[24.7] OPNsense on Proxmox is unstable and poorly developed

[rospionne]

- I give similar settings to the PFSENSE test firewalls (which are turned off). I check that all the settings are OK. I have my PC on the workshop network and a witness VM on the DMZ network (between OPNsense and Router WAN).
- On my PC, I have access to the internet and the configuration interface.
- I save the OPNsense VM
- I configure my web server on a VM named Odoo, it will be on the Workshop network. I add the NAT forward (INT_WANFREEPRO, INT_WANFREEPRO address, 443, 192.168.0.100, 443,).
- I test from my workstation, a web request using the OPNsense IP address on the WAN side, I get the port redirection.
- On the witness VM, I have no response.
- I test different OPNsense settings to find the origin of this blockage.
- I modify the forward NAT (INT_WANFREEPRO, this firewall, 443, 192.168.0.100, 443,).
- Result: I lose access to the OPNsens administration interface on the INT_WORKSHOP side and instead I have my website.
- restore the VM
- I modify the NAT (INT_WANFREEPRO, 192.168.10.1, 443, 192.168.0.100, 443,).
- On the witness VM, I have no response.
- I test the firewall optimization and set it to "Conservation".
- On the witness VM, I get the website
- On my workstation I lose access to the internet and to the OPNsense administrative interface
- restore the VM
- Impossible to have a packet response from the INT_WORKSHOP interface whether it is ping, port 443. No more network response.
- After writing this message, I regained access to the OPNsense administrative interface.

OPNsense is horrible to configure and does not guarantee its stability in a virtualized environment communicating with both VMs and physical computers.

If I want to no longer depend on pfsense, I need an OPNsense compatible configuration in a Proxmox VM that can communicate between VM and physical machine and have functional port redirections, while FREEPRO requires INT_WANFREEPRO to be in DHCP.

[meyergru]

Sorry, I cannot follow through what you have written for lack of information (e.g. which interfaces are connected via pass-through or to what bridges on the Proxmox host in which emulation).

There are a lot of possible misconfigurations that can be had with such complex setups. Since you seem sure that you checked that "all the settings are OK", surely you already have read this, too? With hypervisors like Proxmox, you have some specialties.

I have a few installations on Proxmox and can only say that they work just fine when you configure them right.

But I get that OpnSense is "horrible" and "poorly developed" - yet free. Which may be the main reason why you want to migrate from "the other product". I want a free lunch as well.

[tokade]

Hi,

have you read and tried to follow that HowTo?

https://forum.opnsense.org/index.php?topic=44159.0

[cookiemonster]

If you need to use ports used by the OPN UI, you need to move the UI to alternative ports. Defaults are 80 and 443 as expected.
Same for me and many others, there is no inherent problem using OPN with virtualised environments based on Proxmox, ESXi. HyperV is a different matter from what I've seen, due only to Microsoft not giving much love to freeBSD guests.