Hi @LayLow
Just the fact that NethSecurity (The firewall component) isn’t really ready for prime time would be more than enough to not plan for this route at the moment.
As it’s still in beta stage, there could still be major issues cropping up. At that stage, your NS8 might work, but you won’t be able to use the Internet to help solve the issue.
There’s a very good reason a firewall should be a separate box.
@harry
Like you, I’ve been using SME Server since the 2000s, and after 2014/5 migrated to NethServer.
I moved away from direct installs on HW to complete using virtualization. From 2000 I used VMWare (Server, then ESXi), since 2015 moved all VMWare to Proxmox, a much better and complete solution with simple billing.
All my clients use virtualization, and a seperate box running OPNsense as dedicated hardware firewall.
PBS provides for incremental backups with dedulication, extremly fast and compact.
Disaster recovery isn’t an issue under virtualization, and even with complete different hardware, I can guarantee a complete disaster recovery within 2 hours, if replacement hardware is available…
Almost all my swiss clients anyway insist on a dedicated firewall (According to networking best practices), so why should I argue against my own better knowledge?
Besides which, DNS services on both SME and NethServer 7 are really crappy, NS7 only allows itself to use a CNAME from the cockpit. Other hosts have to use A records, and this results in random PTR records for hosts. Not really usable with monitoring in mind…
I’m really looking forward to moving my clients to NS8, and for more testing of NS8 until it’s really ready!
I also use Viscosity (Good, simple licensing, 14.- lifetime fee for as many Macs and Windows boxes as you have!) for all my clients, they’re very happy with it. Tunnelblick on Mac gives you just that: “tunnel vision”. Viscosity can use existing OVPN configuration files and even can directly import OpenVPN client configs.
My 2 cents
Andy