I finally decided to buy a mini PC to make it as a pfsense router and I was wondering witch option is more suitable for my needs

First I was thinking of doing with proxmox so I could install pi-hole and wireguard in it but looking more into pfsense I see that there is PfblockerNG and also a Wireguard package that could be installed inside.

What does everybody in here use? I’m curious to know if thinkering in proxmox to run pfsense is more efficient than just installing bare-metal.

Thank you

Conclusion: will go with sole pfsense since I never used it in the first place, once accustomed will switch to proxmox, thank you everyone I hope there will be more posts like this in this platform

  • icewave
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I currently use VyOS with it hosted on proxmox. I pass-through a 4-port network card and I get my full internet speed. It should be similar, but I will say it is nice being able to host other things on the proxmox host such as pihole. I keep only the router functions and core functions there, with another machine for other services

    • -RYknow@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      How do you like vyos? I had looked into it, and it seemed a little cumbersome last time I looked at it. I believe it’s entirely cli? I suppose that’s not a bad thing, but sometimes a gui is nice.

      • icewave
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I find it to be quite stable, I haven’t had any real issues, haven’t rebooted except for version updates which isn’t too frequent (stable). No GUI built-in, there are a few projects out there and they are working on one officially, but the cli is solid. If you have ever configured juniper routers/switches it is quite similar

  • ProctorZeuss@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    I’m currently running OPNsense virtualised in Proxmox. It’s a little confusing if you haven’t run a custom firewall before but the setup was relatively simple and works flawlessly now that I understand it a bit better. The only downside being if you are running it on the same machine as your services and need to restart, your network will go down as well. Ideally I will get another machine just for network services as it sounds like you are doing.

    • beep@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Same here, opnsense on proxmox. I’m very happy with it. Snapshots mean I don’t have to worry about a “bad” update and I appreciate the easy console access through prox gui without needing an ipkvm or similar in scenarios where I’ve screwed something up and can’t hit the gui or ssh. Plus, if you backup your *sense config after any changes you make, in the event you need to setup a new physical box it’s a quick iso install and restore config. For me the pros outweigh the cons, even if a bit of performance is lost.

  • cablepick@lemmy.cablepick.net
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I run opnsense, which has a long a storied history with pfsense and in my opinion is better, on a VM in proxmox.

    I have a cluster of three servers and I can live migrate the VMs around to do maintenance. It gets backed up to proxmox backup server so restoring from a bad upgrade, which I’ve never had happen, or severe experimentation, which happens frequently, is simple.

    It’s also one less device to power on, and pay for. My cluster is running regardless and every watt less helps keep my wife happy.

    I’ve never had any issues that I could attribute to it being run in a VM. It does my 1gbe fiber and a dozen vlans with no issues.

  • icy_mal@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I run pfSense virtualized along with a wireguard vm and a couple of other vms for core services. A benefit of virtualization is that you can live migrate your router to another physical host if you ever need to do any hardware maintenance. It’s nice being able to service the hardware without waiting until every user is asleep so you can safely bring your router down.