OPNsense on VMware

Started by spetrillo, November 15, 2025, 06:52:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 15, 2025, 06:52:45 PM
Hello all,

My client runs an OPNsense firewall on VMware. It runs really well and takes no real resources. I am building a replacement 25.7 firewall. As I got to the storage config I stopped thinking...should I allocate two disks and run these in a ZFS raid 1 pair. Well can someone comment if this makes any sense under VMware?

Thanks,
Steve
November 15, 2025, 06:59:37 PM #1
Since ZFS is a COW filesystem, it will usually be consistent, unlike UFS. But redundancy would probably better be left to the "real" storage layer.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
November 16, 2025, 06:24:17 PM #2
Unfortunately I have no access to the storage layer. This is a VMware cloud provider by a MSP.
November 20, 2025, 10:42:48 PM #3 Last Edit: November 20, 2025, 10:52:31 PM by Jose
Quote from: spetrillo on November 15, 2025, 06:52:45 PMHello all,

My client runs an OPNsense firewall on VMware. It runs really well and takes no real resources. I am building a replacement 25.7 firewall. As I got to the storage config I stopped thinking...should I allocate two disks and run these in a ZFS raid 1 pair. Well can someone comment if this makes any sense under VMware?

Thanks,
Steve

Hi spetrillo, I could not speak for VMWare Hypervisor or cloud based but I'm using OPNsense under FreeBSD Bhyve with underlying ZFS, I've just installed OPNsense on a single RAW image(can also be a ZVOL) formatted as single/stripe ZFS disk from the OPN installer.

Whit ZFS even on a single disk the system will take advantages of the ZFS compression/snapshots/Boot Environments etc, despite it being on a single disk the ZFS filesystem is resilient/superior to any other filesystem and bulletproof wen installed on two or more drives, but as mentioned completely unnecessary to be installed on two vdisks on the top level unless for testing/development purposes.

And speaking on "Boot Environments" this is a must have feature especially if you upgrade often, with a ZFS installation the OPNsense UI will enable a feature called "System:Snapshots" and this will benefit the average users with little to no command-line experience to easily revert back to a previous working OPNsense state, or to create a new Boot Environment and reboot into it to experiment with system wide changes, here is a screenshot of such feature:
You cannot view this attachment.
Also with ZFS there are additional advantages such as scheduled system snapshots, export/import but not the case here, between I've been using OPNsense with ZFS way before it was experimentally introduced and later officially added to the installer and I can tell you it is rock solid/stable on any modern hardware and/or VM with decent resources.

Also I've been doing something similar on another system with Qemu/KVM for quite some time but with BTRFS on the host data store for development/testing with no issues at all.

Regards
OPNSense on Bhyve VM set with 2vCPU, 4GB-RAM, 120GB-ZFS, Transparent Filtering Bridge(TFB).
Intel i5-2390T with 32GB-RAM and Intel I350-T4(2-Ports Passthrough for OPNsense + VirtIO).
System running Jails, MEDIA/SMB/NFS/SSH servers etc.., ZFS-Mirrors for boot and storage.
Print
Go Up Pages1
User actions