proxmox
Virtualizing OPNsense on Proxmox as Your Primary Router
Virtualizing OPNsense on Proxmox as Your Primary Router
#Virtualizing #OPNsense #Proxmox #Primary #Router
“Home Network Guy”
Are you curious how to set up OPNsense on Proxmox as your primary router? In this video, I show one way you could go about doing it using the Protectli VP6650, but you may adapt this guide to the hardware you wish to use.
This guide assumes you have an existing network and that you are planning…
source
To see the full content, share this page by clicking one of the buttons below |
How can I hide Proxmox behind an OPNsense firewall if I only have 2 Ethernet interfaces (WAN and LAN)?
Thank you!
Why does almost everyone choose βLinuxβ as OS type when creating an OPNsense vm, when in fact OPNsense is FreeBSD π€
Even if you only start with one proxmox host it is advisable to create a cluster before creating the 1st VM. Not used v8 but this was the case with v6 and v7, A host with a VM cannot join a cluster.
From experience, even running on a multi node cluster with full DRS running, virtualising your firewall is not a good idea in an home lab. It sounds like a good idea, its a good project to get your head around, but just donβt do it. Save yourself a world of pain. Thats said, this is probably the best Proxmox setup video for new users I have seen.
Excellent video ππ» I needed this 6 months ago (figured it out the hard way!) π Have a smoothly running virtual opnsense on an R86s for some time now ππ» quick question, I have a cluster of nodes and want a fallback scenario in case main node with opnsense dies – how would you propose moving the virtual instance to a different node and still keep network settings?!? π€ Might make for a great follow up video ?!? ππ» keep up the great work . . .
Thank you!
Thanks for this. I'm definitely wanting to setup Opnsense and Proxmox, I just don't know what on. I like the chassis design and ports on these Protectli units, but god they're expensive. The Minisforum MS-01 gives you a mobile i9, the same two SFP+ ports (it's even the same model of Intel NIC), two 2.5G RJ45 ports (also same model of Intel NIC), two USB 4.0 ports that can do 40 Gbps, three NVMe slots (albeit only one of them is PCIe 4.0 x4) instead of an NVMe and 2 SATA slots, for like $220 less than this. If you get the i5 version (which still has a better CPU than this one) it's $460 less. It's pretty ridiculous how expensive this thing is to only have an i5 in it. I'm not sure the extra 2 RJ45 ports, better chassis, better firmware support is worth paying so much more to lose out on hardware. It's quite a dilemma.
I only have 1 Gbps for now, so realistically I'd be fine with one of the cheap Protectli boxes if I was going with barebones Opnsense on it (aside from running ZenArmor and such), but I want to upgrade to 10G LAN at some point so I'd like to have the support for it to make routing between VLANs faster among other things.
You should enable "Discard" (for trim) for thin-provisioning to work properly. If you disable "Pre-Enroll keys" then Secure Boot won't be enabled so there's no need to disable it later.
OPNsense (and pfSense) recommend to disable all off-loading settings. At least for virtual NICs.
Thanks for the content. Playing with some similar setup on mini pc's right now.
I have 8g symmetrical at home, as a non network guy, if I want to use IDS/IPS and pihole / unbound dns + wireguard. is that something Protectli VP6650 can handle. I don't know how much power you really need. I most likely won't vlan too much more of a simple router -> switch to nas and computers and then router-> 2.5 directly link to nas port for DMZ sharing
good video. One thing you touched on but did not get into is if your PVE (with OPNSense) goes down, you lose your router. It would be good to understand how you would migrate this over to a second PVE without losing routing. I suspect you would need a machine with the same number of LAN ports which have the same virtual bridge names in order for it to migrate properly. (I want to use OPNSense but I want to be able to migrate it between PVEs in a cluster).
Things get serious when you pull out the old Linksys WRT54GS. Brings back memories of flashing with dd-wrt
Fire π₯!
Could you make deep dive OPNsense firewall video next I'm having trouble understanding the firewall. I have OPNsense running on top of Proxmox with two NICs passed trough (WAN/LAN) and VLAN interfaces (10,20,30,40,50). I'm trying to allow Proxmox hosts in ManagementVLAN10 (10.10.10.0/24) to temporarily (or permanently) access my Unraid NAS VM web GUI in ServerVLAN30 (10.10.30.0/24) but I'm having no luck with it. In the future I also need to allow Proxmox hosts in VLAN10 network to reach Unraid (in VLAN30) for NFS purposes. I'm using Mikrotik SWos switch.
The firewall just doesn't click with me. I've watched some of your OPNsense and firewall videos but I'm still struggling. It's feels like OPNsense doesn't know the routes between VLANs since the firewall rules I create seem to do nothing.
Yoooo let me just swoop one of those $1300 mini computers π
May as well go buy an sonicwall TZ570w with a year of professional support for the same price.
Using OPNsense for years, I never knew you could delete the interface which holds the vlans. Nice video. ππΌ
Perfect timing on this. This is exactly how I plan to setup the mini PC that is out for delivery right now. π
Brilliant work. I'm building my own home network and your guides are excellent.
thanks for all the opnsense and proxmox content. As a opnsense / Truenas scale home user and a vmware enterprise user @ work i enjoy all this content. Proxmox and ncp-ng are in our work test labs for possible move to from vmware. Thank you again!
Fantastic that you release this video literally the day i get everything together to do exactly this myself, you also helped me with the PCI pass through that nobody else talks about. Thankyou!
Just when I needed the video, no excellent info available on Youtube IMHO, this is great
I use this on my server in the datacenter. Works perfect!
Excited to watch in full, now, for learning and entertainment…. Already saved to watch again as a guide