Thanks for making this video. It is a HUGE help for me. I have used Untangle since it was released but it was purchased by Arista who has decided to dump home users so I have decided to change to Opnsense. While the use of Opnsense seems straight forward, the installation does not. On to the next video. Thanks again.
Great video just did my setup on a new bare bones machine. Just encase anyone else has this same issue some internet service providers link your connection to your mac address and therefore you may need to restart the modem or contact them to reset it before your have internet. Took me a couple of installs and reboots to realize I just needed to restart the modem for my fibre to clear the old mac address for the old router supplied by them.
Very good guide, not complicated at all and very detailed. Please do Reverse proxy, web filtering and hosting multiple websites and services like email and filtering behind OPNsense. Can't wait for the next one.
Came across your video this evening and i have to say this. What an excellent tutorial.(Part 1) The ironic thing was my friend and i was speaking about OPNsense this evening. Watching your video gave me the confidence to try this. The tutorial was well paced and you explained in detail. This allowed me to setup and install opnsense on a spare computer this evening. The only problem was the update for firmware ?? ,it mentioned something about an address not found. I tried changing to a different mirror but no luck. I will read more into this later today. I will have a look at the other videos. Thank you for sharing an excellent tutorial.
I've been using pfsense as a vm on hyperv for over 3 yrs now and have never had any major issues. When using a virtual router/firewall on any hypervisor I recommend using 10gig nics, when adding Acl's, vlans to the virtual adapters the vm bus has to work harder, plus if you're enabling vlans, ID/IPS and all the other nice features of the firewall 10gig nics are better.
@@thestreamreader 2.5 and 5gig works fines. The 10gig nics are for the business environment which I configured for the company I work for. I currently have similar setup at home and use 2.5gb. Sorry if I didn't state that upfront
16:38 You left out a very important step! After you add in your vmbrs, you MUST push Apply Configuration. Otherwise, when you add them into your VM, your VM won't start because they don't actually exist until you hit that Apply Configuration button (or reboot the host).
Love your videos! Thank you a lot for them!!! I have a question: how does the OpnSense knows after installation which mapped port is for LAN and which is for WAN? Maybe I missed this info in the video (I watched at least 4 times :)). Thank you!!
I believe it's randomly assigned on boot (might be PCIe order). You do have the option to change during installation iirc. VM makes life easier as you can flip the virtual mac addresses.
@@Jims-Garage Interestingly, I have installed it few times following your great video (don't ask :D), and it always got it right. Yes, later I have experimented and relocated, but it is interesting (at least to me) how it get it right. Probably by accident.
Thanks for the guide, it's excellent! 🚀 I have one question: In the video, it's suggested to add two network devices as a minimum to the VM. I've managed with just one bridge (a 10 GbE trunk, router on a stick) in my OPNSense VM and handled the necessary segregation within the firewall. This allows me to manage all VLANs at one place. Will this approach cause issue down the road, say when using ZenArmor or anything else that might benefit from having dedicated VM network devices for WAN and LAN, each with its own MAC address? I've come across conflicting opinions - some recommend not using 'VLAN aware' in Proxmox at all (and yet VLANs work fine orchestrated by OPNSense), while others suggest untagging everything at the VM definition (then virtualized OPNSense won't deal with VLANs).
Hey, thanks for the compliments and the membership - much appreciated. If you want to run RoaS with 1 physical NIC you can do, nothing wrong with that. I simply prefer having my firewall doing both the WAN and the LAN.
Great video! I got mine up and running a little while ago, but I’m going to go through my set up after watching this video. I do have one question. My modem will not allow me to put it into bridging mode, so I’m wondering if it’s OK to put my opnsense on the DMZ. Right now, I’m double-NATed, which I don’t want.
Thank you very much for this great video. I use modem-router (working in bridge mode) and Eero wireless mesh router providing DHCP service. Q: what configuration should WAN of OPNsense have? I am going to use Eero in bridge mode to work only as wifi access point and DHCP has to be provided by OPNsense. Thank you.
Love this vid. I ended up switching away from opnSense since I found it annoying, now using Untangle. Would love to see videos on that as I’m still relatively new to network security and homelab in general. Keep doing what you do!!
Hi Jim. Don't want to criticise, I find your video's great. Installing OPNSense behind the Sophos XG - is this for demonstration purposes or is there a benefit?
Thanks. Purely for demonstration (it's how my network is setup, I use Sophos XG. I didn't want to have to replace it just for the video). It should go to ISP -> Opnsense
Hey great video, I’m confused about the physical connections. ISP -> OPNsense makes sense to me however how do we maintain internet/GUI access to Proxmox @@Jims-Garage
@@Jims-Garage also fun fact: it's possible to run opnsense as VM with just dummy vmbr interfaces (without any physical network interface at all), that way it can serve just VMs within Proxmox - great for testing and learning all its features - and easy to "migrate" to real setup with physical nics anytime later :D
I started watching part three until I found out you had a part 1 and 2. Great videos. You talked about 4 cores, for a home environment with two people is 4 cores really necessary? So far only two other VM's so I could allocate 4 but would prefer only 2 for possible future VMs.
Hello again jim! I am actually doing a marathon on your previous videos since some services I want to deploy are here. I would like to ask if you would still recommend getting a i226 for 2.5G NIC? I've read dozens of reports having packet loss with it.
Hey, thanks. I don't actually have one, all my devices are 1Gb or 10Gb (i350 and connectx-3). My understanding is that i225 is bad, i226 is good, but I've no real world experience.
Super in-depth guide. I am getting tripped up on the hardware side. I have my server pc plugged into my wireless router with one ethernet cable. Is OPNsense possible or useful in a configuration like this? Proxmox only shows me one network device
Just for clarification, if have two ports only. One would be used as the WAN port for OPNsense and the other would be the Lan port for OPNsense and all of proxmox?@@Jims-Garage
Hi Jim, Thank you for the awesome tutorial. I was just looking for opnsense walkthroughs and was surprised that you also covered virtualization and on proxmox. So I have a question: - how about just passing the entire nic to the vm? As a pcie device with all functions, so it's not available to the host anymore. Is there a side effect to that approach, or is it unsafe?
Hey Jim love your videos! Just got a question: If you are using a virtual adapter in Proxmox does it matter if it is an intel based nic then? Just thought that would be a good solution for the bad Realtek driver support in FreeBSD.(?)
Thank you for your explanations. I have a question, if I set up a server and use pve on my server and set up a firewall like you in a single server, would this create a security vulnerability or should I use a physical device for the firewall for security?
In a purist perspective having dedicated hardware is more secured. However, the cloud is all vietualised and so is most of the world's services. For a homelab a virtual firewall makes a lot of sense, cheaper, easier to migrate, and something to learn.
