OPNsense Super-Router
Home Hardware Software Venture
TODO change image from pfsense logo to opnsense
Part 2: The Changeover [July 2020]
Due to some incompatibility between PFsense and my new NIC I decided to try OPNsense. This has been on my mind for some time. I prefer the way it looks, I prefer the licensing model and I haven't annoyed my better half by breaking the internet in a while. You've got to keep her on her toes. So far it seems that my previous driver woes are fixed but I still have some work to do before I switch over full time. Our internet connection is FTTH and there are still some unresolved quirks pertaining to PPPOE authentication through VLANs. I'll let you know how I like it when I get it fully live and setup the advanced features.
I have made some other upgrades too. Using a spare 64GB SSD as the boot drive increases reactivity of the system while still logging and caching to the spinning rust. Also an ebay 2.5Gbps fibre nic has replaced my old ethernet one for jacking directly into our FTTH connection.
Part 1: The Setup [Sept 2016]
Ever since I've bee implementing more functionality onto my Vitrualised Home Server I have been finding numerous annoyances with my home network. Features static DHCP mappings, QOS and port forwarding on our ISP's router are either weak or missing. I wanted to have more control over my networking capabilities and reduce reliance on that provided modem/router/waste of space. Every one of these boxes has had different features that aren't importable from one to another so having a one box system as a drop in replacement (with a plethora more capabilities) will be amazing, in theory.
I had previously heard of a BSD distro called PFsense so after taking a quick round up of the competition I decided that this was what I was going to use for my router. To build it I took a Pentium G3460, which only 2 cores and no HT. Despite this it was still overspecced for a router. From the same clapped out pc that I acquired the CPU from I got 2 gigs of ram (again overkill) and a 2.5-inch 256GB hard drive. I put all of that on a mini ITX mobo and put it in a Fractal Node 202 case. I realize that a case is a too glamorous for this project but this box has to live in my lounge so it couldn’t be too ugly/noisy and its flat profile makes it extra unobtrusive. Almost the most important piece to this came next in the form of an intel based 2 port NIC which slotted in perfectly the graphics card bay.
I have ended up doing more with this box than I ever thought I would. To date it is running a caching DNS resolver which provides significantly quicker DNS lookups (tested using namebench). The DHCP server also registers the static ip mappings and their hostnames to the DNS server which is handy with the amount of machines I need regular access to. There is a dynamic DNS update functionality to update my namecheap entries when my public ip changes. I also have an openVPN server meaning that VPN request traffic doesn't need to be forwarded through the network prior to authorization. a bonus here is that it takes more advantage of the overkill hardware. The squid cacheing proxy means updates and other large files do not need to redownload them for all machines. They are kept on the hard disk and can be accessed at much faster speeds without chewing up bandwidth. The last piece of it that significantly speeds up the network is traffic shaping that prioritizes real time comms, then streaming, then downloads and then torrent traffic so even if I'm slamming my bandwidth the most important services aren’t affected. This has previously caused many a fight with the significant other in the past. All in all I wouldn’t catch me going back to relying on the ISP routers any time soon, I’ve had a taste of the fast life and I aint goin' back!