New here and I just got opnsense set up with PIA and kill switch. I used the pfsense guide here https://www.reddit.com/r/PFSENSE/comments/6edsav/how_to_proper_partial_network_vpn_with_kill_switch/ (https://www.reddit.com/r/PFSENSE/comments/6edsav/how_to_proper_partial_network_vpn_with_kill_switch/) as a go by. I'm a soon to be retired DBA so, while I don't know the details of networking, I can get around a little. I'm pretty experienced with Linux. I don't know much about BSD.
I actually did it with pfsense first but, those guys' attitude really makes me uninterested in using their software if I have an alternative. However, doing it in pfsense did give me the confidence to try it in opnsense.
I know it's overkill for a home router but, it's on an i5 with 32GB and a 30GB msata drive.
Comments
- I couldn't get the USB version to boot or even be recognized by the BIOS. I had to burn a DVD. Not sure why.
The install took a while. - Others have commented on this but, guides for opnsense other than the documentation are pretty hard to come by. That's why I did it with pfsense first.
- [ don't want it but, I'm a bit surprised that opnsense has no provision for UPnP. The only reason I know that pfsense has it is because I went looking for it to make damn sure it was turned off.
- I've only had it running a few hours but, very pleased so far!
Questions
- Telling me to RTFM isn't unreasonable here but, this sysstem also has a 200GB hard drive. Opnsense isn't using it. Any pointers on getting it running? Any reason I should?
- Is there a reason to set up ARP on a network with less than 20 nodes? From what I've read it reduces broadcast messages for mac addresses but, how many of those are there going to be on that small a network?
- Anything else I should try to set up for a home router? Obviously, I have some spare cycles.
My other observation is that both pfsense and opnsense perform about the same. However, they both beat the tar out of my ASUS AC-RT87U performance wise. That's not much of a surprise. I also get higher throughput over PIA than I do on a clear connection with both opnsense and pfsense. I'm pretty sure that's due to compression between my router and PIA.
Thanks for any answers, comments, insults, whatever. :)
Hi MickeyRat,
First of all: welcome! :)
> Others have commented on this but, guides for opnsense other than the documentation are pretty hard to come by. That's why I did it with pfsense first.
Fair enough. We are working on our documentation, but others have a 10 year head start so it takes a while to be able to do the same.
> [ don't want it but, I'm a bit surprised that opnsense has no provision for UPnP. The only reason I know that pfsense has it is because I went looking for it to make damn sure it was turned off.
It's been moved the plugins, but it is available if you need it. Makes it easier to check that it's off if it isn't installed by default. ;)
> Telling me to RTFM isn't unreasonable here but, this sysstem also has a 200GB hard drive. Opnsense isn't using it. Any pointers on getting it running? Any reason I should?
Not sure what the question is? It won't use the disk unless you use disk-intensive services like web proxy cache or insight reporting.
> Is there a reason to set up ARP on a network with less than 20 nodes? From what I've read it reduces broadcast messages for mac addresses but, how many of those are there going to be on that small a network?
ARP is automatic, or I don't understand the question very well. Sorry.
> Anything else I should try to set up for a home router? Obviously, I have some spare cycles.
Insight reporting is nice, enable NetFlow with local reporting... and skim the plugins list as there are a few other interesting things, also see:
https://github.com/opnsense/plugins#a-list-of-currently-available-plugins
Cheers,
Franco
Thanks for the reply!
QuoteFair enough. We are working on our documentation, but others have a 10 year head start so it takes a while to be able to do the same.
What I was really referring to is sources other than the documentation. There's not a lot of buzz out there for opnsense. You can't fix that. As you said, it'll take time. OTOH if you're looking to move to something like this, you can't help running across the pfsense attitude I was referring to earlier. That provides some motivation to give opnsense a loook.
For my part, I'll probably post a thorough guide on here for what I did. i certainly could have done something stupid. So having a few more eyes on it won't hurt. I might also ask PIA if they are interested in it. If they put it up, perhaps other VPN vendors will follow suit.
QuoteNot sure what the question is? It won't use the disk unless you use disk-intensive services like web proxy cache or insight reporting.
It's moot now. After I posted that, I found that msata drives had come down in price. I have a 120GB on the way. I was really asking if with just basic router functions and a VPN client, if I needed more than 30GB and pointers to how to enable that drive if I did.
QuoteARP is automatic, or I don't understand the question very well. Sorry.
I didn't state the question well. I was referring to the static ARP entries you can enable for permanent leases in DHCP. That's what got me looking at ARP at all. I haven't enabled it. From my reading, it's cheap and it's not going to hurt anything but, it's a very minor help.
QuoteInsight reporting is nice, enable NetFlow with local reporting... and skim the plugins list as there are a few other interesting things, also see:
https://github.com/opnsense/plugins#a-list-of-currently-available-plugins
Thanks!!! I'll probably wait till I get that 120GB drive in but, I'll check it out.
After 2 days, still very pleased with opnsense!