I’m planning out a proxmox box with an OPNsense VM for an upcoming build. I want to consolidate multiple little boxes into one more capable device.
I was planning on using a dual port NIC that I would passthru to the OPNsense VM. I like the idea of the WAN interface being piped directly to the VM rather than passing through the host and being presented as a virtual device. But that means BSD has to play nice with it and as I understand it, BSD network drivers can be temperamental and intel’s drivers are just better.
I was looking at using a cheap dual port intel 226v NIC for this, but intel’s not in a great place right now so I’d like to consider other options. Everywhere online, people scream “only use intel NICs for this” but I find it ridiculous that in 2025, nobody else has managed to make stable drivers for their hardware in this use case.
What are your experiences with non-intel NICs in OPNsense?
You must log in or # to comment.
I personally would keep a Firewall and a access point
I personally like OpenWRT since it is Linux based
I just attached the host NIC to OPNSense and then have a vxlan in proxmox to make the VM network separate from the rest of my home network. Both the host NIC and the vxlan virtual NIC are attached to the VM.
The OPNsense VM acts as a router between the two networks. I host all my shit on the VM network under *.internal.legit.tld and use LetsEncrypt + Traefik to issue SSL certs which work without having to load a CA cert everywhere because I own legit.tld
The only bastard was having to adjust the MTU everywhere within the VM network, that caught me out a couple of times
Why did you choose Vxlan over regular vlans?
Are you running EVPN-Vxlan at all?
Why the MTU change?
Proxmox requires subtracting 50 from the MTU so it can store it’s vxlan information in the packet.
From the docs:
Because VXLAN encapsulation uses 50 bytes, the MTU needs to be 50 bytes lower than the outgoing physical interface.
It’s super annoying but I couldn’t see another way of having vms be able to talk to each other transparently regardless of which node they are on
Ah, ok, good to know, thanks
Intel’s current corporate nonsense doesn’t affect the quality of existing products. They will continue to be supported under Linux and BSD for a long time.
Oh i know they arent going to rip out existing support over this drama, but I really want to cut intel out of things wherever I can anyway. They have been on my shit list for years over corporate assholery. But now if they fail or break up or spin off divisions, the new owners of the networking division could theoretically throw the stability of that line into question so since I’m starting from a clean slate, I’d like to just avoid all that if possible.
Just go get any of the enterprise parts from a couple years ago. Mellanox, lucent, qlogic, hpe, these are all fairly well supported by freebsd.
I would avoid Broadcom and Realtek, they are better supported today, but performance is an issue.
enterprise wont likely support 2.5gig which is what I’m targeting for this build. 10 gig is too expensive and power hungry for my tastes but 2.5 or 5 should be fine.
10 gig sfp+ isnt that expensive or power hungry anymore. You can get a new switch for ~100$ now. A complete 2.5 gig network is probably more expensive as you can’t really get used nics.
10 gig sfp+ isnt that expensive or power hungry anymore. You can get a new switch for ~100$ now. A complete 2.5 gig network is probably more expensive as you can’t really get used nics.
I need VLANs and I’m planning some PoE+ stuff too, meaning higher costs though now that I think about it those are probably more common in 10Gig switches anyway. But that still means they are consuming more power, making more heat, making more noise from fans…
VLANs don’t really enter into the equation here. They are layer 2 and will be important for switch choice, but not for NICs.
Poe does add some complexity, so sfp+ will no longer be a good category for this. You will essentially be reduced to a handful of models for 2.5 or 5g without specs.
You might be at the point in your planning where you need to evaluate why you need 2.5g in the first place. There are very few use cases for 2.5g in the home as it is.
its basically a bit of futureproofing. 1 gig is fine for my home but I want the option to go a step further if I want to later.
You can take a look at mikrotik, their switches are really cheap and some of them are even layer 3, but I don’t know about their availability in the US.
I don’t have one yet, but their 4 port 100 gig switch looks verry tempting.
If you end up going with Intel anyway, avoid I219-LM (e.g. IBM I340-T2), it has issues where you need to run some commands on startup to disable some of the NIC’s features so that it doesn’t lose connection for a few m every few days. It’s pretty old so you probably won’t end up using it, but just putting it out here.
I know you’re looking for non-intel solutions but here is my setup-
Mobo r8169 is the management interface for proxmox.
X710 4 port:
3 ports passed as a a single vmbr for LAN:
- 1 fiber optic to detached building
- 1 DAC to core switch
- 1 DAC to workstation
1 port passed as vmbr for WANThat config was sorta inherited by trying to pass other non-intel nics as pcie and failing. I needed an sfp for the fiber run so I got that 4 port Intel card. It works well enough that I haven’t bothered to reconfigure it to pass the Intel as pcie.
Intel or no Intel, it’ll be fine. Personally though for your primary router, I recommend you get 10G if you aren’t doing that already. Even if you won’t use it yet, get it now and thank yourself later
well it’s just for a home network and theres nothing I have that will ever need 10G. I energy consumption is higher and equipment costs are higher on 10G as well. I’ll likely be on gigabit for quite a bit but I’m planning the 2.5G as a compromise for future upgrades.
I use several dirt cheap ($20) tp-link branded 1Gig cards, they probably just have a crappy realtek chip.
Absolutely no issues.
But, again, is just a simple home network.
Bump. Would also like to know
