Building an OPNsense router
4 points by mtsolitary
4 points by mtsolitary
Nice to have nudges on what I could do with the OPNsense appliance I've got from Protectli. I wanted a solution where even if I maintained the network to start, there would be enough user-friendliness that others could take over when needed. It's been good so far.
The original intent was to extend across the household the experience I have as an individual with the software firewall on my machine. When on my own, I vetted my software and hardware enough to be comfortable with Little Snitch and OpenWrt on a basic TP-Link. Now as one's home grows, so does the need for PiHoles and firewall appliances.
I actually bought their appliance. I've had it since 2019 and it's the nicest most stable firewall. I've ever had. Nothing wrong with building your own, but boy the commercial version sure is a lot more stable!
I'm planning on finishing up my own re-wiring; we have 8Gb/s FTTP and so I've pulled fibre to the office and basement and will be replacing the ISP router with a OPNsense job, new wifi AP, switches, &c.
I had OpenBSD on an Ubiquiti Edge Router Lite (yeah OpenBSD on MIPS64!) for about 10 years. I was really happy with the setup until I started to get storage issues. Now I'm back on a consumer router but the loss of control has been bugging me. OPNsense seems really interesting but I'd like to find a small form factor, low power box that's well supported and not too expensive.
OpenBSD's filesystem behaves badly on power-loss -- these days I run OpenBSD as an immutable VM so every reboot starts in the same place. I can't justify it on metal until someone contributes a new filesystem, or I put in the effort for immutable disks on metal (I've done it before, just highly inconvenient).