Home use tips

Started by Cobra, February 20, 2025, 06:53:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 20, 2025, 06:53:24 PM
I would like some advice for this configuration.
I installed OPNsense (updated to 25.1. 1) on my old PC with Mini-ITX MoBo that has 2 NICs.
I use re0 for LAN and re1 for WAN.
The CPU is a Celeron 847 1.10GHz (2 cores, 2 threads). 8GB RAM
The disk is a Crucial 120GB SSD.

I expect the use to be limited because for a home environment where there are only 2 people.
There is no professional use or online gaming.
There will be only two PCs mainly for surfing the Internet.
I want to activate two TrueNAS SCALE for backup.
There are 3 smartphones and tablets.
Then there are: 1 Alexa, 2 IoT devices, 1 SmartTV. All of this is currently connected directly to the router, therefore upstream of the firewall.

My idea is to connect the NIC re0 to a small manageable switch to create 4 VLANs on re0 (LAN, DMZ, Home and Guest).
Then connecting an Access Point to the switch that can manage the VLANs and then connect everything that is currently on the router.

Then I wanted to install Zenarmor (free).

Considering that the Internet is now between 90 and 110 Mbs I was tempted to connect WAN to an ethernet adapter for USB 2.0 (max 100Mbs) thus freeing Re1 for DMZ.
However, I saw that for OPNsense it is an unstable connection and it was lost very often.

There is also a 320GB HDD mounted on the PC that I did not use in the installation and I was also wondering if it could be useful or if I should remove it.

Currently OPNSense is connected to only one PC used for the installation.

Do you think all this makes sense?
February 20, 2025, 07:10:33 PM #1
Frankly, no. Realtek NICs are known to be unstable under OpnSense/FreeBSD and USB NICs are even worse. I would definitely avoid the USB option - you could use the manageable switch to fan out the DMZ to dedicated ports.

Your CPU is very weak and could probably handle a 100 Mbps connection, but I question if it is suited for Zenarmor at those speeds or if it can route inter-VLAN traffic, which has higher speeds.

There are cheap options with N100 or N150 CPUs using 2, 4 or 6 Intel I226 ports that are known to have enough punch to do even more than 1 Gbps.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
Print
Go Up Pages1
User actions