OP here, for some clarification. I am wanting some separation between “machines”. It doesn’t make sense to have a box for pfsense, a box for media hosting, a box for testing, when a single cpu and 8Gb of ram handle all of it. I know I don’t want a desktop OS to run the vm’s as that is a waste of resources, though we can split hairs there too.
What I am new to is vm host os, like unraid/proxmox.
There also seems to be an equal amount of people saying virtualizing pfsense is a good or bad idea. Or as @noenken pointed out IPFire looks good too.
It may be that I need dedicated hardware for routing, but it makes more financial sense to buy hardware to do more than one thing.
I would recommend a cheap POS pc with a NIC for pfsense and a seperate machine to virtualize and do whatever else you want to do.
Do you not have any old junk computers laying around? Go to the thrift store or something and find an old optiplex with 2 cores and 2 gbs of RAM and it’ll be more than you’ll ever need for pfsense
Thanks for the recommendations, I still would like to have one machine to do it all, but it might be more cost effective find something cheap and build another machine around an older ryzen
As has already been pointed out, there are lots of ways to do all of this and trade offs for any choice you make. But since I’m a bit of a cheapskate, I’ll add my 2 cents.
What I’ve done in the past is hit up ebay for cheap, old servers. I got my first one for $200. Then I just added to that as I had money. I got an external drive enclosure and started adding drives. Its ugly and loud, but I keep it in my basement. Commercial grade servers can last a long time if you take care of them. I haven’t had one die on me yet, but there is always a risk with used hardware.
I’m a fan of proxmox. I use it at work, and it is a great product. The web interface is easy to use, but since it has a full Debian OS underneath, you can script anything you feel like.
I’ll add a vote for not virtualizing pf-sense, at least not if it is your primary Internet gateway. Not only do you have the added complexity in your network stack, but if you have a hardware failure on your primary machine, your entire house won’t have internet until you jerry-rig something. I’d recommend using something off the shelf as your gateway and run a 2nd network for yourself behind pf-sense if you want to play with it. But you can get a brand-new, dedicated box for pf-sense that costs less than $200.
Thanks @dkscudder, I am definitely trying to save money where I can. I plan on repurposing my off the shelf wireless router as an access point once I have my router up. So if it ever goes down I can switch one cable and change one setting on the wireless router and be fine.
I like the idea of Proxmox being Debian, and IPFire also is Debian. I do have some experience with linux but not in the routing world.
As far as loud servers goes, I’m in an apartment and I cringe at the idea of 2u monster scream 24/7. That’s the reason I keep leaning towards a new build. I can spend extra to make a used machine quiet, but might as well just go new at that point. If anything my yearly electric bill will go up $30 vs $60 (I’ll claim to be a long term cheapskate).
Did you check if it is openWRT compatible? That would be an alternative to PFSense, not quite as powerful but open at least. …Well, and free of course.
Couldn’t you just copy the pfsense VM then change its WAN IP, set the original VM as its gateway, disable the LAN and update it then reset the settings and swap it with the original VM?
Also, I’ve been running virtualized pfSense instances for over a year on my ESXi box as my daily driver (I run an odd home setup) and it’s worked just fine. Its better to have your router as a separate box but if you really can’t just make sure you get a tower with 2 gigabit ports. Also, there is a free license key for ESXi you can get that would let you do what you need
@2bitmarksman Thank you for introducing me to labgopher.
Again its frustrating to here that I should and should not do what I have asked about :|…
I’m thinking of putting together a test machine that has an add in nic, and perhaps a few other trinkets. Test out virtual hosts, and compare ipfire to pfsense.
Be interesting to do a poll on this community about what people use if not an off the shelf router.
If you can scrape together a Ryzen 2000 build they are quite good on power, thermals and noise. If configured right you only need to have a GPU plugged in for the initial setup. Then you can shutdown, remove the GPU and power back on.
I have been running a R5 2600 like this for the last six months.
You can virtualise pfsense without too much hassle, I wouldn’t worry too much about what is right and wrong, as the whole point of a homelab is to experiment, make mistakes and learn.
Thanks for the comment, I hope that this experiment becomes a permanent solution, and move away from off the shelf solutions for network management or “accessories”.