How To's

How to set up a more advanced home network.

How to Photo by Mathis_GERMA from Pixabay

Disable Logging into OPNsense as the Root User

Disable Logging into OPNsense as the Root User

Allowing root user logins is not normally a good idea...

After installing OPNsense, the default login is the root user. Logging in as the root user is generally not advised because the root user has full access to files and processes. Linux users, for instance, are asked to create a separate user account upon installation. The user can then use the sudo command to elevate privileges to perform administrative tasks. If the user's account is compromised, in theory the root account is still protected (assuming there is no privilege escalation vulnerability being exploited or the password has been discovered).
OPNsense Firewall Rule "Cheat Sheet"

OPNsense Firewall Rule "Cheat Sheet"

A quick guide to creating firewall rules in various situations

When looking up information on how to write firewall rules in OPNsense, you may be looking for specific examples on how to block or allow certain types of network traffic rather than how to write firewall rules in general. This is especially true once you become more experienced and comfortable with writing rules. I thought it would be a good idea to consolidate a variety of scenarios into a single how-to that could be used as a quick reference guide.
How to Protect Against the Cable Haunt Vulnerability Using OPNsense

How to Protect Against the Cable Haunt Vulnerability Using OPNsense

Is your modem vulnerable to Cable Haunt and your ISP has not provided a firmware update? Take matters into your own hands!

Cable Haunt is a recent vulnerability that has been found in over 200 million cable modems in Europe and likely many more in other countries as well. Many modern modems use similar Broadcom chipsets and used the same reference firmware which contained the vulnerability. Because of this, the impact of this vulnerability is much greater than it would have been otherwise. Software running in many (probably nearly all) consumer modems have not implemented best practices for security.
Need an Offline Local Network for a Home Lab or IP Video Cameras?

Need an Offline Local Network for a Home Lab or IP Video Cameras?

Configure OPNsense to create an isolated VLAN with no Internet access

Having an offline local network with no Internet access can be useful for a number of reasons. A few that come to mind are home lab networks, non-cloud IoT device networks, and “closed circuit” IP security camera network. For my network, I set up a separate offline IP security camera network that I am using as a baby monitor system (the quality is so much better and it is more secure than traditional baby monitors because I can lock down access from outside users).
Accessing Your Home Network with Your Very Own VPN Server on OPNsense

Accessing Your Home Network with Your Very Own VPN Server on OPNsense

Want to access your home network remotely and securely?

A VPN server can provide an encrypted connection to your home network. It is a great way to remotely access your network since it provides a high level of security. Once you are connected to the VPN server, you essentially become a part of the network in which you are connected. This is different than using an SSH server because you are not directly connecting to a single machine on your network.