this post was submitted on 20 Aug 2025
29 points (91.4% liked)

Selfhosted

52330 readers
804 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
29
choosing a NIC for OPNsense (sh.itjust.works)
submitted 2 months ago by muusemuuse@sh.itjust.works to c/selfhosted@lemmy.world
28 comments fedilink hide all child comments
 

I'm planning out a proxmox box with an OPNsense VM for an upcoming build. I want to consolidate multiple little boxes into one more capable device.

I was planning on using a dual port NIC that I would passthru to the OPNsense VM. I like the idea of the WAN interface being piped directly to the VM rather than passing through the host and being presented as a virtual device. But that means BSD has to play nice with it and as I understand it, BSD network drivers can be temperamental and intel's drivers are just better.

I was looking at using a cheap dual port intel 226v NIC for this, but intel's not in a great place right now so I'd like to consider other options. Everywhere online, people scream "only use intel NICs for this" but I find it ridiculous that in 2025, nobody else has managed to make stable drivers for their hardware in this use case.

What are your experiences with non-intel NICs in OPNsense?

you are viewing a single comment's thread
view the rest of the comments
[–] lightnegative@lemmy.world 1 points 1 month ago* (last edited 1 month ago) (2 children)

I just attached the host NIC to OPNSense and then have a vxlan in proxmox to make the VM network separate from the rest of my home network. Both the host NIC and the vxlan virtual NIC are attached to the VM.

The OPNsense VM acts as a router between the two networks. I host all my shit on the VM network under *.internal.legit.tld and use LetsEncrypt + Traefik to issue SSL certs which work without having to load a CA cert everywhere because I own legit.tld

The only bastard was having to adjust the MTU everywhere within the VM network, that caught me out a couple of times

[–] possiblylinux127@lemmy.zip 1 points 1 month ago* (last edited 1 month ago) (1 children)

Why did you choose Vxlan over regular vlans?

Are you running EVPN-Vxlan at all?

[–] lightnegative@lemmy.world 1 points 1 month ago* (last edited 1 month ago) (1 children)

My proxmox "cluster" is a bunch of old laptops with a single consumer grade NIC in each. I wanted to isolate the VM network from my main home network (have it on a different range) while still allowing all the VM's to transparently talk to each other regardless of which physical host they happen to be on.

Could I have achieved this with normal vlans? I wanted an overlay network on the VM side but they still need to use my main home network to get internet and I only have a single physical interface on each host which is plugged into my main home network (addresses assigned via my home router).

The OPNsense VM routes between the two networks (the virtual vxlan within Proxmox + my physical home network) and does DHCP / DNS for the VM network

[–] possiblylinux127@lemmy.zip 1 points 1 month ago (1 children)

Vxlan is way overkill

It would be way more performant to use 802.1q vlan tags

[–] lightnegative@lemmy.world 2 points 1 month ago

Wouldn't all my consumer grade switches need to support vlan tagging? I'm pretty sure a bunch of them dont

[–] Cyber@feddit.uk 1 points 1 month ago (1 children)

Why the MTU change?

[–] lightnegative@lemmy.world 2 points 1 month ago (1 children)

Proxmox requires subtracting 50 from the MTU so it can store it's vxlan information in the packet.

From the docs:

Because VXLAN encapsulation uses 50 bytes, the MTU needs to be 50 bytes lower than the outgoing physical interface.

It's super annoying but I couldn't see another way of having vms be able to talk to each other transparently regardless of which node they are on

[–] Cyber@feddit.uk 1 points 1 month ago

Ah, ok, good to know, thanks