Amazing! I'm just starting. On this stage, is OpnSense acting as DHCP server? Curious if I'd need to disable the one on my router and set it as an Access Point only.
You don't, HA requires 2 OpnSense machines (I think I had a third leftover from testing). Ignore Sophos XG, that's simply the HA solution I use, and I didn't want to have to remove it for making the video (meant it was a little more fun to create ha).
another question: two Opnsense VM on Proxmox Dell. You don't use Opnsense separate Hardware? It 's better to use opnsense on VM or on physical hardware? on Proxmox is only for test, right? i have seen your video with traefik cloudflare to fix, but i have problem with macvlan and firerwall rule on sophos. with tunnel cloudflare, it work well. but after with macvlan, it ' s not work again. i think, because i don't have sophos to make the right rule .... can you help me, to make right. thanks
@@khanhthedag7269 this is purely for demonstration, you would want each VM on a separate physical machine (in most cases). I recommend a VM for all of the advantages it provides.
Greetings Jim...This is Jim. I'm going to be installing an OPNsense VM on Proxmox and you discussed Q35 in your video. I thought I'd give it a try and see what happens. I checked their web site and they are still discussing they haven't had time to really test Q35. Do you have any feel for what I might see as far as issues. I'm only asking because this will be the first time I've seen OPNsense and I don't know if there are any issues that are in the program itself that wouldn't be part of using Q35 or should I just assume anything that is weird will be caused by Q35? I have to compliment you on Part 1. You laid everything out nicely and it's very understandable. I'm looking forward to part 2 and 3. One question comes to mind on the drive size. If I try some plugins will the drive size you chose be big enough for a few plugins or would you advise adding 10-20 GB more disk space just to cover any capacity issues. This install is going to be just for a home installation so not a lot of storage is going to be absorbed with traffic monitoring or log files.
I've been using q35 for a few months now without a problem, you can choose the other though (I don't think it matters, it was only because passthrough requires q35). You can up the size of the disk if you want. You can also increase it later on if needed, that's the beauty of a VM.
Thanks for the reply. Your video asked for an update on Q35 hence my original question so I could give you an update but it seems your well ahead of me. I'm new to Proxmox VE and your video was the first time I heard of Q35. Looking forward to learning more about Q35. Wrapping up my OPNsense install and moving on to learning what you cover in Part 2 and 3. Thanks again for your videos.
I heard about performance gains on opnsense if you do a direct passthrough of ports (for LAN/WAN). Also I see people installing the QEMU agent as a plugin after the initial installtion of opnsense and also enabling it on the VM of course. Do you have some insights on these things?
I don't like doing passthrough if I can help it, it prevents many of the benefits of being a VM. I'm able to saturate a 10GB NIC using a virtual adapter, there will be some slight overhead but it's extremely efficient and worth the tradeoff for flexibility. Installing QEMU agent could be useful for monitoring and better shutdown but it's not essential. It's not the same as VirtIO drivers.
This is a very helpful video, Jim, thank you. Subbed. I have just installed Proxmox and then OPNsense on a Zimaboard, I have GUI access and it all runs. Happy noob so far! Is there a simple answer to how to configure all this until it is fully ready to deploy without interfering with the function of the existing (BT-fed) home network? Yesterday when I switched the Zima off the other machines all lost internet access until a modem/router restart, even though I'm not (as far as I know) routing them through the server yet. Could be coincidence, but… Obviously I'm scouring docs and forums but I haven't been able to clarify this yet. Any help very much appreciated!
@@tonyrambler I'm just about to release a PfSense video, it tackles the exact scenario. Set it up behind your existing firewall/router without interrupting.
Depends. I don't because it breaks migration and backups. There might be a tiny performance improvement but I still saturate 10Gb virtually (IMO - the benefits of virtual far outweigh the negatives).
Hopefully, you'll cover access points and bridging the Wan and Lan so they reside on the same IP with each other, as you might see from a store bought router. This is where I made mistakes when I setup 3 years ago. Wifi starts on 192.168.3.x and Lan is on 192.168.1.x. Also maybe some coverage on AP setups too, I got some tp-link wifi units and I've had some awful speeds through wifi as well as dropped connections. I really liked your explanation on attaching the nic, I also had trouble with this and ended up running from the built-in nic. I'm also excited to see your homelab firewall configuration!
Thanks 👍 typically I don't bridge the Lan and WiFi, I put them on separate networks. However, it's something I can cover for those who wish to have a single subnet over both technologies.
Im a bit confused. Where is the PC youre doing the demo connected? How is it able to access 192.168.1.1 immediately? Could u pls discuss the physical network? Thank you!
@@benjamincabalonajr6417 the demo is a VM on my Proxmox cluster, I'm connected from the pc I'm recording on. It's simply connected to the LAN port of the VM.
Did you set your ISP's modem as bridged first or it is like you re running double Nat-ed? At 24:08 shoudlnt you uncheck the , since you re not gonna use the ISP ones?
In this setup I'm double natted because it's behind Sophos XG, but without that it would be bridged (it was purely for demonstration as I didn't want to rip out Sophos XG). Yes, you're right. I missed the option at 24:08, should be unchecked.
Hi Jim, I'm very new to opnsense. My isp router connection ends with a fibre optic while my opnsense device has 2 x RJ45 hence the fibre optic cannot be plugged into the Wan RJ45 port. I will appreciate your guidance on how to set it up.
@@Jims-Garage Hi Jim, thank you for your response. I get that but how do i connect the cables? The fibre optic goes into the WAN of the router? Then I pull a cable from the LAN of the router to the opnsense device and from the lan of the opnsense to the network switch?
@@thin.clients I bought an SFP and rj45 switch, it basically acts as a convertor and was cheaper. Otherwise, you'll seen an SFP+ transceiver and SFP based NIC
I'm up and running a Sophos XG 125w with OPNsense as a bloody beginner. Looking for a driver for my QCA986x/988x 802.11ac Wireless Network Adapter, having trouble with WebGUI access from WAN interface, looking for an adequate way to install the firewall inside my existing network configuration with a FritzBox gateway with MESH functionality and last but not least, to protect my Home Lab (exposed) web services behind an NGINX proxy manager and dyndns. My personal goal would be, to use it as transparent filtering proxy, with DPI, IDS, IDP, and so on. But VoIP and IPTV shout'd be disturbed in any way.
Thanks for a nice and easy to follow video! Now the main question, I suppose, is OPNSense vs PfSense :) (pfsense seems to be more developed and "stable". But the team behind it and some of their actions towards OpnSense raise some concerns)
During the VM creation in the host type i choose host. Along with this is it a good idea to enable CPU flags for AES instruction set so that it works better with VPN traffic?
@@Jims-Garage I do understand that the AES is something the host would provide, but the question is rather should the VM pass those extra AES flags to really utlize them from the underlying host.
