Virtualized Routing: A Deep Dive Into Proxmox and OPNsense


Ever felt really, really annoyed by the limitations of your ISP’s issued router? That was me, staring in disbelief at the restrictive features and evident bottlenecks of a router that screamed ‘budget constraints’. That’s when I finally decided it was time to change it out, spend a bit of money and get something more performant capable of handling advanced features?

The Quest for Physical Routers

Enter the world of physical routers: these are your quintessential routers, bristling with ethernet ports, sometimes flaunting antennas, and invariably blinking with activity lights. They’re the dedicated couriers of our digital world, adept at ferrying data packets to and fro. Think of them as the no-nonsense postmen of the networking realm, masters of their domain yet confined within it.

But there’s something that constantly comes up when you’re browsing through standard home routers which was astounding to me, the cost. Searching for features I was interested in, nice to haves like intrusion detection and built in vpn support, meant that I would need to almost quadruple my budget. Even then you really have no idea how functional a router was going to be until you’ve got it setup and in-place!

But then, an epiphany struck. Why not break free from conventional hardware and embrace the agility of virtualization?

I had a server puttering around, not the typical routing warrior, but a formidable beast with decent single and multi-core performance with a pretty low load most of the time. Running Proxmox, it dawned on me that this could be the perfect platform to flexibly configure network adaptors and launch a routing solution. It was time to delve into the realm of virtual routers.

The Virtual Router Revolution

Imagine taking a physical router, extracting its essence, and transplanting it into a software environment. That’s the essence of a virtual router. It does everything a physical router can but within the boundless realm of a general-purpose computer. Your standard x86 PC may not be designed for routing, but it’s a multitasking behemoth capable of shouldering this task alongside countless others.

Transitioning from a traditional hardware setup to a software-based routing environment opened up a world of possibilities. Among the plethora of software solutions available for virtual routing, a couple stood out. There’s pfSense, a well-established player in the game, known for its robust feature set and reliability. Another contender is VyOS, appealing for its command-line interface, reminiscent of traditional enterprise routers. These solutions each have their merits, offering different strokes for different folks in the world of network management.

However, my choice eventually settled on OPNsense, and for good reason. OPNsense stands out with its remarkable flexibility. It’s not just a router; it’s a shapeshifter, easily adapting to the changing needs of my network. This adaptability allows me to scale up or down as required, unshackled by the physical limitations of traditional hardware.

But what truly sets OPNsense apart is its arsenal of advanced features, typically found in high-end hardware routers. From top-tier intrusion detection systems to integrated VPN support, awn failover, and even high-availability, It brings enterprise-level capabilities to my fingertips. This not only fortifies my network’s security but also enhances its overall functionality, all without the hefty price tag.

Some Important Notes on Virtual Routing

While virtual routers like OPNsense offers significant advantages, it’s important to acknowledge the cons of this approach as well. One primary concern is the complexity of setup and maintenance. Unlike plug-and-play hardware routers, virtual routers require a deeper understanding of both networking and virtualization concepts. This can be daunting for those not well-versed in these areas, potentially leading to configuration errors or suboptimal performance. So I recommend doing a bit of a slow transition, don’t just throw away your ISP router and then burn yourself so hard you give up.

Another key issue is the reliance on the host system. In a virtualized setup, the stability and security of your entire network hinge on the underlying server. If the server experiences issues, be it hardware failure, software glitches, or security vulnerabilities, your entire network could be compromised or become inoperable. This single point of failure can be a significant risk, especially in environments where constant network availability is crucial.

Security is another aspect to consider. While virtual routers offer advanced security features, they also introduce a new layer of complexity to your network’s security architecture. The virtualization layer itself can be a vector for attacks if not properly secured, and the integration of the router into a server that might be performing other tasks can potentially expose the network to vulnerabilities.

Tutorial Time: OPNsense on Proxmox Using Two NICs

Step 1: Getting OPNsense

First off, snag the OPNsense ISO from here.

Step 2: Creating a VM in Proxmox

  1. Fire up the Proxmox web UI.
  2. Hit “Create VM” and load up the OPNsense ISO.
  3. Assign two NICs to this VM - one for WAN (wide area network) and the other for LAN (local area network).

Placeholder: Screenshot showcasing the VM creation and NIC allocation.

Step 3: Installing OPNsense

  • Boot your VM and walk through the OPNsense installation steps. Don’t forget to set the boot order post-installation to ensure smooth sailing.

Step 4: DNS - The Internet’s Phonebook

DNS is like the internet’s directory, translating human-friendly domain names into IP addresses that machines understand.

Crafting the DNS Resolver

  1. Dive into the OPNsense web UI.
  2. Navigate to Services -> DNS Resolver to get it set up.

Placeholder: Screenshot illustrating the DNS Resolver configuration.

Step 5: DHCP - The Network’s Concierge

DHCP takes away the pain of manually assigning IP addresses to each device on your network.

Configuring the DHCP Server

  1. In OPNsense, head over to Services -> DHCP.
  2. Get your DHCP server up and running for your LAN.

Placeholder: Screenshot showing the DHCP server settings.

Step 6: Smooth Hostname Resolution

Link up your DNS and DHCP settings to ensure your hostnames resolve without a hitch.

Placeholder: Screenshot displaying the hostname resolution configuration.

Single NIC Setup: A Teaser

In the next post, I’ll guide you through the magic of setting this all up with just one NIC. It’s a tad more complex, but totally doable.

Reflections and Tips

Embarking on the journey of virtualized routing might seem like a tall order initially, but the level of control and customization it offers is truly rewarding. Remember, with great power comes great responsibility, so tread wisely.

Wrapping Up

And there you have it! You should now have a better grasp of virtualized routing and a functioning OPNsense VM on Proxmox. Can’t wait to hear about your experiences or answer any questions in the comments!