Reasons to get OPNSense with Unifi General Home Use

Started by natsukirei, August 09, 2024, 09:27:19 AM

Previous topic - Next topic
August 09, 2024, 09:27:19 AM Last Edit: August 09, 2024, 09:30:31 AM by natsukirei
Hey guys

So i was wondering since ive been toying with OPNSense in a virtual machine environment/lab

OPNSense and unifi together, i do see some people who run a unifi gateway or switch and a OPNSense in a home lab, and i have so many questions about that

I have a unifi gateway ultra with a single U6+ AP and it works fantastic with default settings and ive considered buying a OPNSense

And considering im a just a general home user/gamer with a knack for tinkering with toys

one benefit i can personally think of might be adblocking or pihole, if they can be installed on an OPNSense device

First of is why? what benefit does it have over just using unifis firewall or default settings
What benefit does a firewall even serve a home user
Whats the setup like and how would they work together in tangent

Some points to consider:

- Unifi is proprietary while OPNsense is FOSS
- OPNsense offers plugins for features not available in Unifi

The last time I checked, the Unifi firewall  also does not support multiple WAN IP addresses. Admittedly that was a while ago.

Firewalls mitigate security risks to your data. You can implement that in an off-the-shelf router but their record on timely updates and not getting hacked is fairly poor.

Unifi is great for internal network management, SDN, visualisation, etc.

Bart...

Just to chip in my two cents - the USG (Unifi Security Gateway) back in the day that they touted so hard had some serious drawbacks, including that. I believe it might only have had one VLAN as well? I remember picking up two for a dual-site deployment and, well, they're still in a box somewhere.

AFAIK the new Dream Machine/Dream Router/CloudKeys are better.

Last time I checked, Unifi for anything other than Wifi was rather rudimentary.

I just recently got OPNSense up and running on an PC.
I like to keep my networking on one box and services on another so I can bring down either independently when/if needed.
Router hardware:
i5-7500 CPU @ 3.40GHz
16GB RAM
9 network ports using 4 x PCIe adapters:
builtin is 1GB Intel Copper (WAN)
1 x PCIe with 2 x SFP+ Chelsio Fibre
2 x PCIe with 2 x 1Gb Intel Copper
1 x PCIe with 2 x 10GB Chelsio Copper

Using mimugmail's plugins for OPNSense, I have the UniFi controller and AdGuardHome running on the same IP as the router. (ports 8443 & 3000)
UniFi hardware:
USW-Flex-Mini-01
USW-Flex-Mini-02
USW-Flex-Mini-03
U6-Pro-02-Library
U6-Pro-01-Living
USW-Flex-XG
I have 5 vlans on top of the default untagged "LAN" that gets created which I only use for management.
vlans are for:
IoT
Guest
IPCAM
Neighbours
Raywood
IoT, Guest and Raywood are the three vlans having SSIDs broadcasted via the 2 x U6Pros. This works well and I don't see any issues so far when using both together.

AdGuardHome works well! I'm using it to also block my LGC9 TV so I don't get Firmware reminders for example.
Just have to work out how to allow it to get ntp and not the update from the same domain which will likely require me to learn more about wireshark.

I've learnt heaps, stuffed up just as much along the way, mainly because I've bridged spare ethernet ports in the router so I don't have to buy another smart 10Gig switch for the shed/homelab.

Certainly would not have managed all of the above if it weren't for the great people here in the forums so this is just as important for me.


I'm really happy with what OPNSense can do and so will be donating once I finish my setup.



Hello i have a problem i have 2 UniFi networkports and i use opnsense but when opnsense upgrade came i cant acsess the ports and "lock" my ps5 to one of the ports i have one port i my living room and one in snittet place in the house. And sometimes my ps5 choose to be connected to the port far away and i vant play online games? Can Domenico help me with this?

Who's Domenico?

Please provide way more information about what "access the ports" actually means. Best provide a diagram of your network with all internal IP addresses involved. Describe what you expect to work and the precise way in which it fails. Nobody here has got a working crystal ball as far as I know. ;)

Also the topic of this thread is in no way related to your particular problem so you might consider opening a new one with a matching subject line to better get targeted support.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

December 16, 2024, 06:25:08 AM #7 Last Edit: December 16, 2024, 07:50:20 AM by OPNenthu
(Edit: Deleted post. Sorry, didn't realize this was an old thread.)