Do you like fiddling with computers and fancy the idea of taking on a more advanced project? Then I have a suggestion: Build your own router/firewall.
With a router running a more advanced operating system on more powerful hardware than standard consumer routers, a whole world of new possibilities opens up. Although there is a learning curve and can feel complicated at first, it actually becomes easier to do things that might be possible with a router from, for example, Asus, but are really complicated.
There are a number of operating systems to choose from, from Openwrt, which can also be installed on consumer routers, to various Linux-based systems such as Clear OS and IP Fire, to Unix systems such as PF Sense and Opnsense.
Anders Lundberg
The latter two seem to be the most popular, and I myself have had a router with Opnsense for a couple of years so for this guide I have chosen that system.
Other articles in this series:
- How to choose a new router and get started with important settings
- Solve your Wi-Fi problems with these smart router settings
- Protect your home network with these essential router tweaks
- More than Internet: 9 tips to maximize your home network
- Get more from your home network: 5 advanced tips for the hardcore
Why build it yourself?
For many, it’s enough to answer: Because it’s possible and because it’s interesting and instructive. But you don’t have to be motivated by curiosity alone. There are several practical and technical advantages too.
Once you get started and learn the basics, it immediately becomes much easier to do things like set up multiple VLAN with different firewall rules (to prevent smart home gadgets from accessing the internet, for example), use dynamic DNS, run your own recursive DNS server, display a welcome message when guests connect to the wireless network, and much more.
Perhaps the biggest benefit, however, is security. Instead of relying on the manufacturer to release updates and keep the router secure, you get new updates almost weekly so that all parts of the system have the very latest security fixes. There are also add-ons that give the network more advanced protection than is normal in consumer products.
Hunsn
Choose the right hardware
You can reuse an old computer for Opnsense, in which case one or two network cards are all you normally need to buy. But such a computer is usually unnecessarily power hungry and a large piece of equipment that can be difficult to place in the home.
Opnsense is based on the Unix system Freebsd. This means that it is a little more fussy with the hardware compared to Linux. Above all, it is network cards that can be a problem. The system prefers and works best with Intel-based cards, so if you’re buying new, it might be worth checking that the computer you choose has Intel networking chips.
A mini PC with two Ethernet connectors may be a better choice, and in fact there are computers on sale designed specifically for use with Opnsense or PF Sense. For example, Amazon sells this model from Hunsn that costs just over $200 and has Intel networking chips. Since memory is cheap, I recommend 16 gigabytes from the start and at least 128 gigabytes of SSD.
In addition to the router computer, I strongly recommend a managed switch to connect, for example, your old router that you can set to work as an access point instead of a router, only for Wi-Fi. It is also needed if you want to start using virtual networks (VLAN).
Installing Opnsense
Start by downloading the latest version of Opnsense (click directly on the Download button with the preselected options). Also download and install Balena Etcher, a simple program for writing .iso and .img files to USB sticks.
Foundry
Unzip the downloaded .bz2 file so that you get an .img file. Plug in a USB stick, start Etcher, click on Flash from file and select that file. Select your USB stick as target and then click on Flash.
Once that’s done, you can eject the flash drive and connect it to the router computer, to which you’ll need to have a monitor and keyboard connected to begin with. Boot the computer from the USB stick via the boot menu or BIOS.
Foundry
The system starts with text only, which will scroll past for a while. When it is finished, you will be taken to a login prompt. Enter username installer and password opnsense. The installation program will now start.
Foundry
Select the language on the keyboard and move on. Select Install (ZFS) which is now the normal recommended method. Select Stripe and then use the space bar to select the target SSD. Go ahead and accept and it will format the disk and copy all the files. Once it’s done, you can select Complete Install (you can change root password easier in the next step).
Basic settings
When the router computer reboots, you can take out the USB stick and let it boot from the SSD. As before, a bunch of text will scroll by during boot, until you reach the login prompt.
I recommend that you start by changing the address of the LAN interface, so that Opnsense doesn’t mess with your old router if you want to be connected to both at the same time before you are ready to move the internet connection over to Opnsense.
Foundry
Log in with the username root and the password opnsense. Press 2 to change the IP address. Press the correct number for LAN (normally 1). Press return to choose not to use DHCP. Enter an appropriate address, for example 10.1.1.1, and then 24 to stick to addresses in the format 10.1.1.x. On the rest of the questions you can press return to accept the preselected option.
Before you can do anything else, you need to connect the Opnsense machine and your regular computer with a network cable, either directly or via a switch.
Open Settings on your regular computer and go to Network and Internet > Ethernet. You should have an address in the same format as Opnsense (for example 10.1.1.2), with the address you just chose as gateway and mask 255.255.255.0. If it has not appeared by itself, you can click on Edit to the right of IP assignment and fill in yourself.
Then open a browser and type in 10.1.1.1 and you should hopefully get a security warning about invalid certificate, which you have to click past to get to the Opnsense web interface. The username is root and the default password is opnsense.
Foundry
You will now be taken to the Opnsense guided basic settings. The first thing to do is DNS settings. Here I recommend leaving the dns servers fields blank, untick Override DNS and tick the three boxes under Unbound DNS.
The remaining steps you can click past until you get to a question about changing the password for the root account. Choose a new secure pa
Accedi per aggiungere un commento
Altri post in questo gruppo
Obsbot has launched two new webcams today, with a feature you won’t o
If you’re tired of laptops and large desktop towers, a mini PC is the
One of the best ways to make your room look awesome without completel
I’d almost stopped believing it’d happen, but the highly anticipated
If you’re on Windows 11, there’s a good chance you’re using BitLocker