OpnSense

I’m looking to make a low-power device for OPNsense. One of these is what I have in mind.

SuperMicro X7SPE-HF Atom 1U mini Server Intel D525 4GB CSE-502L-200B

It has 2 1gig ethernet ports and I can add an additional NIC if I have to.
Is there anything I should know about OPNsense or running a firewall appliance that isn’t obvious? This will be my first modification to my dumb network that simply runs from by DSL modem to my a dumb switch.

I honestly don’t know what else I have to do so if you can give me a recommendation/direction to look for instructions I’d be grateful!

1 Like

@PhaseLockedLoop has a thread about using OpnSense on an Intel system and also using Coreboot.

If you intend to do any real packet inspection or other kinds of serious firewall shenanigans then you’re going to lose throughout depending on your internet speed.

Otherwise, have fun.

1 Like

My internet speed is crap. I’ll have no issues.
Oh, its 30/3 up/down, in an ideal environment.

Also, reading the suggested @PhaseLockedLoop thread and learning…

2 Likes

I’ve just never done more than run an ethernet cable from my desktop to my DSL modem so I’m a bit at a loss as to what to do.
I know I’m barely above a troglodyte. I’m trying to learn…

1 Like

well if you’re new to networking I probably wouldnt start with opnsense but as a wise canadian man once told me, one must drain the hose which one currently owns. So I suppose get it installed and then dig in. I dont personally use opnsense but I could probably fumble my way through helping you understand any of it based on my knowledge of other systems.

I have a lot I haven’t posted

What are your questions specifically?

Is rackable equipment a requirement for you? Do you want low power consumption? Would you prefer saving a buck and having a big box as a router, or you don’t mind paying a premium for a small form factor?

I would not recommend anything lower than a Celeron J1900 for pfSense / OPNSense (unless you really know what you are doing from the start). The Atom D525 should be fine too.

Things you need to know: packet inspection will require a better CPU (depends on the number of clients). Running other processes, like a proxy, will require more RAM. Running OpenVPN requires a CPU with AES-NI (which the Atom D525 does not have). I’m probably missing more stuff.

Also, have you thought about getting a cheaper device and flashing OpenWRT / DD-WRT or Asuswrt-Merlin on it? Saves a buck and it’s more compact, but it’s not as featureful (you can’t run a proxy or reverse proxy on it, no packet inspection etc.), but you can still run openvpn if that’s something you desire. If all you want is learn what you can do with pfSense / OPNSense, you could just run it in a VM and save even more (although I admit, it is not as attractive as having a physical box).

I guess I have more basic questions. I can install software successfully, most of the time.

How do I change the configuration of my DSL modem to account for the new Opnsense device acting as router?
Would I need to do something with the DNS or DHCP settings to keep them behind Opnsense?

I’m not looking to put in any advanced rules that would use too much cpu power. I just want to get it up and running. See where it goes from there.

@Biky
I would like rackmount. I have the Supermicro 1U device already, so I would like to use it for something.
I do want low power. Its just a long term cost that also correlates to heat production thats a big deal in the summer. This will be going in my office to noise is a bit of a concern but not a deciding factor.

I really just need some guides to follow and then I can come back here when I have questions.

This forum is awesome for people like me who don’t know what they’re doing. Thanks for all the responses all!!!

1 Like

Depends. I haven’t used DSL modems since the days they were just dumb modems or media converters. If you’re still using one (doubt it) and you are using a PPPoE connection on the end-device, then you don’t need to do anything, just connect the server, set your connection and you’re up to the races, OPNSense will ask you for DNS and you have to configure the subnet and enable DHCP on your LAN. If you are (more likely) using one of those all-in-one DSL modems with router, wifi and switch, it is probably locked down. Technically you can just plug your router in it and make a pseudo-DMZ (not really a DMZ) between them (like for example, keep using that all-in-one for wifi for your guests). But for the best experience, you want the modem to be set in Bridge Mode, which in 99% of the time, only the ISP can do. You won’t be able to use your wifi or other built-in capabilities related to networking in your modem, but you don’t need them.

I read somewhere that you are going from the modem to a dumb switch, so the first thing to do is go from the modem to the OPNSense router and then to the dumb switch. I have a feeling I’m missing some stuff, but I can’t think of anything atm.

@Biky
Thanks. It looks like I’ll have to work on this more this coming weekend.
I do have an all-in-one DSL modem but I do use a separate wireless AP for my mobile devices. I treat it as something I have to leave alone for housemates.
I’ll try to make sure its in bridge mode this weekend, I don’t have enough time after work to dig into and get things running and fix what I inevitably screw up.

1 Like