing if you haven't run a custom firewall before but the setup was relatively simple and works flawlessly now that I understand it a bit better. The only downside being if you are running it on the same machine as your services need to restart your network will go down as well.
homelab
Same here, opnsense on proxmox. I'm very happy with it. Snapshots mean I don't have to worry about a "bad" update and I appreciate the easy console access through prox gui without needing an ipkvm or similar in scenarios where I've screwed something up and can't hit the gui or ssh. Plus, if you backup your *sense config after any changes you make, in the event you need to setup a new physical box it's a quick iso install and restore config. For me the pros outweigh the cons, even if a bit of performance is lost.
I'm seriously debating switching to opnsense. I'm in the process of upgrading my homelab to 10g, and wonder how pfsense will play with my 10g nics. I think I read before that pfsense plays with it fine.... But if not, I'll jump to opnsense.
I also wonder how long pfsense will keep things going for CE... Seems like the writing is on the wall that it isn't going to last, but we'll see.
pfsense and OPNsense are incredibly similar as it's a fork of pfsense but I can't recommend it highly enough. It's been amazing. Very stable, powerful, and easy work to work with.
I had a bad experience with a pfSense VM once when I was still learning.
TL;DR: I was trying to use 100% SDN in my lab and painted myself into a corner.
I was using that pfSense VM as my core router for my lab and got into a bit of a bootstrap problem after a long power outage because everything in my lab relied on DV switches through vSphere (which I couldn't manage and couldn't 'see' the hosts). After a tedious recovery, I pulled pfSense back to a physical box.
Lessons learned: always keep your core network router separate from anything that depends on it. lol. I do still use virtual pfSense for dev environments, though.
I currently use VyOS with it hosted on proxmox. I pass-through a 4-port network card and I get my full internet speed. It should be similar, but I will say it is nice being able to host other things on the proxmox host such as pihole. I keep only the router functions and core functions there, with another machine for other services
How do you like vyos? I had looked into it, and it seemed a little cumbersome last time I looked at it. I believe it's entirely cli? I suppose that's not a bad thing, but sometimes a gui is nice.
I find it to be quite stable, I haven't had any real issues, haven't rebooted except for version updates which isn't too frequent (stable). No GUI built-in, there are a few projects out there and they are working on one officially, but the cli is solid. If you have ever configured juniper routers/switches it is quite similar
Interesting, I never heard of that name, will look more into it
I run opnsense, which has a long a storied history with pfsense and in my opinion is better, on a VM in proxmox.
I have a cluster of three servers and I can live migrate the VMs around to do maintenance. It gets backed up to proxmox backup server so restoring from a bad upgrade, which I’ve never had happen, or severe experimentation, which happens frequently, is simple.
It’s also one less device to power on, and pay for. My cluster is running regardless and every watt less helps keep my wife happy.
I’ve never had any issues that I could attribute to it being run in a VM. It does my 1gbe fiber and a dozen vlans with no issues.
Are you me? Haha! Our setups are very similar, except I've stuck with pfsense (though I'm debating switching to opnsense as I upgrade to 10g). But the saving every watt to keep the wifey happy can't bemofe on point for me. Haha.
Nice! All my servers are 10gbe and at one point were 40gbe. I've had no issues but i also use bridge interfaces and not hardware pass-through for opnsense. I have ran opnsense with hardware pass-through or native in the past and had no issues. Both pfSense and opnsense are bsd based and anything working in one should work in the other.
My next step is to replace my brocade 6610 with a Mikrotik to further reduce power. I listed my full specs here: https://lemmy.cablepick.net/comment/62260
Yeah, I assume most things will work, but I know Linus just recently did a video showing that they were having issues with their 10gbe nics, which was driver support within pfsense. Switched to opnsense and problem was solved. I don't think I'll have any issues, cause I'm using older cards anyway (connectx-2's and connectx-3's).
