I’m planning out a proxmox box with an OPNsense VM for an upcoming build. I want to consolidate multiple little boxes into one more capable device.

I was planning on using a dual port NIC that I would passthru to the OPNsense VM. I like the idea of the WAN interface being piped directly to the VM rather than passing through the host and being presented as a virtual device. But that means BSD has to play nice with it and as I understand it, BSD network drivers can be temperamental and intel’s drivers are just better.

I was looking at using a cheap dual port intel 226v NIC for this, but intel’s not in a great place right now so I’d like to consider other options. Everywhere online, people scream “only use intel NICs for this” but I find it ridiculous that in 2025, nobody else has managed to make stable drivers for their hardware in this use case.

What are your experiences with non-intel NICs in OPNsense?

  • lemming741@lemmy.worldEnglish
    3·
    4 months ago

    I know you’re looking for non-intel solutions but here is my setup-

    Mobo r8169 is the management interface for proxmox.

    X710 4 port:
    3 ports passed as a a single vmbr for LAN:
    - 1 fiber optic to detached building
    - 1 DAC to core switch
    - 1 DAC to workstation
    1 port passed as vmbr for WAN

    That config was sorta inherited by trying to pass other non-intel nics as pcie and failing. I needed an sfp for the fiber run so I got that 4 port Intel card. It works well enough that I haven’t bothered to reconfigure it to pass the Intel as pcie.

  • lightnegative@lemmy.worldEnglish
    1·
    4 months ago

    I just attached the host NIC to OPNSense and then have a vxlan in proxmox to make the VM network separate from the rest of my home network. Both the host NIC and the vxlan virtual NIC are attached to the VM.

    The OPNsense VM acts as a router between the two networks. I host all my shit on the VM network under *.internal.legit.tld and use LetsEncrypt + Traefik to issue SSL certs which work without having to load a CA cert everywhere because I own legit.tld

    The only bastard was having to adjust the MTU everywhere within the VM network, that caught me out a couple of times