FreeNAS, bhyve, and OPNsense?

[papakpmartin]

I've a FreeNAS Mini running 11.0-U2. Modest home usage (storage + Plex, mostly).

I'm wondering if this might be a good platform for running OPNsense in a VM.

I don't currently have another option with two ethernet ports, so I thought it might be worth asking.

I did search and I see that pfSense (from which OPNsense sprang) in a jail wasn't go; I'm wondering if bhyve changes anything.

 

[Allan Wilmath]

You can run anything theoretically in bhyve, mostly.

Why not just run pfSense as a vm? The only trick i see is that the configuration of the networking is still a joke in FreeNAS, so you will have to hack it using the command line and go around the GUI. I was going over the interface and it doesn't even have options for where the virtual NICs connect?!

The networking is likely the only hard part, the rest should be easily done. Be sure to save the commands you used to setup the networking at the command line, you will likely need them in the future. Might be a great post since pfSense and FreeNAS are a great combo.

You should only need to manually create one bridge using the command line for use as the wan, don't use the IPMI interface though! I'm sorry I can't be of more help at this point. I run pfSense and FreeNAS Corral virtualized on ESXi, so very easy to setup! That doesn't help, but pfSense works great virtualized. Corral has pfSense as a plug-in, rather obvious really.

If you have a manger switch that supports VLANs, you may be able to simply go that route and run the internet connection in to pfSense through a port on the switch that then presents it to FreeNAS as a tagged VLAN. Then you can setup a VLAN in pfSense with the same tag, then you only need to use one virtual interface, bypass the whole command line hacking.

I have just picked up a couple of guinea pig Dells for hacking. I will have to give this a shot, maybe a great post a script for setting up the whole thing bhyve.

btw, thanks for the post, I'm already downloading OPN to check it out.

 

[nightshade00013]

@papakpmartin I don't believe that running a PfSense or OpnSense appliance as a VM under FreeNAS is the best idea.

The best option would to virtualize both if you want to run it on the same hardware and then pass through to each the hardware required. However you will still probably need to pick up a couple more NIC's since the WAN will need a dedicated port and the FreeNAS may not play nice sharing a port for LAN traffic.

To add to that just because you don't have a box with two ethernet ports doesn't mean you can grab a NIC to add them. Though the FreeNAS mini may be able to do it's job just fine the more you throw at it the faster it will bog down. Plus how much down time are you willing to deal with trying to make a project work?