New to OPNSense - Trying to Use Old Asus Laptop as Dedicated Firewall

[ghostpb]

Hello OPNSense forum,

As the title suggests, I'm relatively new to the world of OPNSense. My goal was to significantly overhaul my home network solution (moved in with my GF who was using Verizon's router and AP combo), and bring on all the benefits a next gen solution like OPNSense has to offer.

After some research, I decided to leverage one of my old laptops (an ASUS Q524U laptop from eons ago) with 2 USB NIC adapters as WAN and LAN plugged into the Verizon ONT and then a TP Link managed switch on the LAN side (wanted to run a couple VLANs too for separation).

Immediately ran into issues, biggest of which was that Verizon refused to give the device an IP over the WAN interface. I tried everything short of actually calling Verizon (did this on a Sunday) that I could think of and eventually had to give up so we could have wifi at the house.

My questions are as follows:

1.) Am I missing a step or ignorant to some hardware requirement here? I'd really love to repurpose this device as a dedicated firewall, particularly given that otherwise its just going to collect dust. I know its working fine, this used to be my Home Assistant server before I got a dedicated Proxmox host for this and other VMs.

2.) More of a follow on to the above question, in the event that the laptop is just a bad option in general, what would be a good alternative? Really not looking to break the bank here, I'd love something in the sub $100 range if I do need to get a dedicated appliance to do this.

3.) Any quirks with OPNSense and Verizon I should be aware of in general? Everything I'm reading online indicates it shouldn't cause issues, but as with most things in IT, the devil is in the details and I'm pretty new to all of this.

Thanks in advance for any help. Also, before someone says that I could just use Proxmox as the OPNSense firewall, this sadly is not an option - the Proxmox host is in a separate structure away from the house and connected via MoCA to a switch that sits in the outside area. Not enough room to move the host into the area where the ONT lives, and moving the ONT is likely to cost at least $150 - $200 based on estimates I'm seeing online (if not more).

[nero355]

NOFI but this is just one big bad idea :
- USB NICs have two major issues :
1. Prone to high CPU usage delays.
2. Chipsets inside them are not always of the greatest quality to say the least...

- A Laptop is fun as your handy dandy MP3 player or so when being this old, but using it as any kind of Server device is just a bad idea!
Unless you like your Firewall to get some sleep from time to time ?! ;) ;)

[Monviech (Cedrik)]

When I started out with OPNsense I ran it on an old Asus Laptop via Hyper-V with 2 USB NICs from Startek. Prior to that I ran ESXi on the same laptop with driver hacks to get the USB nics running, first with Opnsense VM and also Sophos UTM and other VMs.

It was okay for most of the time, but nothing I would recommend for production use at home because it has too many quirks.

Windows or ESXi have random USB nic issues and shuffle them around after reboots, good luck sweating and finding random issues.

Bare Metal on an old Laptop with USB NICS is even worse. If you must, try with Hyper-V.

------

The issue with Verizon is most likely MAC.

Spoof the MAC address of the Verizon Router on the WAN interface of the OPNsense.

[BrandyWine]

Sounds like headache from start to end.
Better off selling that old asus laptop for whatever you can get for it, then buy a N150 mini pc, or find a better used laptop that has all Intel guts and two rj45 ports, maybe a wireless connection can work if it only has one rj45. Laptops are just gonna be limited, and you won't be happy.

[pfry]

[...]
Immediately ran into issues, biggest of which was that Verizon refused to give the device an IP over the WAN interface.[...]

Was the Vz CPE connected via Ethernet? Most that I've seen are MoCA (coax), in which case you'd likely need to contact Vz to enable the ONT's Ethernet. That may have changed - I was Frontiered (and it looks like I'll be re-Vz'd) and never used the provided CPE.