Messages

I am new to OPNsense and firewalls in general. I've spent the last month getting up to speed on basics and stabilising my device. I am running 25.7.2 with Zenarmor and Crowdsec. I use NextDNS configuration profiles on my Apple devices. I also use iCloud's private relay feature (a VPN, basically).

After I recently discovered two Mac trojans on one of my hard drives, I am taking the security of my network and devices more seriously. I have played around with different combinations of Zenarmor, iCloud Private Relay, and NextDNS, turning them on and off. When I tested ZenArmor alone for a day, it blocked 104 potentially dangerous sites, of which 17 were malware-related. This makes me reluctant to disable it by using superceding services. I also like the way that Zenarmor helps me visualise the outgoing traffic on my LAN. I find it helpful.

I am currently on the Free version of Zenarmor, but from what I understand, upgrading to the Home version won't allow me to perform deep packet inspection. Given that DNS encryption and VPNs are so useful, should I just write off ZenArmor? I know that NextDNS touts malware protection but the dashboard can't compare with Zenarmor's granularity. Is there possibly some happy medium here?

Thank you so much for the guidance. I'll start with getting something to run Proxmox on. I do have an old MacBook Pro that I could use as a stopgap possibly. It's a 2019 model, Intel i9 with 32GB RAM. If the noise of the fans was anything to go by, it won't be economical to run 24/7. Anyway, thanks again!

Do you have a home lab besides OPNsense? Capacity to run a VM with 16 G of memory, anywhere internal? I have become rather fond of ElastiFlow for traffic analysis.

Thanks for the suggestion. No, I don't have a home lab, unfortunately, but I suspect I will end up with one. As for machines that can run VMs 24/7, not really - I only have a M4 MacBook Pro and a gaming PC. I could get a mini-PC that could run VMs. What would be the host OS?

Elastiflow looks interesting. There's a free Basic version, too. Nice. I'd probably need to get another switch. I don't think the Ubiquiti switch that I picked up supports SNMP.

I am just starting out with OPNsense. Up until now, I have been using an old ISP-supplied router/firewall. I currently have OPNsense installed on a tiny Intel N3160 device. It is connected to a Zyxel modem in bridge mode. I have spent the past two weeks, getting to grips with networking terminology and concepts, tweaking my settings, and getting IPv6 working properly. With the exception of some custom Xbox rules, I am using the default 25.7 firewall configuration. I have a flat network right now, but I have just purchased a managed switch to set up some vLANs. I am running CrowdSec/Zenarmor.

I would like some advice on what to do with my firewall logs. At the moment, I am inspecting them in the Web GUI, scouring them for hints about misconfiguration (or worse). What should I be doing with the logs? Should I save them off-host? I was thinking about setting up a syslog server. I was given a Synology NAS that could possibly be used for this. I'm not entirely sure. Alternatively, I could upgrade my OPNsense device and use the N3160 for log storage.

Also, what is the best way to capture analyse logs. And what would be the best solution for a home user like me? Any advice or suggestions would be much appreciated. Thanks :)

I recently decided to ditch my ISP-supplied router and make the move to OPNsense. At the moment, I am using a Zyxel modem in bridge mode connected to my OPNsense device. I have a FTTC British Telecom (BT) package.

I have been trying to get IPv6 working but, coming from the relative simplicity of IPv4, it has been a challenge. I think I am almost there. I pass the IPv6 test. I can also ping and trace route successfully. However, I am experiencing periodic disconnection which I suspect is related to my RA settings (Assisted).

At present, my settings are as follows:

WAN interface is configured PPPoE/DHCPv6, MTU 1492, 56 prefix size. Request prefix and prefix hint are both enabled.
LAN: Static IPv4/Track Interface, WAN as parent, prefix ID is 0. Manual configuration of RA is disabled.

Could anyone who uses BT advise me on the correct DHCPv6 settings, please? I would be most grateful. Thank you.