I finally decided to buy a mini PC to make it as a pfsense router and I was wondering witch option is more suitable for my needs

First I was thinking of doing with proxmox so I could install pi-hole and wireguard in it but looking more into pfsense I see that there is PfblockerNG and also a Wireguard package that could be installed inside.

What does everybody in here use? I’m curious to know if thinkering in proxmox to run pfsense is more efficient than just installing bare-metal.

Thank you

Conclusion: will go with sole pfsense since I never used it in the first place, once accustomed will switch to proxmox, thank you everyone I hope there will be more posts like this in this platform

  • cablepick@lemmy.cablepick.net
    link
    fedilink
    arrow-up
    5
    ·
    2 years ago

    I run opnsense, which has a long a storied history with pfsense and in my opinion is better, on a VM in proxmox.

    I have a cluster of three servers and I can live migrate the VMs around to do maintenance. It gets backed up to proxmox backup server so restoring from a bad upgrade, which I’ve never had happen, or severe experimentation, which happens frequently, is simple.

    It’s also one less device to power on, and pay for. My cluster is running regardless and every watt less helps keep my wife happy.

    I’ve never had any issues that I could attribute to it being run in a VM. It does my 1gbe fiber and a dozen vlans with no issues.

    • -RYknow@sh.itjust.works
      link
      fedilink
      arrow-up
      3
      ·
      2 years ago

      Are you me? Haha! Our setups are very similar, except I’ve stuck with pfsense (though I’m debating switching to opnsense as I upgrade to 10g). But the saving every watt to keep the wifey happy can’t bemofe on point for me. Haha.

      • cablepick@lemmy.cablepick.net
        link
        fedilink
        arrow-up
        2
        ·
        2 years ago

        Nice! All my servers are 10gbe and at one point were 40gbe. I’ve had no issues but i also use bridge interfaces and not hardware pass-through for opnsense. I have ran opnsense with hardware pass-through or native in the past and had no issues. Both pfSense and opnsense are bsd based and anything working in one should work in the other.

        My next step is to replace my brocade 6610 with a Mikrotik to further reduce power. I listed my full specs here: https://lemmy.cablepick.net/comment/62260

        • -RYknow@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          2 years ago

          Yeah, I assume most things will work, but I know Linus just recently did a video showing that they were having issues with their 10gbe nics, which was driver support within pfsense. Switched to opnsense and problem was solved. I don’t think I’ll have any issues, cause I’m using older cards anyway (connectx-2’s and connectx-3’s).

          I currently have a mix of mikrotik and ubiquiti. I’ve been dumping my ubiquiti gear in favor of mikrotik, just because I want any of my switches to have at least a couple 10gbe ports, and mikrotik is cheaper that ubiquiti for the switches I need.

          I haven’t had the mikrotik switches long, and I’m really only using one while I’m waiting for the rest of my 10gbe nics to arrive. But the one I’m using is quiet, and just worked (as a switch should). No surprises.

    • Petri
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      How do you have more than one device wired to your WAN? Most ONT only provide a single physical out line…