@@viggyprabhu host offers everything the CPU has to offer. You cannot magic additional hardware offloading via flags. The CPU either has it or it doesn't.
Yes i totally understand magical flags cant bring additional hardware capabilties ;) i was just wondering if the VM needs to pass those additional flags to utilize this capablity from the host (if it supports the functionlity behind this flag).
Hi Jim, great timing to present an Opnsense series now as I was about to try to install Sophos XG on my Proxmox machine, but a little bit scared about all the configuration steps 🤔. I have a Mini-PC with 2 NICs, 1Gbit->vmbr0->ip to access Proxmox, 2,5Gbit->vmbr1->VMs + LXCs. I want to use the 1Gbit port as WAN , the 2,5Gbit port as LAN, while maintaining in Opnsense the DHCP subnet actually provided by my router as I have a bunge of static IPs allocated right now (and obviously deactivating the router DHCP afterwards). Do you think that‘s anyhow feasible? Thanks for your great videos. It‘s a pleasure to listen to your calm voice, especially for a non-native English speaker. Greetings from tiny Luxembourg 🇱🇺.
Hey, thanks 👍 whilst it won't be possible to use DHCP from an upstream router, in my next video I'll show how to reserve IP addresses. That way you can clone your existing IPs behind OpnSense.
@@Jims-Garage Jim, I‘ve rectified my initial posting, as I‘m aware that I cannot use my router‘s DHCP anymore, I only want to maintain the 10.x.x.x range I now have. Looking forward to the next videos. Thanks a lot 🙏
They're similar, OpnSense was a fork of pfsense due to their licensing/open source fiasco. Since, OpnSense has remained fully open source and I believe has a few more features. Generally more favoured in the homelab community from what I've seen.
@@Jims-Garage thanks for quick response. but it can replace the VLAN, DHCP, DNS, Firewall (Allow,Block) part only? I am currently having opnsense with few ovs switches and VLANs. and thinking if this can be replaced. for IPS/IDS I use zeek(bro) in separate VM. and Wazuh as SIEM.
Great video! One question, how do i access proxmox from a computer behind the opnsense? I have 4nics, 0,1,2,3 0-proxmox 1-wan 2-lan (then dumb switch) 3-opt1 IF i run a cable from dumb switch to port0 on the machine... Would i be able to access proxmox via ip address assigned by vm-opnsense? What's ur recommendation?
Thanks for the question, what do you mean "beyond" opnsense? I assume from the internet? If so, I recommend a VPN to connect back into your network, and then access via the local network. If you mean internally, you should be able to access via the IP as long as the correct firewall rules are in place. Happy to discuss more on Discord, it's a lot easier to converse.
Hi @Jims-Garage! can you please tell me for what have you set up the Nordvpn VM? I want to have some LXC container to run under a Nordvpn connection, i can do it if I set up a VM ? or how it be better to achieve this?
yes i want to route all my ARR suite and qbittorrent trought vpn. can you please indicate name of the video or on link where i can achive this. Thanks. And BTW amazing job! I realy like to watch and learn from you @@Jims-Garage
oh, you men by using opensense? but is there a way to use nordvpn on nordlynx to have better speed and then to route lxc container trought that vm ? i kno i can create openwrt router and do this, but then i will only use openvpn connection, and that one is slow @@Jims-Garage
@@petrut_u3137 it all goes through the firewall anyway so on the firewall is likely the most performant. Openvpn with UDP will saturate the NordVPN connection anyway. You can use WireGuard (nordlynx) but I find it temperamental, check my instructions for how to obtain your key.
Hi, I have two 2.5gbpe ports on a single mini pc on which i have proxmox running. Can you please guide me how i could configure opnsense WAN and LAN without a dedicated management interface? Can i somehow share the LAN interface along with proxmox mgmt interface?
Hello Jim. So I seem to be having an issue when setting up my system. My WAN interface is coming back as a LAN interface on opnsense. I currently have my server plugged into my ISP router and then I have a nic in the server that has a hard line to my PC and a Raspberry pi. I am not getting any connection through my hardline though I do see "unidentified network" in the bottom right hand corner for the ethernet port( I believe). If I put on my ports on one bridge in proxmox I can get connection to my PC so I know that the NIC does work. Any thoughts on what I may be doing wrong? Thank you for your time.
I followed the steps in this video have been able to access the GUI I can see that the WAN is connected and the LAN is connected yet I can’t connect to the Internet. What could be the issue here?
Thanks for your help! Got hardwired devices working but anything connected via the WAP (connected to the switch) doesn’t work. Is there some mapping. Perhaps it’s a DHCP thing?
Pretty much because OpnSense was more popular with my subs, plus there is still some lingering negative sentiment around what pfSense did. I'll likely cover it in the near future.
@@Jims-Garage Thanks. I have been running pfSense since 2017. I am in my 60's now and have learned to be careful from the extra offerings, as they always have a catch. Since I am running the CE edition and I have so much time and knowledge invested, switching is not suitable option. I can understand the frustration. Several years back I switched from Cisco SMB managed switches SG-2xx/3xx to the Unifi. After the learning curve was over, I had 6 months of stable network. Then, it was nothing but issues. Too much to write to explain all the issues. I had two friends who also switched to the Unifi and they had issues as well. Some the same and some different. After 2 months of trying to fix the issues, ripped it out and put back my Cisco switches and was back to stable and still rock solid stable network. The Unifi had some nice features, but between buggy firmware and system issues and their changes to the cloudkey stuff and security issues. I see a lot of people using that product, but I will never try Unifi again. Thanks for sharing your knowledge with us.
thank you for amazing tutorial video, actually I install proxmox on Zima board and when I try to install opnsense on Zima board after rebooting without usb the Zima board boot on proxmox os NOT opnsense so is there any ways to install opnsense on internal storge of Zima board? thanks agin
i am facing problem while i am installing it the WAN PPPOE will be open on the GUI and i can't access the GUI from the LAN and I don't know how to flip it and if i create new interface the traffic will move from LAN to WAN to The new subnet that i open the gui on it and if i removed the WAN Cable i can't access to that GUI
So I share a house with internet and I cannot have my own separate internet but want to have my own network and home lab setup. So you mentioned setting up this firewall behind your Sophos. So wanted to ask, currently I have my pfsense/opnsense box's WAN port plugged into a DMZ'ed port on the house router and I have assigned it a static IP. Then the LAN is on a different IP range for all my devices behind the firewall. Does this sound OK??? Is there any setting I need to use in either pfsense or opnsense to use this sort of setup??? Thanks for your videos!
@@Jims-Garage I just read in pfsense there are settings to block bogon addresses or something like that and I was worried it will block this setup... So wasnt sure. Trying to learn this stuff and its not easy!!!
