Homelab

22 readers

1 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 1 year ago

MODERATORS

communick@selfhosted.forum

rglullis@communick.news

OpnSense on Proxmox vs bare metal install? (alien.top)

submitted 1 year ago by androidusr@alien.top to c/homelab@selfhosted.forum

3 comments fedilink hide all child comments

I'm going to set out on installing OpnSense for the first time. I see some people put OpnSense on Proxmox and pass through a pcie network card. Besides the power of backing up and restoring, are there other advantages to this?

My planned OpnSense box is an old Dell Optiplex. It has the normal ethernet port on the motherboard as well as a 4-port PCIe network card that I added. So I'd probably use the PCIe network ports for OpenSense, and reserve the onboard ethernet port for troubleshooting if I royally mess up.

I'm still a proxmox newbie, but I think I can manage the PCIe passthrough. I'm just not sure what other complications that will introduce to my OpnSense and networking learning curve. So I thought I'd ask first and see if some of the disadvantages or advantages would push me one way or the other. I'm afraid of locking myself out of OpnSense because of incorrectly configured networking as I'm learning.

top 3 comments

sorted by: hot top controversial new old

[–] nolo_me@alien.top 1 points 1 year ago

I've always been a fan of running a router/firewall on bare metal. Don't like the idea that bouncing my hypervisor for maintenance or a kernel upgrade takes down my whole network.

[–] Not_your_guy_buddy42@alien.top 1 points 1 year ago

So, I run OPNsense in a VM on Proxmox. There is only one drawback I am aware of, which is when I update the Proxmox host itself, I'll need to attach a monitor/keyboard/mouse to it. Theoretically, if the upgrade was fully automatic and never needing any intervention or user input, it'd be possible without: But the reality is more that it might need user input, but the OPNsense VM will not be booted i.e. network will be down i.e. I need direct access to the Proxmox host.

[–] marc45ca@alien.top 1 points 1 year ago

virtualising means you can make more use of resources on system rather than having two systems and dedicating one to specific task.

On the other hand you can bork the hypervisor and then be without internet and possible become the families public enemy #1 :)

But it's generally pretty stable. Not use opnSense but do have a virtualised router using SophosXG. One nic from the VM is tied to vmbr0 which is the main virtual bridge that ties my virtual machines to the rest of the network. The IP is my default gateway.

the second NIC is done as PCIe pass through and this connects direct to my cable modem.

I could have bound this NIC to another vmbr and would have worked just as well. However there was some discussion in r/proxmox about performance impacts if you have a very fast internet connection (something to with srv-io iirc).