OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: defaultuserfoo on November 30, 2022, 11:56:29 am

Title: additional uses?
Post by: defaultuserfoo on November 30, 2022, 11:56:29 am

Hi,

would it be feasible and reasonable to give the router additional use as a file server?

It's a waste of hardware and power to run OPNsense to run directly on the hardware when the only thing it does is routing, firewalling and handling VPN connections.

Title: Re: additional uses?
Post by: Patrick M. Hausen on November 30, 2022, 12:09:24 pm

An APU device uses less than 10W. A Deciso appliance about 20 ... pick the right hardware for the job.

I would never run any additional services on a security device.

Title: Re: additional uses?
Post by: defaultuserfoo on November 30, 2022, 01:56:43 pm

It's questionable if an APU is powerful enough, and something from Decisio costs about EUR 1000.  An APU isn't cheap, either.  I already have energy efficient hardware, and it can do more than running OPNsense.

Is OPNsense not sufficiently secure to perform additional functions, or what's the problem?  Monitoring an UPS and Suricata for example are also additional services ...

Title: Re: additional uses?
Post by: Patrick M. Hausen on November 30, 2022, 02:05:04 pm

Installing additional services is unsupported, might break OPNsense, a future OPNsense update might break your services.

OPNsense is an appliance OS, not general purpose.

Of course it is technically possible, but you are on your own.

E.g. if you "pkg install samba" from an official FreeBSD repo, that might pull in dependent libraries that are incompatible with the versions present in OPNsense. OPNsense uses its own repository with a limited and frequently changed set of packages.

Title: Re: additional uses?
Post by: meyergru on November 30, 2022, 03:23:36 pm

If you really want to run OpnSense on the same hardware as additional services at all (despite the security risk involved), it should be done the other way around:

Run OpnSense alongside other VMs on a hypervisor, such as KVM, Xen, VMware or Proxmox.

You should not put the services on your OpnSense box for the reasons @pmhausen gave.

Title: Re: additional uses?
Post by: defaultuserfoo on November 30, 2022, 05:30:20 pm

Quote from: pmhausen on November 30, 2022, 02:05:04 pm

Installing additional services is unsupported, might break OPNsense, a future OPNsense update might break your services.

OPNsense is an appliance OS, not general purpose.

Of course it is technically possible, but you are on your own.

E.g. if you "pkg install samba" from an official FreeBSD repo, that might pull in dependent libraries that are incompatible with the versions present in OPNsense. OPNsense uses its own repository with a limited and frequently changed set of packages.

Thank you, that's exactly what I wanted to know.

Title: Re: additional uses?
Post by: defaultuserfoo on November 30, 2022, 05:31:48 pm

Quote from: meyergru on November 30, 2022, 03:23:36 pm

If you really want to run OpnSense on the same hardware as additional services at all (despite the security risk involved), it should be done the other way around:

Run OpnSense alongside other VMs on a hypervisor, such as KVM, Xen, VMware or Proxmox.

You should not put the services on your OpnSense box for the reasons @pmhausen gave.

Thanks, that's what I've been doing so far.  I was hoping I could do better.