I recently decided to completely go off the deep end and try a router OS like pfSense. This would replace my current EdgeRouter X, which I absolutely love and still adore, but I wanted to try something a little different. What would it be like to take the Ethernet cable from the modem, and plug it straight into my server?
Doing some research in the r/homelab subreddit, I found out that if you do not dedicate a NIC (Network Interface Card) to the virtual machine, it will crank all the CPU threads that are allocated to it, to 100%. So I bought a cheap, but still decent gigabit, two port, Intel NIC. The NIC arrived, I turned off my server, unracked it, opened it up, and completely forgot that the server did not come with a PCIe riser.
After doing a ridiculous amount of research, looking for the exact riser for my R430, I was lucky enough to snag one for <$20. It took an absolutely ridiculous amount of time to find the correct part number for it, since there are so many different riser cards for each iteration of Dell PowerEdge servers. Luckily I found one, and I was off to the races.
First, I first needed to create two switches in ESXi, on the machine that the new NIC was installed on:
With each of them being dedicated to one of the two NICs that I just recently installed, like the following:
From here, I was able to add each vSwitch to a port group, and after creating a port group – I was able to add the two networks that I created, WAN and LAN to a VM.
I was sure to write down the MAC addresses of each of the NICs, so that when I created the VM, I knew what MACs to assign WAN and LAN.
I first tried out pfSense, since that seemed to be what everyone else was using, and there seemed to be a lot of troubleshooting guides for it online. I was running into issues when I could VPN into my network, to a server behind the gatway. The UDP would (by creation) be stateless, and pfSense would kill the connection after 60 seconds. After looking around online for some answers, I found that if you tweak some settings and allow sloppy states, that it should allow you to connect without a time limit.
However, no matter what I tried, the darn thing kept sniping the UDP session of my WireGuard VPN.
So that is why I decided to go on a limb and install OPNsense as my edge gateway. After doing a fresh install of OPNsense, and setting it up with the default settings, I decided to go out on a limb and see if the VPN connection still worked after a period of time. To my surprise, it did. With absolutely no issues, after any amount of time. From this point on, I knew that I was sold on OPNsense. To this day, I still use it, have created VLAN interfaces with it, added DHCP leases, added IPS/IDS plugins to it, etc. and have had no issues.
It has lots of wonderful functions, that you would expect from a routing software.