"
I just wanted to say thanks for this very helpful post. I was able to use this to get bhyve working, and it's been very stable for several months.
I'm just a hobbyist, and I have OPNsense running as my primary gateway at two different sites, connected via WireGuard. I have bridged connections from Starlink on one side and fiber on the other side. FreeBSD with bhyve has allowed me to move a few, key, networking-related jobs from the Proxmox servers on either side to the routers themselves. I have found that having some critical networking functions running on the router means that even when I have (or cause!) problems at either site I can still get into the network to troubleshoot and fix the problems.
For anyone else who finds this post, I don't think I'm smart enough to tell you whether or not you should run VMs on your OPNsense server, but I can confirm it has been working very well for me. I run just a few, fairly stable, networking related services that I want to make sure always stop and start with OPNsense. I have pihole running in an Devuan VM on both sides, a smallca certificate authority running in an Alpine Linux VM on one side, and an Omada software controller running in a Ubuntu VM on both sides. They have all been very stable, and overhead appears to be negligible. Best part is that ZFS means I can painlessly snapshot the VMs before any configuration changes or upgrades so that I can instantly revert to a working configuration if I need to.
I'm just a hobbyist, and I have OPNsense running as my primary gateway at two different sites, connected via WireGuard. I have bridged connections from Starlink on one side and fiber on the other side. FreeBSD with bhyve has allowed me to move a few, key, networking-related jobs from the Proxmox servers on either side to the routers themselves. I have found that having some critical networking functions running on the router means that even when I have (or cause!) problems at either site I can still get into the network to troubleshoot and fix the problems.
For anyone else who finds this post, I don't think I'm smart enough to tell you whether or not you should run VMs on your OPNsense server, but I can confirm it has been working very well for me. I run just a few, fairly stable, networking related services that I want to make sure always stop and start with OPNsense. I have pihole running in an Devuan VM on both sides, a smallca certificate authority running in an Alpine Linux VM on one side, and an Omada software controller running in a Ubuntu VM on both sides. They have all been very stable, and overhead appears to be negligible. Best part is that ZFS means I can painlessly snapshot the VMs before any configuration changes or upgrades so that I can instantly revert to a working configuration if I need to.
