Unraid with pfsense VM or standalone pfsense hardware?
-
So I'm torn whether to use the unraid build I have with an E31231v3 Xeon processor on a supermicro X10SL7F board or to build dedicated hardware for the pfsense.
The application is a home application where I want to use it for vpn. There are only a few people in the house and the current isp connection, when tested, is approximately 50/15. I do run a smal business from the house.
I guess this would bring me to the question. Why should I use one method or the other? Is one going to be more reliable and secure over the other? I definitely want it to be both of those as I hate messing with things once they are properly configured and should be running on their own.
Any input or advice is greatly appreciated.
-
Bump. Anyone?
-
I currently run my pfsense on a 80/10 connection and have not problems.. I vpn into pretty much every day from work.. Running on a old HP N40L microserver with multiple other vms running 24/7/365 with one being a file server/nas vm… Not having any issues with performance at all. I would think that more than capable of running a pfsense vm.
Since you currently have the hardware, not sure why I would buy new to run pfsense.. Does your current box have more than 1 nic? You really going to want at min 2 nics - one for the wan connection and then 1 for your lan side..
-
You didn't say how much memory you have but I would look at putting a Virtualization software on the box and run a virtual PFsense on top.
You should be able to use the box for more than just PFsenseI only got a 2 mbit line but my virtual PFsense got 512 mb ram and it uses very, very little CPU
-
I have 8GB or RAM, but can max out at 32GB, so that's not an issue at all. The machine is plenty powerful enough and I have a dual Intel pro 1000 PT NIC on the way. I don't think it will hold back my connection speed at all.
The real question is the downside to running pfsense in a VM? Is it less secure? Less effective? Performance not as good?
I know one downside is when performing maintenance on the machine, my internet connection would be down, but it is seldomly ever down and rarely for more than a few minutes when it is. In an emergency situation, I could always throw the router back to default settings and run back on the router to get things on the network going again. That would only happen if I needed a replacement part for the machine that needed to be ordered.
Thanks for any/all input.
-
In theory there are a few cons:
Less secure since you have more software on the box - In reality this isn't a problem. A huge amounts of major companies and organisations runs their firewalls as virtual machines.
The virtualization layer will need some resources - you got more than you need anyway :)
A little more complex to set up - Yes but there is knowledge on this forum and other places on how to do it right (I use Hyper-V myself)
there are som Pro:s too
Create a snapshot before an uppgrade - Ie you have a copy of the virtual machine before the upgrade. If it fails just revert to the snapshot.
Use the rest of the box - Since you now got a virtualization system on the box you can put a virtual NAS on it for example.
-
Thanks, I'm leaning more toward virtualizing it. I'm running unraid and can install VMs through KVM functionality that is built in. Do you see any issues or reliability problems with this?
-
Thanks, I'm leaning more toward virtualizing it. I'm running unraid and can install VMs through KVM functionality that is built in. Do you see any issues or reliability problems with this?
I have no own experiance with KVM but it should be doable (I use Hyper-V myself).
https://doc.pfsense.org/index.php/VirtIO_Driver_Support
https://forum.pfsense.org/index.php?topic=45089.0KVM is a mature and reliable hypervisor so no, I don't see any specific issues with this.
-
Thank you very much for that information!
