Comment on Homelab hardware choices
hacktheplanet@programming.dev 1 day agoYeah I think my concerns regarding using a mini PC might be misplaced, but I was more thinking in terms of the bios and firmware of the mini PC, i.e. if it it’s an older model, will it continue to receive updates. But then again I guess that would take a security vulnerability somewhere higher up the stack to exploit in the first place. 🤔
OPNSense’s default security posture does seem pretty good and will likely be a significant uplift from my router’s basic firewall.
Didn’t actually know about the single config thing, very useful.
That switch looks like a serious bit of kit! I’ll be taking it easy first, space is also at a bit of a premium.
Cyber@feddit.uk 1 day ago
The advice above matches mine.
I have a home-built pfSense unit and when parts die (not if), then I just replace them with spares I have already waiting… as that box is now critical for you.
I also have a Fritz in bridge mode with the pfSense doing PPPoE through it, so effectively, the firewall is the first real device on the WAN. Makes things much simpler as the WAN interface has status like packet drops, etc, much easier to diagnose issues.
hacktheplanet@programming.dev 22 hours ago
Do you mind me asking what model FritzBox you have? I have a 7350 AX. Does this more or less match how you did it?
Cyber@feddit.uk 11 hours ago
I have a 7530. (Is yours a typo?)
Yes, those instructions look about right.
My pfSense box has the username & password, so the router really is just being used as a dumb modem (I used to use Draytek modems)…
… but…
The router’s diagnostics will show the DSL details, so you can check if your external connection is ok (ie OSI Layer1), but it will always think it’s offline.
So once you get your OPNSense setup and working, have a look around the Fritz diagnostics and get comfy with what you can / can’t see, because when there’s a failure you won’t know what is really failed.
Also… write down what you did and how to reverse it, as you (or others) might want to reset it to full router if your OPNSense is down.