.jpg)
.jpg)
My OPNsense router is just a Dell Optiplex 5050 with an i5-7600 and a gigabit network card. The thing isn't powerful, but it's more than enough to use as a router.
My main reasoning for implementing an OPNsense router was to create a different subnet for my home server to live on. This way, if someone gets access to my server which has internet facing services, I can contain anything to just my home server. It's unlikely to happen in the first place, but it's always good to have protection where you can.
My current configuration includes 2 subnets as well as a wireguard VPN. 1 subnet for my LAN that's connected to my old router setup in AP mode, and then a SERVER subnet for my main computer and my Server. I've also got port 443 and 25565 set to forward to my Home server so that I can access my services from anywhere with internet
My firewall configurations all have 3 base rules.
My subnets also have different rules to control access, such as only allowing printer access from my home networks and not my Wireguard VPN. The reason for this is obvious, there is no need for me to print something when i'm not at home to grab it.
Firewall ACL's is the biggest thing I learned from this project, I never really understood them when I read about it. My router before this didn't allow you to control the base ACLs. I found that having foundation rules it makes it a lot easier to setup different subnets with firewalls that I can change later on without worrying about it being insecure.
Having an OPNsense router has sped up my internet a ton! All while allowing me to configure more granular firewall settings. It's taught me more about networking security and to be more mindful of my security, especially in my own home network.