Routers

How to Run OPNsense in a Proxmox Virtual Machine for Evaluation Purposes

How to Run OPNsense in a Proxmox Virtual Machine for Evaluation Purposes

Virtualize OPNsense as your primary router or for evaluation purposes

Have you wanted to take a look at OPNsense without installing it to a dedicated machine and/or deploying it as your primary home router/firewall? The easiest way to evaluate OPNsense without installing it on separate hardware is to virtualize it. I wrote about running OPNsense in VirtualBox. Now that I run Proxmox on my server instead of Ubuntu (I still use Ubuntu for many of my LXCs/VMs on Proxmox), I wanted to run OPNsense on Proxmox so I may use when writing content for this site.
A Feature Comparison of the OPNsense Plugin Sensei by Sunny Valley Networks

A Feature Comparison of the OPNsense Plugin Sensei by Sunny Valley Networks

What is Sensei and what is the difference between the Free Edition and Home Edition?

Sunny Valley Networks is a company that has partnered with Deciso, the creators of OPNsense, to create a plugin called Sensei which adds deep packet inspection and more to OPNsense. These features add greater visibility into your network. Sensei also has built-in cloud threat intelligence that can be used to block web/application traffic and to prevent known malware attacks. For users who wish to have a low cost option yet have advanced network monitoring and protection, OPNsense with Sensei is a great option to consider.
How to Configure the WireGuard VPN Server in OPNsense

How to Configure the WireGuard VPN Server in OPNsense

Seeking a faster, lighter weight, and potentially more secure VPN server to access your home network? Check out WireGuard VPN...

WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was not overly difficult, but I did struggle with getting everything working together in the same way that I had my OpenVPN configured.
How to Redirect all DNS Requests to a Local DNS Resolver

How to Redirect all DNS Requests to a Local DNS Resolver

Force all devices on your network to use your local DNS resolver

When I first set up my home network using my OPNsense router and was learning firewall rules, I took the approach of allowing only the Unbound DNS service on OPNsense to be accessed and blocking access to all other DNS servers. This simplistic approach works well enough since any rogue access to external DNS servers are simply blocked. Only the DNS resolver on the local network is allowed (unless the DNS requests are encrypted, of course – see note below).
How to Configure DNS over TLS (DoT) Using Unbound DNS in OPNsense

How to Configure DNS over TLS (DoT) Using Unbound DNS in OPNsense

Increase the security and privacy of DNS requests? Yes please...

Previously, I wrote about how to configure DNS over HTTPS using DNSCrypt-Proxy. Since Unbound DNS in OPNsense does not support DNS over HTTPS (DoH) directly, it was necessary to use the DNSCrypt-Proxy plugin. The plugin also supports DNS over TLS (DoT). However, I discovered while browsing Reddit that Unbound gained native support for DoT at some point in time, which is very nice. Because of built-in support for DoT, the configuration of DNS over TLS becomes pretty trivial.