I have the same set up for pfSense on Proxmox, no PCI-E passthrough, only on bridges and as Virtio Devices inside VM. But I have LAN bridge attached also to my VMs and containers with no issues at all. Works like this since one year

As someone who has struggled with OPNsense on Proxmox, I'd have to say superb tutorial. What kind of network card/nics do you suggest? I hear couple of contradicting opinions on Intel cards/nics. Some people say that they are the most all around and the only ones that work great with OPNsense. Others say that they have run into unbeatable issues with Intel cards/nics. 5:11 -> One other thing I do is select the type of Gues OS and set "Other". Since OPNsense is FreeBSD which is not essentially Linux. 16:12 -> Why UFS and not ZFS since your disc is already ZFS, and in general ZFS formatting gives some great benefits? Additional questions: Why set always active the physical NICs? Mine were set to not auto-start for a lot of time now and everything seems to work. What's the downside or what's the gain from auto-starting ? Same question for Firewall on vmbridges. Any particular reason to turn it off ?

Iommu tutorial would be great thanks

Thanks for explaining that I need a bridge reserved for the proxmox and other VMs. Was struggling with this, and wasn't really obvious for me. So basically if I have a 6 port network card, 1 port is proxmox and VMs, 1 port will be WAN and the rest 4 ports will be LAN. Did I get that right?

So now you have opnsense separated by a physical network from proxmox. The question is how to route VMs and proxmox management interface through opnsense? Cheers

Excellent work! Thank you.

Hey bud, about the problem that you've mentioned that VMBR having issues If you use it for more than just one VM. I think that you might have a problem when you do vlans inside of your vm, and let other people use it. I would suggest to add as many network interfaces as you want to have vlans into VM, while tagging those inside of proxmox and enabling "vlan aware". That way you VM will see (let say) 10 interfaces, while other VM's will be able to use same bridge as router VM.

Do you know the performance difference between pci pass through and linux bridges? I would assume that for a gigibit nic most modern hardware wouldn't have a problem???

First you won't be limited to 10G with virtio. It's just the linkspeed it's advertising but it can do a lot more. Secondly there's very little memory overhead in running a VM (a couple megs), but the VM will do caching of all sorts of things, but mostly Filesystem. So that's totally normal, the memory usage presented in the Opnsense is what it would use if you'd discard the cache. The cache will shrink when more memory is going to be allocated in the VM, so you won't see any crashes unless you do some DPI and stuff.

What are you adding storage?

Thanks for the content. One thing im struggling to understand, do you not need a functioning router first that the proxmox server is connected to and the pc connecting to it to manage it? So at what point will the opnsense firewall take over the Lan

Hey, thanks for your work. 👍 can someone explain me the reason for adding a new storage drive?

I wish this were possible with only 2 physical NICs.