One of the most common ways to set up a home network with OPNsense is to use the following configuration: Internet > modem > OPNsense > network switch(es) > end devices/wireless access points. Many network appliances will have more than 2 ports/interfaces. You may use the extra ports to attach network switches or other devices you may have on your network including PCs, laptops, game consoles, media servers/players, and wireless access points.
I was recently assigned a laptop to use for work so I wanted to create a new VLAN only for my work laptop to keep it segregated from my own network. On my OPNsense box, I have extra unused interfaces. I decided to take the opportunity to utilize one of those extra interfaces instead of adding yet another VLAN to my main LAN interface. There are two ways I could utilize the unused interface: use the physical interface with no VLAN tagging or assign a VLAN to the physical interface.
WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was not overly difficult, but I did struggle with getting everything working together in the same way that I had my OpenVPN configured.
Have you wanted to take a look at OPNsense without installing it to a dedicated machine and/or deploying it as your primary home router/firewall? The easiest way to evaluate OPNsense without installing it on separate hardware is to virtualize it. I wrote about running OPNsense in VirtualBox. Now that I run Proxmox on my server instead of Ubuntu (I still use Ubuntu for many of my LXCs/VMs on Proxmox), I wanted to run OPNsense on Proxmox so I may use when writing content for this site.
Sunny Valley Networks is a company that has partnered with Deciso, the creators of OPNsense, to create a plugin called Zenarmor (formerly Sensei) which adds deep packet inspection and more to OPNsense. These features add greater visibility into your network. Zenarmor also has built-in cloud threat intelligence that can be used to block web/application traffic and to prevent known malware attacks. For users who wish to have a low cost option yet have advanced network monitoring and protection, OPNsense with Zenarmor is a great option to consider.