Hi! , do you need a second network interface card for lan if you only need to use vlans for proxmox vms on the same node were opensense is running on? I wouldnt be able to connect my proxmox wan directly to the modem.
No, you can do everything on 1 NIC if you're savvy with vlans. I prefer 2 as it makes things easier and less prone to lockout (at least in my simple brain).
@@Jims-Garage thanks, should i just create a new bridge for the lan and assign the same network interface of vrb0 (wan) to it? Or would i need an external managed switch? Im quite confused to be honest.
Jim, great Guide - but I suspect (given your expereince) you might not know (or even remember) how much real beginners do not know. Pro Tip - If you call it a Beginner's Guide, then dont start with a whole bunch of Virtual IT jargon that they wont understand. Suggest you do it again on a mini pc and install it with a usb drive - like most people out there will have to do...
I don't get it. Why do I need a WAN? My router connects to the ISP, I have no idea how to make it not do that if I wanted my OPNSense to connect to it instead. I feel like this video was framed as "from scratch" but there's a huge gap if we're not talking about what to do on the router (even if it is with 1000 caveats about different hardware, different interfaces etc.). I'm gonna have to watch something else to figure out what I'm doing. ChatGPT told me I don't need a WAN but I'm still trying to get my head around all of this.
Hey, start with understanding the basics. The wan is a wide area network, in most cases the internet, this is an untrusted network. Typically you want to put your ISP router into modem only mode, this allows your firewall (in this case OPNSense) to handle the connection and routing. If you're unable to do that, you'll need to plug the ISP router as is into your firewall wan port. This will be double natted but it should be fine. It simply means you would have to port forward on both devices. The reason you have a wan and Lan port is to separate traffic between local and outside. All your local devices connect to the Lan, internet to the wan. This way you control what can enter and leave your network. Hope that helps.
Don’t use UFS !UFS is a piece of crap and gets corrupted all the time. I know it’s a virtualized install and in theory you should have backups! But still!
Hmm, I can read it on my phone fine. Ignore that it's in a VM, it was simply to show the installation process which is pretty simple and the same regardless. I do recommend using it Virtually though for all of the benefits it provides.
Thanks for making this video. It is a HUGE help for me. I have used Untangle since it was released but it was purchased by Arista who has decided to dump home users so I have decided to change to Opnsense. While the use of Opnsense seems straight forward, the installation does not. On to the next video. Thanks again.
@@martyb3783 you're welcome
Thankyou Jim, your style is well paced and easy to comprehend. Now to take heed and start my homelab setup, cheers.
Thanks 👍
Very good content Jim! This is just what I was after. Now onto the second part.... I particularly need information on dynamic DNS
Thanks. I cover that in the second video, it's pretty straightforward.
Great video just did my setup on a new bare bones machine. Just encase anyone else has this same issue some internet service providers link your connection to your mac address and therefore you may need to restart the modem or contact them to reset it before your have internet. Took me a couple of installs and reboots to realize I just needed to restart the modem for my fibre to clear the old mac address for the old router supplied by them.
Thanks, and good to know!
Very good guide, not complicated at all and very detailed.
Please do Reverse proxy, web filtering and hosting multiple websites and services like email and filtering behind OPNsense.
Can't wait for the next one.
Thanks. I've provided examples of those in the next video (out soon). You can then replicate the process for all of your services.
Came across your video this evening and i have to say this.
What an excellent tutorial.(Part 1)
The ironic thing was my friend and i was speaking about OPNsense this evening.
Watching your video gave me the confidence to try this.
The tutorial was well paced and you explained in detail.
This allowed me to setup and install opnsense on a spare computer this evening.
The only problem was the update for firmware ?? ,it mentioned something about an address not found.
I tried changing to a different mirror but no luck.
I will read more into this later today.
I will have a look at the other videos.
Thank you for sharing an excellent tutorial.
Thanks 👍 on rare occasions the mirrors go down. More likely it's DNS. In system settings, change DNS to 1.1.1.1 and 8.8.8.8 to rule anything out.
Good morning ,thank you for the reply.I will change DNS as mentioned. Thank you very much.
Thank you Jim for the great content! Really looking forward to this series on opnsense.. perfect timing! ;-)
You're welcome 😁
@@joblow3638 ok, thanks for clarifying. I'll have a read.
I've been using pfsense as a vm on hyperv for over 3 yrs now and have never had any major issues. When using a virtual router/firewall on any hypervisor I recommend using 10gig nics, when adding Acl's, vlans to the virtual adapters the vm bus has to work harder, plus if you're enabling vlans, ID/IPS and all the other nice features of the firewall 10gig nics are better.
Thanks 👍
What if you are just using 2.5 gb nice found in Beelink EQ12 with 16gb ram?
@@thestreamreader 2.5 and 5gig works fines. The 10gig nics are for the business environment which I configured for the company I work for. I currently have similar setup at home and use 2.5gb. Sorry if I didn't state that upfront
@@thestreamreader 2.5 Gb is absolutely fine.
*major
Now that I have it installed, it's time to learn how to use it 😊
Thanks for the demo and info, have a great day
Thanks, you too!
For the virtualized NICs it's recommended to set Multiqueue to 8 :)
Thanks, I'll look into that for performance tweaks
@@Jims-Garage I think that's only necessary for router VMs though, not sure
Not gonna lie, your videos are amazing.
Thanks 👍
Alternatives to Sophos are always interesting 👍
Yes, you'll like this one I think
16:38 You left out a very important step! After you add in your vmbrs, you MUST push Apply Configuration. Otherwise, when you add them into your VM, your VM won't start because they don't actually exist until you hit that Apply Configuration button (or reboot the host).
I wish it were possible to add a comment to virtual NICs on a VM. That would be nice.
Thank you James, great job as always.
Thanks, appreciate the feedback.
Love your videos! Thank you a lot for them!!! I have a question: how does the OpnSense knows after installation which mapped port is for LAN and which is for WAN? Maybe I missed this info in the video (I watched at least 4 times :)). Thank you!!
I believe it's randomly assigned on boot (might be PCIe order). You do have the option to change during installation iirc. VM makes life easier as you can flip the virtual mac addresses.
@@Jims-Garage Interestingly, I have installed it few times following your great video (don't ask :D), and it always got it right. Yes, later I have experimented and relocated, but it is interesting (at least to me) how it get it right. Probably by accident.
Thanks for the guide, it's excellent! 🚀 I have one question: In the video, it's suggested to add two network devices as a minimum to the VM. I've managed with just one bridge (a 10 GbE trunk, router on a stick) in my OPNSense VM and handled the necessary segregation within the firewall. This allows me to manage all VLANs at one place. Will this approach cause issue down the road, say when using ZenArmor or anything else that might benefit from having dedicated VM network devices for WAN and LAN, each with its own MAC address? I've come across conflicting opinions - some recommend not using 'VLAN aware' in Proxmox at all (and yet VLANs work fine orchestrated by OPNSense), while others suggest untagging everything at the VM definition (then virtualized OPNSense won't deal with VLANs).
