OPNsense Forum

English Forums => General Discussion => Topic started by: framura on February 02, 2016, 10:41:33 am

Title: OPNSense and others programs (in jail)
Post by: framura on February 02, 2016, 10:41:33 am
Hi,

I am building my new OPNSense machine (based on Supermicro A1srm-2758, with 16GB RAM, SSD and maybe some HDDs): because I have plenty of CPU power and RAM I would like also to install some programs I use regularly as Plex for example.

I know about a firewall it's not a good place where to use others programs (for security, stability and so on) but I would like to have a single machine (in my home) for all my needs.

With PFsense I found Finch (http://dreamcat4.github.io/finch/) to get (in jail) others programs: what do you think?

It's possible with Finch or with some other way?

Thanks in advance

Alessandro
Title: Re: OPNSense and others programs (in jail)
Post by: phoenix on February 02, 2016, 02:15:42 pm
Why not install some form of virtualisation on the hardware and run your firewall in a VM and whatever else you want in additional VMs? OPNsense runs fine for me on ESXi 6.
Title: Re: OPNSense and others programs (in jail)
Post by: weust on February 02, 2016, 04:43:56 pm
I'm with Phoenix, except I run it on Free Hyper-V 2012 R2.
Title: Re: OPNSense and others programs (in jail)
Post by: framura on February 05, 2016, 11:28:48 pm
These are interesting idea but I have some doubts about VMs.

For example AES-NI instructions are available inside VM?

I will use VPN and I would like to use these instructions.
Title: Re: OPNSense and others programs (in jail)
Post by: phoenix on February 06, 2016, 07:57:05 am
Quote from: framura on February 05, 2016, 11:28:48 pm
These are interesting idea but I have some doubts about VMs.

For example AES-NI instructions are available inside VM?
You can find information on the internet by doing a quick search but it's been available in guest VMs since vSphere ESX 4.x

Quote from: framura on February 05, 2016, 11:28:48 pm
I will use VPN and I would like to use these instructions.
I run SoftEther VPN in a a VM without problems.
Title: Re: OPNSense and others programs (in jail)
Post by: weust on February 06, 2016, 10:32:23 am
Hyper-V has support for AES-NI as well. And no doubt the AMD variant too.
This works without the need for vt-d (My Intel Atom C2758F doesn not have that).

Just keep in mind that with OpenVPN you need to use OpenSSL as those wankers hard coded that in their code.
Title: Re: OPNSense and others programs (in jail)
Post by: framura on February 11, 2016, 09:14:52 am
OK,

I've convinced about to use virtualization solution but I have a doubt about hardware, in particular about CPU.

In my mind I would like to have a VM with OPNSense (as firewall, VPN gateway and proxy, 300Mbps as WAN speed, 10-20 users) and a second VM with Linux (Ubuntu for example) Plex, file sharing (samba, afp, nfs) and others services.

For these needs, it's better C2750 or C2758?

Main differences between these two are Turbo-boost (only C2750) and Quick-Assist (only C2758), both have AES-NI.

What do you think?

Thanks in advance

Alessandro
Title: Re: OPNSense and others programs (in jail)
Post by: weust on February 11, 2016, 09:19:58 am
I believe the C2758F is better suited for networking things. IIRC that is.
Although I am unsure how that relates to having a VM running on that hardware...

I run a C2758F CPU myself with Free Hyper-V 2012 R2 and it runs great.
Though I don't use Plex in a VM.