Unraid with pfsense VM or standalone pfsense hardware?



  • So I'm torn whether to use the unraid build I have with an E31231v3 Xeon processor on a supermicro X10SL7F board or to build dedicated hardware for the pfsense.

    The application is a home application where I want to use it for vpn. There are only a few people in the house and the current isp connection, when tested, is approximately 50/15. I do run a smal business from the house.

    I guess this would bring me to the question. Why should I use one method or the other? Is one going to be more reliable and secure over the other? I definitely want it to be both of those as I hate messing with things once they are properly configured and should be running on their own.

    Any input or advice is greatly appreciated.



  • Bump. Anyone?


  • LAYER 8 Global Moderator

    I currently run my pfsense on a 80/10 connection and have not problems..  I vpn into pretty much every day from work..  Running on a old HP N40L microserver with multiple other vms running 24/7/365 with one being a file server/nas vm… Not having any issues with performance at all.  I would think that more than capable of running a pfsense vm.

    Since you currently have the hardware, not sure why I would buy new to run pfsense..  Does your current box have more than 1 nic?  You really going to want at min 2 nics - one for the wan connection and then 1 for your lan side..



  • You didn't say how much memory you have but I would look at putting a Virtualization software on the box and run a virtual PFsense on top.
    You should be able to use the box for more than just PFsense

    I only got a 2 mbit line but my virtual PFsense got 512 mb ram and it uses very, very little CPU



  • I have 8GB or RAM, but can max out at 32GB, so that's not an issue at all. The machine is plenty powerful enough and I have a dual Intel pro 1000 PT NIC on the way. I don't think it will hold back my connection speed at all.

    The real question is the downside to running pfsense in a VM? Is it less secure? Less effective? Performance not as good?

    I know one downside is when performing maintenance on the machine, my internet connection would be down, but it is seldomly ever down and rarely for more than a few minutes when it is. In an emergency situation, I could always throw the router back to default settings and run back on the router to get things on the network going again. That would only happen if I needed a replacement part for the machine that needed to be ordered.

    Thanks for any/all input.



  • In theory there are a few cons:

    Less secure since you have more software on the box - In reality this isn't a problem. A huge amounts of major companies and organisations runs their firewalls as virtual machines.

    The virtualization layer will need some resources - you got more than you need anyway :)

    A little more complex to set up - Yes but there is knowledge on this forum and other places on how to do it right (I use Hyper-V myself)

    there are som Pro:s too

    Create a snapshot before an uppgrade - Ie you have a copy of the virtual machine before the upgrade. If it fails just revert to the snapshot.

    Use the rest of the box - Since you now got a virtualization system on the box you can put a virtual NAS on it for example.



  • Thanks, I'm leaning more toward virtualizing it. I'm running unraid and can install VMs through KVM functionality that is built in. Do you see any issues or reliability problems with this?



  • @Live4soccer7:

    Thanks, I'm leaning more toward virtualizing it. I'm running unraid and can install VMs through KVM functionality that is built in. Do you see any issues or reliability problems with this?

    I have no own experiance with KVM but it should be doable (I use Hyper-V myself).
    https://doc.pfsense.org/index.php/VirtIO_Driver_Support
    https://forum.pfsense.org/index.php?topic=45089.0

    KVM is a mature and reliable hypervisor so no, I don't see any specific issues with this.



  • Thank you very much for that information!


Log in to reply