Hey, thanks for the compliments and the membership - much appreciated. If you want to run RoaS with 1 physical NIC you can do, nothing wrong with that. I simply prefer having my firewall doing both the WAN and the LAN.
Great video! I got mine up and running a little while ago, but I’m going to go through my set up after watching this video.
I do have one question. My modem will not allow me to put it into bridging mode, so I’m wondering if it’s OK to put my opnsense on the DMZ. Right now, I’m double-NATed, which I don’t want.
Could you add to the list wireguard setup on OPNsense working along with dual wan failover please? Thanks
I'll take a look at it. I personally use Kubernetes for WireGuard.
@@Jims-Garage ok thanks
Thank you very much for this great video. I use modem-router (working in bridge mode) and Eero wireless mesh router providing DHCP service. Q: what configuration should WAN of OPNsense have? I am going to use Eero in bridge mode to work only as wifi access point and DHCP has to be provided by OPNsense. Thank you.
I think it should be DHCP.
Thank you. I tried to set up bridge mode of OPNsense to keep my Eero router and network devices with the same IP addresses but something went wrong.
Looking forward to this!
Thanks 👍
Love this vid. I ended up switching away from opnSense since I found it annoying, now using Untangle. Would love to see videos on that as I’m still relatively new to network security and homelab in general. Keep doing what you do!!
Thanks. That's been on the list to try, I've heard that it's good.
@@Jims-Garage I've enjoyed it so far! My only pain point is I kind of suck at knowing what firewall rules to put up, and it's not a default deny
@@Montagic rule of thumb, if the service doesn't work check the ports and add a rule
Hi Jim. Don't want to criticise, I find your video's great. Installing OPNSense behind the Sophos XG - is this for demonstration purposes or is there a benefit?
Thanks. Purely for demonstration (it's how my network is setup, I use Sophos XG. I didn't want to have to replace it just for the video). It should go to ISP -> Opnsense
Hey great video, I’m confused about the physical connections. ISP -> OPNsense makes sense to me however how do we maintain internet/GUI access to Proxmox @@Jims-Garage
q35+UEFI works fine here, just make sure to disable secure boot first at initial boot of fresh VM :)
Thanks, I'm now using it with the same setup.
@@Jims-Garage also fun fact:
it's possible to run opnsense as VM with just dummy vmbr interfaces (without any physical network interface at all), that way it can serve just VMs within Proxmox - great for testing and learning all its features - and easy to "migrate" to real setup with physical nics anytime later :D
@@TazzSmk yes, I've done that. Can even do it on SDN
I started watching part three until I found out you had a part 1 and 2. Great videos. You talked about 4 cores, for a home environment with two people is 4 cores really necessary? So far only two other VM's so I could allocate 4 but would prefer only 2 for possible future VMs.
The beauty of a VM is you can scale to your needs. Try 2 and up if necessary.
Thanks didn't want to waste my time if 2 were going to not work from the start. Comment on ballooning was nice. Looking forward to the second video
24:14 You left the option Override DNS on. Which DNS resolvers will do the job then? 😊
Oops! Good spot, I'll have to rectify that in the next video. At least functionally it won't matter as we're setting the Lan interfaces separately.
ethtool command = "ethtool -p vmnic0 15 " or "ethtool --identify eth0"
Awesome videos
@@workingdb thanks 👍
Hello again jim! I am actually doing a marathon on your previous videos since some services I want to deploy are here. I would like to ask if you would still recommend getting a i226 for 2.5G NIC? I've read dozens of reports having packet loss with it.
Hey, thanks. I don't actually have one, all my devices are 1Gb or 10Gb (i350 and connectx-3). My understanding is that i225 is bad, i226 is good, but I've no real world experience.
It should be fixed now in the latest kernels of Proxmox, PfSense, and OPNSense.
Super in-depth guide. I am getting tripped up on the hardware side. I have my server pc plugged into my wireless router with one ethernet cable. Is OPNsense possible or useful in a configuration like this? Proxmox only shows me one network device
Thanks. You'll need to add another PCIe card for more network interfaces. That should open up plenty of options.
@@Jims-Garagethanks for the patient response. Rewatching this and realize you clarify this in the video lol
Just for clarification, if have two ports only. One would be used as the WAN port for OPNsense and the other would be the Lan port for OPNsense and all of proxmox?@@Jims-Garage
@@Levi-Salmon Did you end up adding another network card? I also have my proxmox ve with a single ethernet cable.
@@Tmacs-yp6vv yeah I just bought a NIC
Hi Jim,
Thank you for the awesome tutorial. I was just looking for opnsense walkthroughs and was surprised that you also covered virtualization and on proxmox.
So I have a question:
- how about just passing the entire nic to the vm?
As a pcie device with all functions, so it's not available to the host anymore.
Is there a side effect to that approach, or is it unsafe?
Hey Jim love your videos!
Just got a question:
If you are using a virtual adapter in Proxmox does it matter if it is an intel based nic then?
Just thought that would be a good solution for the bad Realtek driver support in FreeBSD.(?)
Thanks 👍 it will help with the realtek support issue (provided the host also can use it properly)
please tell me how can I support you?? omg your content is amazing and the way you explain it, just wow. I
Thanks 👍 feel free to become a UA-cam member on my channel if you'd like. Hit the join button on my channel homepage
Thank you for your explanations. I have a question, if I set up a server and use pve on my server and set up a firewall like you in a single server, would this create a security vulnerability or should I use a physical device for the firewall for security?
In a purist perspective having dedicated hardware is more secured. However, the cloud is all vietualised and so is most of the world's services. For a homelab a virtual firewall makes a lot of sense, cheaper, easier to migrate, and something to learn.
Amazing! I'm just starting. On this stage, is OpnSense acting as DHCP server? Curious if I'd need to disable the one on my router and set it as an Access Point only.
Yes, OPNSense is doing DHCP, it's downstream from the ISP router (which is in modem only mode).
Thanks. Very nice VideoClips.
I have question: Why you need 3 Opnsense? and Sophos Firewall?
You don't, HA requires 2 OpnSense machines (I think I had a third leftover from testing).
Ignore Sophos XG, that's simply the HA solution I use, and I didn't want to have to remove it for making the video (meant it was a little more fun to create ha).
another question:
two Opnsense VM on Proxmox Dell. You don't use Opnsense separate Hardware?
