I’d like to install an open source router/firewall OS on a Proxmox VE VM on a Protectli FW6D but I’m unsure which OS to pick.
I was leaning towards pfsense but I recently read that they’re now blocking features behind a paywall.
I’ve come across opnsense, ddwrt, and opnwrt as alternatives but would appreciate it if someone can provide insight into which option would be best.
Background:
I have a Proxmox VE server running an Ubuntu VM with Emby, Sonarr, Radarr, NZBGet, Transmission, Prowlarr, Bazarr, & Portainer in Docker containers. It’s a 150tb machine running snapRAID, MergerFS, & a daily sync crontab that emails a report once completed. PCIE passthrough NVIDIA Quadro P2000 and LSI 9201-16i HBA. I want to eventually add a Home Assistant VM to this machine.
Also have a Raspberry Pi 4 running Debian with Pi-Hole and Wireguard VPN. I want to eventually switch this to Proxmox VE with a secondary Pi-Hole VM and a Magic Mirror VM.
Which brings me to the new Protectli. I want Proxmox VE so I can create a cluster. I’d also like the primary Pi-Hole VM on it. I’m unsure if this is even possible but a backup Home Assistant VM that works when I’m working on the main server would be amazing.
So is there an open source router/firewall os that would be best for this scenario?
Or is there anything else I should consider before diving into this project?
Whenever people ask for router OS (VM or physical) I’d always recommend OpenWrt. Come with WebUI by default (unlike Vyos) and you can do advanced CLI configuration with familiar Linux utils (unlike *sense), and for most users you really just want to do some VLAN so it is perfectly suitable. A bonus is that you could use the same UI for your router and AP, so even easier
Generally you will know when your demand is beyond OpenWrt’s capability (usually when you can’t find the required package in opkg), and by then you probably know the answer to this question better.
Do you know if OpnSense allows you to have the same UI for the router and AP? I’m leaning towards either OpenWrt or OpnSense but still looking into the pros/cons between the two.
What this person means by “using the same UI for your router and AP” is that by installing OpenWRT on both your virtualized wired router and your Wi-fi access points, you don’t have to learn two different web UIs to configure networking. If you have an existing wireless setup that you don’t really want to screw with that doesn’t have OpenWRT already, then that doesn’t really apply.
OpnSense is the way to go. It has a good web UI. It’s robust, featureful, and has wide and growing deployment.
Pfsense is mired in controversy, they attacked their peers, and the owners are not honest. The open source Opnsense project had to appeal to the WIPO to force Pfsense to give them their named domain after Pfsense squatted on it and posted inflammatory messages. They aren’t great stewards.
i like vyos a lot
Really depends on whether you’re more comfortable with a WebUI or Command line.
pfSense CE is still perfectly fine, and a lot of features that are behind the paywall are more for commercial users, less for homelabs/home users.
If you are still worried, then Opnsense is a pfSense alternative that’s built from the same base as pfSense as it was forked from pfSense a few years ago.
Also, you won’t be able to run Proxmox on the Pi. There is Pimox, but I don’t know how that would behave if it was in a cluster with Proxmox.
OPNSense. No issues.
