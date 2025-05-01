Not everyone thinks you should virtualize your OPNsense or pfSense, and with good reason. There's a solid argument to be made that running your network on bare metal is safer and more predictable, but tools like Proxmox and even ESXi are mature and robust enough that many people use those platforms to virtualize their router and firewall. I'm one of those people, and here's why I do it.

5 More varied driver support

And sometimes better, too

One of the most important reasons people opt to virtualize OPNsense and pfSense is for the improved driver support. They both run on FreeBSD, which is similar to Linux but not exactly the same. In the case of hardware, there are drivers built for Linux that have no FreeBSD equivalent, meaning that you might not even be natively able to use FreeBSD in the first place. That's the situation I find myself in, where my NIC has a Linux driver but no FreeBSD driver. Thanks to Proxmox, I can bridge the Ethernet adapter to my OPNsense virtual machine, and it all works just fine.

As well, drivers might simply be better on Linux. Given the ubiquity of Linux, many companies prioritize supporting it, and while FreeBSD maintains binary compatibility with Linux on the software side of things through Linuxlator, drivers are different. For example, Linux-only interfaces such as eBPF/XDP have their own FreeBSD equivalent in Netmap, but it's not as simple as just recompiling the same drivers for a different operating system. While this is not the case for all hardware, a lot of NICs will simply run better in Linux if passed through to OPNsense rather than run natively. This depends entirely on the hardware you use, of course.

If the FreeBSD drivers are good enough, though, you can do a full PCI passthrough of your NIC to the VM, so that it can be used as if it were a native piece of hardware. That way, you can get the other benefits of using Proxmox while still getting the benefits of a bare metal NIC. Just make sure not to pass through your LAN NIC if you're using other containers or VMs, as they won't be able to access your network.

4 Rollbacks and backups

Easy to go back if you made a mistake