It 's better to use opnsense on VM or on physical hardware?
on Proxmox is only for test, right?
i have seen your video with traefik cloudflare to fix, but i have problem with macvlan and firerwall rule on sophos.
with tunnel cloudflare, it work well. but after with macvlan, it ' s not work again.
i think, because i don't have sophos to make the right rule ....
can you help me, to make right. thanks
@@khanhthedag7269 this is purely for demonstration, you would want each VM on a separate physical machine (in most cases). I recommend a VM for all of the advantages it provides.
Is sophos XG better than opnsense firewall?
which firewall should i use?
Greetings Jim...This is Jim. I'm going to be installing an OPNsense VM on Proxmox and you discussed Q35 in your video. I thought I'd give it a try and see what happens. I checked their web site and they are still discussing they haven't had time to really test Q35. Do you have any feel for what I might see as far as issues. I'm only asking because this will be the first time I've seen OPNsense and I don't know if there are any issues that are in the program itself that wouldn't be part of using Q35 or should I just assume anything that is weird will be caused by Q35?
I have to compliment you on Part 1. You laid everything out nicely and it's very understandable. I'm looking forward to part 2 and 3. One question comes to mind on the drive size. If I try some plugins will the drive size you chose be big enough for a few plugins or would you advise adding 10-20 GB more disk space just to cover any capacity issues. This install is going to be just for a home installation so not a lot of storage is going to be absorbed with traffic monitoring or log files.
I've been using q35 for a few months now without a problem, you can choose the other though (I don't think it matters, it was only because passthrough requires q35).
You can up the size of the disk if you want. You can also increase it later on if needed, that's the beauty of a VM.
Thanks for the reply. Your video asked for an update on Q35 hence my original question so I could give you an update but it seems your well ahead of me. I'm new to Proxmox VE and your video was the first time I heard of Q35. Looking forward to learning more about Q35. Wrapping up my OPNsense install and moving on to learning what you cover in Part 2 and 3. Thanks again for your videos.
I heard about performance gains on opnsense if you do a direct passthrough of ports (for LAN/WAN). Also I see people installing the QEMU agent as a plugin after the initial installtion of opnsense and also enabling it on the VM of course. Do you have some insights on these things?
I don't like doing passthrough if I can help it, it prevents many of the benefits of being a VM. I'm able to saturate a 10GB NIC using a virtual adapter, there will be some slight overhead but it's extremely efficient and worth the tradeoff for flexibility. Installing QEMU agent could be useful for monitoring and better shutdown but it's not essential. It's not the same as VirtIO drivers.
This is a very helpful video, Jim, thank you. Subbed. I have just installed Proxmox and then OPNsense on a Zimaboard, I have GUI access and it all runs. Happy noob so far!
Is there a simple answer to how to configure all this until it is fully ready to deploy without interfering with the function of the existing (BT-fed) home network? Yesterday when I switched the Zima off the other machines all lost internet access until a modem/router restart, even though I'm not (as far as I know) routing them through the server yet. Could be coincidence, but… Obviously I'm scouring docs and forums but I haven't been able to clarify this yet. Any help very much appreciated!
@@tonyrambler I'm just about to release a PfSense video, it tackles the exact scenario. Set it up behind your existing firewall/router without interrupting.
@@Jims-Garage That's great. This is definitely several learning curves at once! Thanks for replying, and quickly.
@@tonyrambler you're welcome. I'm trying to cover as much as I can
One question, both nics should be connected to the same switch? Or the wan should be connected directly to the router?
Wan to router, and Lan to switch (typically).
Out of curiosity, would be better to passthrough the NICs (on PCI menu) instead of just adding the Network Card or doesn't matter?
Depends. I don't because it breaks migration and backups. There might be a tiny performance improvement but I still saturate 10Gb virtually (IMO - the benefits of virtual far outweigh the negatives).
Setup starts at 19:55
Hopefully, you'll cover access points and bridging the Wan and Lan so they reside on the same IP with each other, as you might see from a store bought router. This is where I made mistakes when I setup 3 years ago. Wifi starts on 192.168.3.x and Lan is on 192.168.1.x. Also maybe some coverage on AP setups too, I got some tp-link wifi units and I've had some awful speeds through wifi as well as dropped connections.
I really liked your explanation on attaching the nic, I also had trouble with this and ended up running from the built-in nic. I'm also excited to see your homelab firewall configuration!
Thanks 👍 typically I don't bridge the Lan and WiFi, I put them on separate networks. However, it's something I can cover for those who wish to have a single subnet over both technologies.
Im a bit confused. Where is the PC youre doing the demo connected? How is it able to access 192.168.1.1 immediately? Could u pls discuss the physical network? Thank you!
@@benjamincabalonajr6417 the demo is a VM on my Proxmox cluster, I'm connected from the pc I'm recording on. It's simply connected to the LAN port of the VM.
Thanks.
You're welcome
Did you set your ISP's modem as bridged first or it is like you re running double Nat-ed?
At 24:08 shoudlnt you uncheck the , since you re not gonna use the ISP ones?
In this setup I'm double natted because it's behind Sophos XG, but without that it would be bridged (it was purely for demonstration as I didn't want to rip out Sophos XG).
Yes, you're right. I missed the option at 24:08, should be unchecked.
Just by liking it, confuses me to the fact if I m right or wrong to my comments though (haahah)
New edit: Oh ok there was an answer after all.
Hi Jim, I'm very new to opnsense.
My isp router connection ends with a fibre optic while my opnsense device has 2 x RJ45 hence the fibre optic cannot be plugged into the Wan RJ45 port.
I will appreciate your guidance on how to set it up.
@@thin.clients cheapest option might be an unmanaged switch. Check my recent MS-01 video.
@@Jims-Garage Hi Jim, thank you for your response. I get that but how do i connect the cables? The fibre optic goes into the WAN of the router? Then I pull a cable from the LAN of the router to the opnsense device and from the lan of the opnsense to the network switch?
@@thin.clients I bought an SFP and rj45 switch, it basically acts as a convertor and was cheaper. Otherwise, you'll seen an SFP+ transceiver and SFP based NIC
I'm up and running a Sophos XG 125w with OPNsense as a bloody beginner. Looking for a driver for my QCA986x/988x 802.11ac Wireless Network Adapter, having trouble with WebGUI access from WAN interface, looking for an adequate way to install the firewall inside my existing network configuration with a FritzBox gateway with MESH functionality and last but not least, to protect my Home Lab (exposed) web services behind an NGINX proxy manager and dyndns. My personal goal would be, to use it as transparent filtering proxy, with DPI, IDS, IDP, and so on. But VoIP and IPTV shout'd be disturbed in any way.
Thanks for a nice and easy to follow video!
Now the main question, I suppose, is OPNSense vs PfSense :) (pfsense seems to be more developed and "stable". But the team behind it and some of their actions towards OpnSense raise some concerns)
It's homelab, give them both a spin. I'm using Sophos XG - that's another solid, and free option.
