All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Has anyone got pfSense/opnSense running on a VPS?
CloudHopper
Member
I've been trying to get an OpnSense firewall running on a VPS, but because it only has a single "physical" NIC provisioned from Proxmox I haven't been able to get the LAN/WAN ports to bind separate interfaces.
I've tried creating/assigning all the BSD virtualized interfaces I've figured out how to generate, (TUN/TAP/VPN and "cloned_interfaces"), but OpnSense doesn't allow me to bind any of them as the WAN/LAN interface...and until I can get both interfaces configured it won't let me access the WebUi and have external internet access.
I've seen that it should be possible to set it up with VLANs, but the instructions I've read either require direct access to the switch, (which I obviously don't have), or configuring it through the WebUI, which I haven't managed to setup properly yet.
I should also add that I've never set this up before so I could be missing something obvious. I'm planning to deploy my own Proxmox instance to see if I can get it working that way and understand exactly what it needs, but if anyone has experience/suggestions about deploying BSD firewalls on VPSs I'd be interested to hear them.
Comments
Running OPNsense on a VPS with just one NIC is tricky but doable. I think the best way is to use VLANs by creating separate VLANs for WAN and LAN during setup, even if it's all virtual. This tricks OPNsense into thinking there are two interfaces.
If you're using Proxmox, you can try to add a second virtual NIC or set VLAN tags on the existing one and see if its working or not
I'm not clear on the specific setup in your case.
If you "own" the host (i.e. running Proxmox), you should create a couple of bridge interfaces - one for WAN and one for LAN and assign them to the pfSense/OPNSense VM and go from there.
You can forward all or selected incoming traffic on the host network to the WAN interface and then do the rest of your network management via the firewall GUI.
If you have only ONE nic for OPNSense, there's not much you can do without VLANs (which again requires some host node support/configuration) and it's much simpler to just go with the multiple virtual NICs route.
Sorry, it's probably not clear what I'm trying to do.
My objective is just to setup OpnSense on a "typical" VPS, (with a couple of external IPs), from a LET provider. As standard it only comes with one vNIC and the normal access a customer has, (SSH, VNC etc).
As I haven't ever set it up before, and it's not currently working, I'm going to deploy a local Proxmox instance and go through the process to set it up so I'm not completely blind as to how it should work.
The ideal solution would be to get the provider to provision a second vNIC on the VPS, but I'm just not sure how practical that is so I'm trying everything else first to see whether I can figure out a different solution for it.
Yeah... that's not going to fly. Besides I'm confused on what you intend to achieve by running a firewall with nothing else to do anything with the firewalled traffic.
Once you setup your own Proxmox instance (and atleast 2 virtual NICs to give the firewall WAN+LAN) you'll understand what the provider has to do.
If YOU run Proxmox on the VM (assuming it does support VMX/SVM), then you of course can do everything and you should be all set with just a single "real" NIC+IPs from the provider.
Good luck!
I much prefer vyos on a vps
@CloudHopper join this channel in Discord and the community can help you out with this.
https://discord.gg/GYa8MmfA