Comment on Homelab hardware choices
Klox@lemmy.world 1 day ago
For a Homelab, I cannot imagine going with anything other than older used SFF boxes for my router. I’ve been running PfSense and then OPNSense on them for over a decade.
[Mini PC] Very DIY, would feel afraid of misconfiguring the device and exposing myself to security issues
The risk is there for every router software, and the form factor won’t change that. The OPNSense software is pretty solid and the tutorials are less likely to lead you astray. You will learn a lot with a deep dive on OPNSense. So I’d say just go for the used hardware. The nice thing is if it craps out on you in 5 years, you take your OPNSense config (regularly back it up with one of the plugins) and a new mini PC and you are back up ASAP.
- Does anybody have any suggestions for PoE capable switches and access points that play nicely with OPNSense - I’ve been considering MicroTik but I’m not entirely sure what to look for.
They should all be fine. OPNSense is your router and firewall, and IMO it doesn’t really influence my downstream hardware choices.
Not sure how the used market is in UK. Last year I decided to go 10G so bought a used Brocade ICX 7250 48x PoE+ RJ45 8x 1/10 GbE SFP+ Gigabit Switch for $78 on ebay. Its been so nice! 48x PoE ports and 6x 10G ports. It takes a detailed walkthrough and some head scratching to get it running well so I wouldn’t really recommend it specifically without a bit of experience. But it is easily the best bang for your buck. Throw in 10G SFP+ PCIE module into all your important machines and use passthrough DACs and you’ve got a flexible 10G setup for $200-$300.
I am not familiar with FritzBox so not sure how that changes the calculus.
hacktheplanet@programming.dev 1 day ago
Yeah I think my concerns regarding using a mini PC might be misplaced, but I was more thinking in terms of the bios and firmware of the mini PC, i.e. if it it’s an older model, will it continue to receive updates. But then again I guess that would take a security vulnerability somewhere higher up the stack to exploit in the first place. 🤔
OPNSense’s default security posture does seem pretty good and will likely be a significant uplift from my router’s basic firewall.
Didn’t actually know about the single config thing, very useful.
That switch looks like a serious bit of kit! I’ll be taking it easy first, space is also at a bit of a premium.
Cyber@feddit.uk 1 day ago
The advice above matches mine.
I have a home-built pfSense unit and when parts die (not if), then I just replace them with spares I have already waiting… as that box is now critical for you.
I also have a Fritz in bridge mode with the pfSense doing PPPoE through it, so effectively, the firewall is the first real device on the WAN. Makes things much simpler as the WAN interface has status like packet drops, etc, much easier to diagnose issues.
hacktheplanet@programming.dev 1 day ago
Do you mind me asking what model FritzBox you have? I have a 7350 AX. Does this more or less match how you did it?
Cyber@feddit.uk 13 hours ago
I have a 7530. (Is yours a typo?)
Yes, those instructions look about right.
My pfSense box has the username & password, so the router really is just being used as a dumb modem (I used to use Draytek modems)…
… but…
The router’s diagnostics will show the DSL details, so you can check if your external connection is ok (ie OSI Layer1), but it will always think it’s offline.
So once you get your OPNSense setup and working, have a look around the Fritz diagnostics and get comfy with what you can / can’t see, because when there’s a failure you won’t know what is really failed.
Also… write down what you did and how to reverse it, as you (or others) might want to reset it to full router if your OPNSense is down.