During the VM creation in the host type i choose host. Along with this is it a good idea to enable CPU flags for AES instruction set so that it works better with VPN traffic?
@@viggyprabhu host includes AES (basically everything the CPU can offer).
@@Jims-Garage I do understand that the AES is something the host would provide, but the question is rather should the VM pass those extra AES flags to really utlize them from the underlying host.
@@viggyprabhu host offers everything the CPU has to offer. You cannot magic additional hardware offloading via flags. The CPU either has it or it doesn't.
Yes i totally understand magical flags cant bring additional hardware capabilties ;) i was just wondering if the VM needs to pass those additional flags to utilize this capablity from the host (if it supports the functionlity behind this flag).
@@viggyprabhu Again no, you already select "type" as "host", which will give the guest OS full insides of your real CPU.
Hi Jim, great timing to present an Opnsense series now as I was about to try to install Sophos XG on my Proxmox machine, but a little bit scared about all the configuration steps 🤔. I have a Mini-PC with 2 NICs, 1Gbit->vmbr0->ip to access Proxmox, 2,5Gbit->vmbr1->VMs + LXCs. I want to use the 1Gbit port as WAN , the 2,5Gbit port as LAN, while maintaining in Opnsense the DHCP subnet actually provided by my router as I have a bunge of static IPs allocated right now (and obviously deactivating the router DHCP afterwards). Do you think that‘s anyhow feasible? Thanks for your great videos. It‘s a pleasure to listen to your calm voice, especially for a non-native English speaker. Greetings from tiny Luxembourg 🇱🇺.
Hey, thanks 👍 whilst it won't be possible to use DHCP from an upstream router, in my next video I'll show how to reserve IP addresses. That way you can clone your existing IPs behind OpnSense.
@@Jims-Garage Jim, I‘ve rectified my initial posting, as I‘m aware that I cannot use my router‘s DHCP anymore, I only want to maintain the 10.x.x.x range I now have. Looking forward to the next videos. Thanks a lot 🙏
Why do you use bridge and not a networkcard Passthrough?
I prefer to have the flexibility of a bridge. Simple migration and upgrades.
Zenarmor costs compared to the full free features you get with sophos-xg, why would you move?
I'm not saying that I will, I'm just giving it a whirl.
so what is the ( main ) difference between pfsence and opensence ?
They're similar, OpnSense was a fork of pfsense due to their licensing/open source fiasco. Since, OpnSense has remained fully open source and I believe has a few more features. Generally more favoured in the homelab community from what I've seen.
Hello Jim, would you say that proxmox VE 8.1 SDN and Builtin Firewall would be a replacement for virtual firewalls such as opnsense and pfsense?
No, OpnSense and Sophos XG are next Gen (traffic inspection, ids IPS etc). Proxmox is simply rules.
@@Jims-Garage thanks for quick response. but it can replace the VLAN, DHCP, DNS, Firewall (Allow,Block) part only? I am currently having opnsense with few ovs switches and VLANs. and thinking if this can be replaced. for IPS/IDS I use zeek(bro) in separate VM. and Wazuh as SIEM.
@@Sulaimanzai yes, that could work
Thanks
Oh, I can use an internal lan card? I was doing pcie passthough and a whole lan card.
Nope, that's not necessary. Makes life a lot easier.
what if my physical router uses 192.168.1.1???
Where can I find part 3? I only found part 2.
@@MelroyvandenBerg I can't remember, it's likely the high availability one.
@@Jims-Garage maybe you should create a separate playlist? And number the videos better. Plzz :)
Great video! One question, how do i access proxmox from a computer behind the opnsense?
I have 4nics, 0,1,2,3
0-proxmox
1-wan
2-lan (then dumb switch)
3-opt1
IF i run a cable from dumb switch to port0 on the machine... Would i be able to access proxmox via ip address assigned by vm-opnsense?
What's ur recommendation?
Thanks for the question, what do you mean "beyond" opnsense? I assume from the internet? If so, I recommend a VPN to connect back into your network, and then access via the local network. If you mean internally, you should be able to access via the IP as long as the correct firewall rules are in place. Happy to discuss more on Discord, it's a lot easier to converse.
Hi @Jims-Garage! can you please tell me for what have you set up the Nordvpn VM? I want to have some LXC container to run under a Nordvpn connection, i can do it if I set up a VM ? or how it be better to achieve this?
What do you want to achieve? In my video I show how to route a subnet over the VPN.
yes i want to route all my ARR suite and qbittorrent trought vpn. can you please indicate name of the video or on link where i can achive this. Thanks. And BTW amazing job! I realy like to watch and learn from you @@Jims-Garage
oh, you men by using opensense? but is there a way to use nordvpn on nordlynx to have better speed and then to route lxc container trought that vm ? i kno i can create openwrt router and do this, but then i will only use openvpn connection, and that one is slow @@Jims-Garage
@@petrut_u3137 it all goes through the firewall anyway so on the firewall is likely the most performant. Openvpn with UDP will saturate the NordVPN connection anyway. You can use WireGuard (nordlynx) but I find it temperamental, check my instructions for how to obtain your key.
Hi, I have two 2.5gbpe ports on a single mini pc on which i have proxmox running. Can you please guide me how i could configure opnsense WAN and LAN without a dedicated management interface? Can i somehow share the LAN interface along with proxmox mgmt interface?
@@viggyprabhu it's possible but you'll need to make use of vLANs.
@@Jims-Garage I am lost on how to achieve this e.g. should i add the vmbr0 twice to the opnsense VM one for mgmt and one for LAN?
You would assign the same vmbr (e.g. vmbr0 and vmbr1) to multiple VMs. You then want to vLAN tag it.
Ok Thanks. Will try that and see how it goes..
By any chance what’s the command to see what port is in use to see which is wan and lan?
ethtool -p eth0 120
Hello Jim. So I seem to be having an issue when setting up my system. My WAN interface is coming back as a LAN interface on opnsense. I currently have my server plugged into my ISP router and then I have a nic in the server that has a hard line to my PC and a Raspberry pi. I am not getting any connection through my hardline though I do see "unidentified network" in the bottom right hand corner for the ethernet port( I believe). If I put on my ports on one bridge in proxmox I can get connection to my PC so I know that the NIC does work. Any thoughts on what I may be doing wrong? Thank you for your time.
Could be a few things. Is DHCP enabled on the Lan interface? Can you change the interface type to wan for the ISP router link?
@@Jims-Garage Would that be in proxmox, opnsense, or my ISP router? From what I can see in the ISP router it is enabled.
@@halfthehalfer in OPNSense. Might be worth hopping in the Discord with some screenshots.
@@Jims-Garage That would be very helpful. Do you have a Discord channel?
