Homelab and Home network upgrading to OPNsense

My homelab and home network consisted of roughly the following components:

  • 3x Intel NUC installed with VMware ESXi with 1 Intel Nuc running 24/7, the “24/7” Nuc has one physical NIC on board.
  • 1x Ubiquiti EdgeRouter X
  • 1x Unifi USW-8-lite-POE managed switch.
  • 1x Ziggo ConnectBox in bridge mode

I have been using VLANs and firewalling via the EdgeRouter, while this is working great without complaints about the troughtput of the edgerouter, I missed some – readable – firewall logging in insight into my environment. Time to see if I can replace EdgeRouter X with a more “advanced” router/firewall. After some research there are nice but expensive options for a capable firewall. While NSX looks also cool to implement, it uses a lot of resources for my humble homelab to be usable for me.

Well, i have a NUC running 24/7 already, why not run a virtual router/firewall? I have been testing OPNSense within my Lab for a few weeks and seems capable of all my needs. Time to put this in my “production” network and see if we can keep Netflix going ;-).

Since I want to replace the EdgeRouter X completely, there was one challenge: running OPNsense virtually with only 1 NIC on my Intel NUC. Where to leave my WAN connection from the Ziggo ConnectBox?? I don’t want to hook an external USB Nic to my NUC. So, only 1 solution left. Using a specially defined VLAN on the Unifi USW switch for my Ziggo connection.

The following steps are involved to get a WAN IP Address on my OPNSense WAN Interface:
The ethernet cable from the ConnectBox WAN Port goes to a port on the Unifi Switch.

Create a new VLAN for the WAN connection in the Unifi Switch.

Assign this VLAN to the port where the WAN ethernet cable goes.

Set up the profile with Native Network with the newly created VLAN. Make sure you don’t tag other VLANs in this profile.

Create a new distributed port group in vSphere with the new VLAN number that is created and make sure this VLAN is trunked to vSphere.

Assign this new distributed port group to the (virtual) wan interface of OPNSense and things should be going!!!

So everything looks stable and is running for a week now, Netflix is still stable, bye bye Edgemax, thank you for your service.

Leave a Reply

Your email address will not be published. Required fields are marked *

five × 2 =