I’m planning out a proxmox box with an OPNsense VM for an upcoming build. I want to consolidate multiple little boxes into one more capable device.
I was planning on using a dual port NIC that I would passthru to the OPNsense VM. I like the idea of the WAN interface being piped directly to the VM rather than passing through the host and being presented as a virtual device. But that means BSD has to play nice with it and as I understand it, BSD network drivers can be temperamental and intel’s drivers are just better.
I was looking at using a cheap dual port intel 226v NIC for this, but intel’s not in a great place right now so I’d like to consider other options. Everywhere online, people scream “only use intel NICs for this” but I find it ridiculous that in 2025, nobody else has managed to make stable drivers for their hardware in this use case.
What are your experiences with non-intel NICs in OPNsense?
You must log in or # to comment.
Intel’s current corporate nonsense doesn’t affect the quality of existing products. They will continue to be supported under Linux and BSD for a long time.
Oh i know they arent going to rip out existing support over this drama, but I really want to cut intel out of things wherever I can anyway. They have been on my shit list for years over corporate assholery. But now if they fail or break up or spin off divisions, the new owners of the networking division could theoretically throw the stability of that line into question so since I’m starting from a clean slate, I’d like to just avoid all that if possible.
I personally would keep a Firewall and a access point
I personally like OpenWRT since it is Linux based
I was considering IPFire if OPNsense doesnt play out well.
Isn’t that for VoIP?
I just attached the host NIC to OPNSense and then have a vxlan in proxmox to make the VM network separate from the rest of my home network. Both the host NIC and the vxlan virtual NIC are attached to the VM.
The OPNsense VM acts as a router between the two networks. I host all my shit on the VM network under *.internal.legit.tld and use LetsEncrypt + Traefik to issue SSL certs which work without having to load a CA cert everywhere because I own legit.tld
The only bastard was having to adjust the MTU everywhere within the VM network, that caught me out a couple of times
Why did you choose Vxlan over regular vlans?
Are you running EVPN-Vxlan at all?
My proxmox “cluster” is a bunch of old laptops with a single consumer grade NIC in each. I wanted to isolate the VM network from my main home network (have it on a different range) while still allowing all the VM’s to transparently talk to each other regardless of which physical host they happen to be on.
Could I have achieved this with normal vlans? I wanted an overlay network on the VM side but they still need to use my main home network to get internet and I only have a single physical interface on each host which is plugged into my main home network (addresses assigned via my home router).
The OPNsense VM routes between the two networks (the virtual vxlan within Proxmox + my physical home network) and does DHCP / DNS for the VM network
Vxlan is way overkill
It would be way more performant to use 802.1q vlan tags
Wouldn’t all my consumer grade switches need to support vlan tagging? I’m pretty sure a bunch of them dont
Why the MTU change?
Proxmox requires subtracting 50 from the MTU so it can store it’s vxlan information in the packet.
From the docs:
Because VXLAN encapsulation uses 50 bytes, the MTU needs to be 50 bytes lower than the outgoing physical interface.
It’s super annoying but I couldn’t see another way of having vms be able to talk to each other transparently regardless of which node they are on
Ah, ok, good to know, thanks
Intel or no Intel, it’ll be fine. Personally though for your primary router, I recommend you get 10G if you aren’t doing that already. Even if you won’t use it yet, get it now and thank yourself later
well it’s just for a home network and theres nothing I have that will ever need 10G. I energy consumption is higher and equipment costs are higher on 10G as well. I’ll likely be on gigabit for quite a bit but I’m planning the 2.5G as a compromise for future upgrades.