Edit: Found it. Thank you
I followed the steps in this video have been able to access the GUI I can see that the WAN is connected and the LAN is connected yet I can’t connect to the Internet. What could be the issue here?
It's likely DNS. Check a ping to 1.1.1.1, if that works, then check ping google.com. If that doesn't it's likely DNS.
Thanks for your help! Got hardwired devices working but anything connected via the WAP (connected to the switch) doesn’t work. Is there some mapping. Perhaps it’s a DHCP thing?
Nice video. Curious, why no mention about pfSense?
Pretty much because OpnSense was more popular with my subs, plus there is still some lingering negative sentiment around what pfSense did.
I'll likely cover it in the near future.
@@Jims-Garage Thanks. I have been running pfSense since 2017. I am in my 60's now and have learned to be careful from the extra offerings, as they always have a catch. Since I am running the CE edition and I have so much time and knowledge invested, switching is not suitable option. I can understand the frustration. Several years back I switched from Cisco SMB managed switches SG-2xx/3xx to the Unifi. After the learning curve was over, I had 6 months of stable network. Then, it was nothing but issues. Too much to write to explain all the issues. I had two friends who also switched to the Unifi and they had issues as well. Some the same and some different. After 2 months of trying to fix the issues, ripped it out and put back my Cisco switches and was back to stable and still rock solid stable network. The Unifi had some nice features, but between buggy firmware and system issues and their changes to the cloudkey stuff and security issues. I see a lot of people using that product, but I will never try Unifi again. Thanks for sharing your knowledge with us.
thank you for amazing tutorial video, actually I install proxmox on Zima board and when I try to install opnsense on Zima board after rebooting without usb the Zima board boot on proxmox os NOT opnsense so is there any ways to install opnsense on internal storge of Zima board? thanks agin
i am facing problem while i am installing it
the WAN PPPOE will be open on the GUI and i can't access the GUI from the LAN
and I don't know how to flip it and if i create new interface the traffic will move from LAN to WAN to The new subnet that i open the gui on it
and if i removed the WAN Cable i can't access to that GUI
Bartoletti Lakes
Never been, is it nice?
Why do you use RAID10 instead of RAIDZ2? With RAIDZ2, any 2 drives can fail, but with RAID10, if you lose a certain 2 drives, your array goes down.
Thanks, it's for performance. Everything is backed up to raidz2 on TrueNAS with Proxmox Backup Server (an earlier video).
@@Jims-Garage When you say 'performance' what exactly do you mean?
@@NetBandit70 when testing I had better iops and writes in raid10 vs raidz2 (writes are limited to single drive speed in raidz2 is my understanding).
So I share a house with internet and I cannot have my own separate internet but want to have my own network and home lab setup. So you mentioned setting up this firewall behind your Sophos. So wanted to ask, currently I have my pfsense/opnsense box's WAN port plugged into a DMZ'ed port on the house router and I have assigned it a static IP. Then the LAN is on a different IP range for all my devices behind the firewall. Does this sound OK??? Is there any setting I need to use in either pfsense or opnsense to use this sort of setup??? Thanks for your videos!
No, that setup should work fine. It's very similar to pfSense.
@@Jims-Garage I just read in pfsense there are settings to block bogon addresses or something like that and I was worried it will block this setup... So wasnt sure. Trying to learn this stuff and its not easy!!!
@@neccros007 Shouldn't be an issue. At wors it'll require some configuration on the firewall rules
@@Jims-Garage Which currently I have no clue how to do!! :) I'm just starting on this journey
@@neccros007 I'll cover rules in part 2
Hi! , do you need a second network interface card for lan if you only need to use vlans for proxmox vms on the same node were opensense is running on? I wouldnt be able to connect my proxmox wan directly to the modem.
No, you can do everything on 1 NIC if you're savvy with vlans. I prefer 2 as it makes things easier and less prone to lockout (at least in my simple brain).
@@Jims-Garage thanks, should i just create a new bridge for the lan and assign the same network interface of vrb0 (wan) to it? Or would i need an external managed switch? Im quite confused to be honest.
I210 only has one port?
Yes. I350v2t4 has 4
need two nic card ???
@@rainnetweb technically you can do it with 1 and vLANs but 2 makes life simpler.
how do i install poxmox
@@Wintercube-pu2qm check one of my earliest videos
@@Jims-Garage thx
Hello! Why no pfSense ?
OPNSense is more popular and there's generally bad sentiments around what happened. I might cover it in the future.
and because is unbelivable how sophos is not already run out off buissnes yet XD
i came from LTT
Thanks for commenting, honoured to be recommended 😁
Jim, great Guide - but I suspect (given your expereince) you might not know (or even remember) how much real beginners do not know. Pro Tip - If you call it a Beginner's Guide, then dont start with a whole bunch of Virtual IT jargon that they wont understand. Suggest you do it again on a mini pc and install it with a usb drive - like most people out there will have to do...
Its not a beginner virtual machine guide its a beginner opnsense guide
@@MrWewill11 Precisely what I was thinking - @Jims-Garage - Awesome as always - thanks!!
I don't get it. Why do I need a WAN? My router connects to the ISP, I have no idea how to make it not do that if I wanted my OPNSense to connect to it instead. I feel like this video was framed as "from scratch" but there's a huge gap if we're not talking about what to do on the router (even if it is with 1000 caveats about different hardware, different interfaces etc.).
I'm gonna have to watch something else to figure out what I'm doing. ChatGPT told me I don't need a WAN but I'm still trying to get my head around all of this.
Hey, start with understanding the basics. The wan is a wide area network, in most cases the internet, this is an untrusted network. Typically you want to put your ISP router into modem only mode, this allows your firewall (in this case OPNSense) to handle the connection and routing. If you're unable to do that, you'll need to plug the ISP router as is into your firewall wan port. This will be double natted but it should be fine. It simply means you would have to port forward on both devices.
The reason you have a wan and Lan port is to separate traffic between local and outside. All your local devices connect to the Lan, internet to the wan. This way you control what can enter and leave your network. Hope that helps.
Don’t use UFS !UFS is a piece of crap and gets corrupted all the time. I know it’s a virtualized install and in theory you should have backups! But still!
Thanks, I'll take a look at that. One of my videos is on restoration, so I can use that as an opportunity to address it.
UFS is fine. Netflix uses it for their CDN to delivery series and movies.
Beginner's guide?? On Proxmox??? Not to mention the 4k screen with tiny unreadable text and no zooms to help out.
Hmm, I can read it on my phone fine. Ignore that it's in a VM, it was simply to show the installation process which is pretty simple and the same regardless. I do recommend using it Virtually though for all of the benefits it provides.
Are you on crack?
It's beginner I guess
@@Jims-GarageI can read it on my iPad just fine. Such great content!