When creating content for this website, I often have the need to take screenshots of the OPNsense web interface. Sometimes I am able to use my actual home network router to take screenshots, but I have to be careful not to modify any settings. I sometimes have to resort to tweaking the screenshot slightly after taking it in order to show what the interface should look like without everything already configured.
A DMZ (demilitarized zone) is a segmented part of a network that is used to host all publicly accessible websites and services. The intention is to protect the internal network from external threats. It is an effective strategy to minimize public exposure of your critical assets as well as limit the damage caused when an intruder is able to penetrate your network. A great definition of a DMZ can be found here.
WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha’s. The gotcha’s occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that.
If you have software/services running on your local network that you want to remotely access, you may have encountered a situation in which your IP address changes periodically. Many ISPs do not assign static IP addresses to non-business accounts especially for IPv4 addresses because they are extremely limited and have technically been exhausted for some time now.
When your modem stays connected for a long period of time with an ISP, it is possible your IP address will not change often.
When you are new to creating VLANs on your network, you may wonder about the necessary steps in order to create a properly functioning VLAN. If you set up OPNsense with one WAN and one LAN interface, it is kind enough to set up a basic configuration for the LAN interface with DHCP enabled and a single firewall rule that allows access to the Internet. You can consider this configuration to be a “flat” network, which means that every device is on the same network and can communicate.
