additional uses?

Started by defaultuserfoo, November 30, 2022, 11:56:29 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 30, 2022, 11:56:29 AM
Hi,

would it be feasible and reasonable to give the router additional use as a file server?

It's a waste of hardware and power to run OPNsense to run directly on the hardware when the only thing it does is routing, firewalling and handling VPN connections.
November 30, 2022, 12:09:24 PM #1
An APU device uses less than 10W. A Deciso appliance about 20 ... pick the right hardware for the job.

I would never run any additional services on a security device.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 30, 2022, 01:56:43 PM #2
It's questionable if an APU is powerful enough, and something from Decisio costs about EUR 1000.  An APU isn't cheap, either.  I already have energy efficient hardware, and it can do more than running OPNsense.

Is OPNsense not sufficiently secure to perform additional functions, or what's the problem?  Monitoring an UPS and Suricata for example are also additional services ...
November 30, 2022, 02:05:04 PM #3
Installing additional services is unsupported, might break OPNsense, a future OPNsense update might break your services.

OPNsense is an appliance OS, not general purpose.

Of course it is technically possible, but you are on your own.

E.g. if you "pkg install samba" from an official FreeBSD repo, that might pull in dependent libraries that are incompatible with the versions present in OPNsense. OPNsense uses its own repository with a limited and frequently changed set of packages.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 30, 2022, 03:23:36 PM #4
If you really want to run OpnSense on the same hardware as additional services at all (despite the security risk involved), it should be done the other way around:

Run OpnSense alongside other VMs on a hypervisor, such as KVM, Xen, VMware or Proxmox.

You should not put the services on your OpnSense box for the reasons @pmhausen gave.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
November 30, 2022, 05:30:20 PM #5
Quote from: pmhausen on November 30, 2022, 02:05:04 PM
Installing additional services is unsupported, might break OPNsense, a future OPNsense update might break your services.

OPNsense is an appliance OS, not general purpose.

Of course it is technically possible, but you are on your own.

E.g. if you "pkg install samba" from an official FreeBSD repo, that might pull in dependent libraries that are incompatible with the versions present in OPNsense. OPNsense uses its own repository with a limited and frequently changed set of packages.

Thank you, that's exactly what I wanted to know.
November 30, 2022, 05:31:48 PM #6
Quote from: meyergru on November 30, 2022, 03:23:36 PM
If you really want to run OpnSense on the same hardware as additional services at all (despite the security risk involved), it should be done the other way around:

Run OpnSense alongside other VMs on a hypervisor, such as KVM, Xen, VMware or Proxmox.

You should not put the services on your OpnSense box for the reasons @pmhausen gave.

Thanks, that's what I've been doing so far.  I was hoping I could do better.
Print
Go Up Pages1
User actions