While I have some familiarity with larger scale networking using enterprise grade equipment, ironically this hasn’t helped me much with cobbling together a firewall for use at home.
All I have to spare is two consumer VDSL modem/routers (one’s quite locked down, the other is running Asuswrt-Merlin) and an old PC with 2 ethernet ports. I’ve already installed OPNsense, but getting everything to play nice the way I’ve set it up is just an absolute nightmare. The idea was to have one modem/router plugged into the wall, plug the firewall into that (WAN), plug the FW into the other unit serving as a router (LAN), and then have everything plug into/wirelessly connect to that LAN router.
Am I overcomplicating this? Without spending much money, how can I simplify this setup? Previously I just had the one modem/router which is as simple as it gets, but I wanted a FW so as to be able to monitor all my internet traffic. Cheers for any advice!
The setup you outlined is definitely adding significant complexity.
Your WAN-facing VDSL modem should be in bridge/modem mode, in which mode it will act purely as a modem (effectively a media convertor). Your OPNSense box will plug into this on the WAN port.
Your other VDSL router/modem should be setup as a pure wireless access point + switch, and connected to the OPNSense LAN port.
If setup this way the OPNSense box will handle all the routing, FW duties, DNS, DHCP etc, and the other boxes will effectively be transparent. Gives you a single point of configuration.
I ended up giving up on trying to tame the ISP-provided router. In theory it should’ve served as either the modem side, or as a wireless AP, but in practice the locked down configuration options were a nightmare, and so I gave up, and purchased a $30 switch in crestfallen defeat