I currently have a mix of mikrotik and ubiquiti. I've been dumping my ubiquiti gear in favor of mikrotik, just because I want any of my switches to have at least a couple 10gbe ports, and mikrotik is cheaper that ubiquiti for the switches I need.
I haven't had the mikrotik switches long, and I'm really only using one while I'm waiting for the rest of my 10gbe nics to arrive. But the one I'm using is quiet, and just worked (as a switch should). No surprises.
How do you have more than one device wired to your WAN? Most ONT only provide a single physical out line...
What hardware did you buy? I'm looking at building a new box for proxmox. Currently I'm using an old laptop with an extra ethernet port dongle to run proxmox and virtualize opnsense, unifi controller and a couple other lvms. From others posts i read, i the choice between bare metal or virtualized seems personal. I went with proxmox just to learn a thing or two about vm environments and its applications.
I run pfSense virtualized along with a wireguard vm and a couple of other vms for core services. A benefit of virtualization is that you can live migrate your router to another physical host if you ever need to do any hardware maintenance. It's nice being able to service the hardware without waiting until every user is asleep so you can safely bring your router down.
I've run pfsense both ways. I'm currently running (and have been for a number of years now) running pfsense as a vm within Proxmox. I personally love it, but my setup is a little different then most. I have a dedicated server running promox strictly for pfsense (then have three Proxmox nodes for my cluster). I have a quad nic that I pass through to the vm and this has been Rock solid for years. I've not had a single issue.
In my stack I'm also using PBS, and I love the backup process (and or restoring a backup). Have a dedicated Proxmox machine for pfsense means I can shut down servers in my homelab without taking the internet down.
Running pfsense bare metal never gave me any issues, and going with a vm was more about the exercise of just doing it, and playing with pci pass through. Once it was setup and I setup the backups, it was a no-brainer for me to keep it running that way.
I’ve been using proxmox on a mini pc and it’s been solid for me. Running home assistant and accompanying software.
I bought the Intel Celeron n5105 from some vendor called wooyi store on AliExpress, from what a saw on yt that CPU is a little overkill for a router and it uses too much idle power, but I think it was a good purchase for me bc I don't plan to switch this router soom. Edit: I'm also thinking between using the onboard wifi card or just buying an wifi AP to use at home, do you have some recommendations?
Yeah the n5105 looks like a nice little processor. I also liked that those boards come with the i226-V 2.5GbE controller.
For myself, I really wanted wifi 6e and something able to mesh (for the happy wife factor) so I recently purchased the TP Link Deco. It should arrive in a week or so.
Personally, I would have preferred to setup OpenWRT for a nice mesh but for some reason there are no Wifi 6 ones yet let alone 6e.
Wifi Mesh is where you basically have multiple access points having the same ssid, right?
Yes. And the devices also should be able to pass you between nodes for optimal reception.
This can be done by openwrt too, with the right hardware.
Hmm, you can use openwrt as an "dumb" mesh access point? I tried to set it up as a router once, but wasn't happy with how things work there. Might give it a chance again. Any hardware recommendations?
I'm not sure what you mean. It's true often setting up openwrt on some hardware can be difficult. Some though are not as hard, I had ok luck with some Asus routers; there is a list of hardware and features on openwrt website.
Unfortunately, as I said, there are no wifi 6 routers supported by openwrt. So I'm not using it anymore.
Mmm that device is a little too expensive where I live, I think I will buy an older version of that if I decide to go that route, thank you for replying!
Have had the TP Link Deco units installed for a few days now.
They are pretty good. I'm basically able to suck up the entire bandwidth of my 500/500 fiber line directly over the wifi.
On top of that, the mesh support has been good, connecting me to the best node and passing mobile devices between nodes well.
They also have two modes BTW - normal gateway mode and just AP mode - for those who want to park them behind a pfsense router.
The janky things about them are their setup encourages you to setup via their app with an account, which many here will find at best distasteful.