Hello All,
I run a FreeNAS box with 16C 2.1GHz processor, 64GB ECC RAM & 4 intel GBe NICs (the processors idle at -10% and max at -47%).
I now need a UTM/Firewall device to replace my ASUS router and have settled on utilizing OpenSense.
Please advice on whether OpenSense can SECURELY run as a virtual machine in FreeNAS using 1 dedicated GBE NIC for WAN. FreeNAS & Opensense would then concurrently share the remaining 3 GBe NICs for LAN.
Would you trust such a setup if properly setup?
Please dumb down your response as am not a network engineer. I am just dangerous enough to setup and run my really small home, SOHO & business IT needs which I eventually get right☺
I thank you in advance for your time and patience.
I have a comparable setup using a Linux KVM host with shared LAN/WAN interfaces in bridge mode.
With the disclaimer of not knowing FreeNAS I do not see any problem with such a setup in general as it is similar to what I am running without any problems and good performance.
If you run your main firewall/router in a VM just make sure you have fallback access to the VM host and internet for cases where the OPNsense VM would not boot/run as expected.
Thank you.
I would not do if I understand your use case correctly.
I switched my home set-up from virtualized OPNsense firewall (ESXi host, passthrough NIC) to small bare metal box. I do not have concerns regarding security or technical aspects of the set-up. It depends on how often you modify your system (SW or HW) or how often you require reboots. In my case no OPNsense running means no device has internet access, no streaming TV, no streaming music, no IP phone. With separate box now I can "play" on my servers without disturbing the services mentioned above.
Quote from: Tubs on May 06, 2020, 03:18:55 PM
It depends on how often you modify your system (SW or HW) or how often you require reboots. In my case no OPNsense running means no device has internet access, no streaming TV, no streaming music, no IP phone. With separate box now I can "play" on my servers without disturbing the services mentioned above.
That is certainly something to be considered in such a setup and I have a few fallbacks available for such cases that could be enabled within minutes.
For me though the reduction of physical power consuming devices was more important.
Others may have other priorities and it may not be the right approach for them.
Power consumption also for me is something I take care of. But is it really so much for a small box running OPNsense? I guess the hardware costs will be the cost driver and are higher than the lifetime costs for energy consumption.
Next point is that it will not run for free on the big machine. The power also comes from somewhere. But I never could find reliable data showing the comparison of power consumption of single box and in VM.
The cost of the hardware was not something I really prioritized.
I noticed though total power consumption almost halved by getting rid of all the numerous idling raspis, apus, NAS, barebones, etc. and I run more VMs now. Cable decluttering was also a nice side effect.
Now I do have the freedom to run any vm almost instantly without needing new hardware and can always adjust CPU cores, RAM, ssd space as I need.
I like it. I did the same about 7 or 8 years ago. Still running.
But soon I did a small step backwards again and I "outsourced" my router/firewall due to the reason mentioned above. (And to free up a little bit RAM as the 32 GB limit of my machine is also the limit of my freedom to run VMs on it.)