fix(opnsense-vm): improve script and add single-interface mode

[AlphaLawless]

✍️ Description

Okay, I'm going to divide this PR into two parts. In short, this current version doesn't fix the bug #6183. In fact, I managed to reproduce two of them intentionally. And I think I can solve it later by bringing a more robust solution than just sleeping after this PR #9540 was accepted, because I see this improvement feature being better used as a core for reuse in future VMs scripts.

The first part will be this one where I make adjustments to some steps that I would like to have in this installation.

The second part will be about improving download speed and installation without long or insufficient sleep periods.

---

This PR adds the option to deploy OPNsense VM with a single network interface, supporting use cases where OPNsense is not intended to be the primary router/firewall.

Background

Not everyone wants to use OPNsense as a full router replacement (like me). Many users run hybrid network topologies where an existing router (like MikroTik, pfSense hardware, or ISP equipment) handles routing/NAT, and OPNsense is deployed as a specialized service for:

• Proxy server (Squid for caching/filtering)
• VPN gateway (OpenVPN/WireGuard endpoint)
• IDS/IPS (Suricata/Zenarmor)
• DNS filtering (in addition to AdGuard/Pi-hole)

Example Topology (Single Interface Mode)

Internet
    │
    ▼
┌─────────┐
│   ONU   │ (Bridge Mode)
└────┬────┘
     │
     ▼
┌──────────────┐
│   MikroTik   │ ◄── Primary Router (DHCP, NAT, Firewall)
│  192.168.1.1 │
└──────┬───────┘
       │
       │ [Single Cable]
       ▼
┌──────────────────────────────────────┐
│            Proxmox Host              │
│           192.168.1.10               │
│  ┌────────────────────────────────┐  │
│  │     Bridge: vmbr0 (eth0)       │  │
│  └───────┬───────────────┬────────┘  │
│          │               │           │
│          ▼               ▼           │
│   ┌────────────┐  ┌────────────┐     │
│   │  OPNsense  │  │  AdGuard   │     │
│   │ (Proxy/VPN)│  │   (DNS)    │     │
│   │192.168.1.20│  │192.168.1.53│     │
│   └────────────┘  └────────────┘     │
└──────────────────────────────────────┘

In this setup:

• MikroTik remains the primary gateway handling all routing
• OPNsense provides specialized services (Squid proxy, VPN, IDS)
• Only one physical NIC is needed on the Proxmox host
• All VMs share the same bridge (vmbr0) - no WAN bridge required

Changes

1. Added network mode selection in default settings

   • dual: Traditional firewall/router mode (LAN + WAN interfaces)
   • single: Proxy/VPN/IDS server mode (LAN interface only)

2. Conditional WAN interface configuration

   • WAN bridge (vmbr1) is only validated and configured when dual mode is selected
   • Skips WAN-related prompts and configuration in single mode

3. Improved WAN configuration logic

   • WAN interface is now added only if WAN_BRG is set
   • WAN IP configuration only runs when both WAN_BRG and WAN_IP_ADDR are defined

Use Cases

Mode	Use Case	Network Interfaces
Dual	Full router/firewall replacing existing equipment	LAN (vmbr0) + WAN (vmbr1)
Single	Proxy, VPN endpoint, or IDS behind existing router	LAN only (vmbr0)

Testing

• Tested single interface mode deployment
• Tested dual interface mode (existing functionality)
• Verified OPNsense boots and configures correctly in both modes (partial - single mode)

NOTE: I tested the script twice, and in both instances, the installation went perfectly (single mode). I was only unable to test the LAN and WAN version because I won't be able to generate a sandbox environment, as I'm short on time this end of the year. I would need one more willing person to test the full version.

Additional Notes

• Fix typo in send_line_to_vm: 'shift=x' -> 'shift-x' for uppercase X
• Fix typo in FILE variable: 'Fressbsd.qcow2' -> 'FreeBSD.qcow2'
• Add proper quoting for VM_NAME and CORE_COUNT variable checks
• Improve download URL message formatting
• Remove sleep 2 delay before URL display
• Clean up whitespace and formatting inconsistencies
• Remove orphaned TEMP_DIR initialization

🔗 Related PR / Issue

Link: #

✅ Prerequisites (X in brackets)

• Self-review completed – Code follows project standards.
• Tested thoroughly – Changes work as expected.
• No security risks – No hardcoded secrets, unnecessary privilege escalations, or permission issues.

---

🛠️ Type of Change (X in brackets)

• 🐞 Bug fix – Resolves an issue without breaking functionality.
• ✨ New feature – Adds new, non-breaking functionality.
• 💥 Breaking change – Alters existing functionality in a way that may require updates.
• 🆕 New script – A fully functional and tested script or script set.
• 🌍 Website update – Changes to website-related JSON files or metadata.
• 🔧 Refactoring / Code Cleanup – Improves readability or maintainability without changing functionality.
• 📝 Documentation update – Changes to README, AppName.md, CONTRIBUTING.md, or other docs.

[AlphaLawless]

Suggestion: Create a Troubleshooting Discussion for OPNsense

It would be valuable to create a dedicated troubleshooting topic in Discussions for OPNsense VM. This could help users resolve common issues more quickly.

Suggested Topics to Cover

1. Installation Walkthrough

A step-by-step guide like the one shared by @2runX would be extremely helpful for new users.

2. High RAM Usage In Proxmox VM Summary (100% even when idle)

Explain why OPNsense VM shows full RAM allocation even at idle. This is expected FreeBSD/OPNsense behavior - the OS uses available RAM for caching (ZFS ARC, filesystem cache) to improve performance. It's not a memory leak.

3. Slow Download/Installation on Realtek NICs

Many users experience extremely slow image downloads or network issues during installation. This is often caused by the default r8169 driver in Proxmox having compatibility issues with Realtek NICs (r8111/r8168/r8169 chipsets).

Symptoms:

• Very slow download speeds during VM creation
• High packet loss
• Network timeouts

Solution: Install the r8168-dkms driver on the Proxmox host.

Helpful Resources:

Resource	Description
Fix Realtek r8111/r8169 NIC driver in Proxmox 8.x	Automated script for the fix
SOLVED - Missed packets with r8168/r8169	Success cases after migrating to r8168
Realtek NIC terrible speeds (2024)	Recent reports confirming r8168 fixes the issue

---

Would a maintainer be interested in creating this discussion topic? I'd be happy to help draft the content.