Proxmox Opnsense Bridged Setup

Table of Contents

Overview

I chose this because I didn’t want to mess with my home network and I wanted to test out opnSense filtering.

Make sure you’re not on VPN when trying to connect to Proxmox. Made that mistake before.
Configs - Default
- General !
- OS - Choose OPNsense!
- Disks - SSD emulation!
- CPU - 4 cores, type - host, gets all features of host CPU!
- Memory - 4GB!
- Network - We will config more later!
- Confirm
NIC setup
- Go to Datacenter > your node > System > network!
- Create > Linux Bridge
  - Create 1:1 relationship of Linux bridges for each physical NIC you have
  - vmro0 was already created so vmbr1 needs to be created.
  - I mapped it to enp2s0 and commented the label it has on the physical port!
  - Repeat!
  - Click Apply Configuration to save your changes! If you don’t you will get a vmbr doesn’t exist error when trying to start VM![[Pasted image 20250623211526.png]]
- Go back to our OpnSense VM
  - Hardware > Add > Network Device
  - Add your WAN port!
    - Make sure that your VM is stopped or else you will get this error 😅!
  - Add your LAN port
  - Remove vmbr0 because this will be used to communicate to your client / proxmox for config.!

Boot up VM
It first boots up into Live mode, like linux distros. This is to test. We will need to install to fully utilize opnSense!
Login
- User: installer
- Pass: opnsense
Installer GUI
- Continue with default keymap!
- ZFS or UFS? Per u/jtbis
  - “UFS (I don’t think PFSense supports EXT4) is more resource efficient, but lacks journaling so it gets corrupted easily in the event of a power failure. ZFS uses more resources but can take unexpected shutdowns just fine. ZFS also supports software RAID if you have multiple disks.”
  - I chose ZFS
- Virtual Device type: Whatever your configuration is. I only have 1 drive, so stripe.!
- Select your disk!
- Confirm!
- Wait!
- Change your root password and complete install!
- Reboot now!
- It will reboot!
- Proceed to the next step

It will boot back up shortly!
We will now config the LAN and WAN!
- Plug in your machine into the OpnSense LAN port that you configured and go to 192.168.1.1!!
Login to the firewall
- User: root
- Pass: opnsense (or whatever your changed it to)
Set your DNS Servers. If you have a local one use that. Enable DNSSEC support if you would like.!
Choose your timezone!
We can exit the wizard after this.

On the left, go to Firewall > NAT > Outbound > select Disable outbound NAT rule generation > click save > apply changes!

Go to System > Settings > Tunables! We can use the search bar to filter and pencil to edit.
- We need to edit the following:
  - net.link.bridge.pfil_bridge: 1!
  - net.link.bridge.pfil_member: 0
- Click Apply to save our changes

[!note] If you get kicked out of Opnsense, unplug the WAN port for now.

Click on [Bridge]
- ✅ Enable Interface!
- IPv4 Configuration Type: Static IPv4 (or DHCP if you prefer that)
- IPv4 address : set the address!

Go to Services > ISC DHCPv4 > [LAN] > Uncheck Enable DHCP server on LAN interface!
Click Save

We should be good now. Don’t forget to plug your WAN / LAN ports into your firewall!