Networking General - Discussion about hardware and software of computer networks

[Dread First]

1. you won't use pi-hole anymore. adguard home is a package available for opnsense that does the same thing better, natively right on your opnsense router.

2. opnsense makes this easy by default, block all incoming, allow all outgoing. dont open ports till you understand what you are doing and why you are opening it. (do not open rdp.)

3. I hate ubiquiti shit now but their APs are ok. Aruba and Rukus are next on my list to try at home

So... if I'm reading this correctly: it's as easy as buying a network firewall appliance that comes pre-loaded with OPNSense, a pair of access points, and then not being a complete and total retard with my defaults?

A lot of the things that made me bash my head against the wall with Pi-Hole were caused by my ISP's router. If Pi-Hole will be rendered entirely redundant by OPNSense, that takes a lot of the guesswork out of it for me.

 

[elastic eye]

So... if I'm reading this correctly: it's as easy as buying a network firewall appliance that comes pre-loaded with OPNSense, a pair of access points, and then not being a complete and total retard with my defaults?

A lot of the things that made me bash my head against the wall with Pi-Hole were caused by my ISP's router. If Pi-Hole will be rendered entirely redundant by OPNSense, that takes a lot of the guesswork out of it for me.

Yep. Protectli is a fairly popular hard brand for open source routing platforms such as pfSense/OPNsense. Used Dell/HP/Lenovo mini or thin clients you can find on eBay for cheap, often they will have at least 2 network ports or you can do an add in card. My pf/OPNsense router is a custom mini itx build with a low powered quad core celeron, 6gb ram, 60gb ssd, dual port NIC in a tiny case. Uses about 6-10W of power and has been running this way for 4-5 years at least now. Handles 1gbps symmetrical fiber with filtering no issue. The Protectli is very similar hardware to what I just listed. Stay away from onboard Realtek NICs. ServeTheHome.com is a good resource for finding more inexpensive hardware to turn into a pf/opnsense router.

The defaults out of the box are extremely safe. Even if you go screwing around with the config and think you've broken something it's very easy to re-default everything even if you can't access the webgui. Backups can be restored very quickly before big changes, the UI is very helpful in not letting you screw things up.

You will likely also need a network switch to go inbetween the router and access points/other PCs/devices/etc. Getting one with PoE is a huge plus so you don't have to use power over ethernet injectors to power your APs.

If you aren't very familiar with networking I could see how pihole caused trouble with your ISPs router, sometimes they don't play nicely depending on how shitty your ISPs is. My first rule of thumb is to remove/disable as much of the ISPs hardware as possible and run my own. One other thing to mention is if you move forward with a setup like this you can always test/play with it before hand without exploding your entire home network right off the bat