Sunny Valley Networks is a company that has partnered with Deciso, the creators of OPNsense, to create a plugin called Sensei which adds deep packet inspection and more to OPNsense. These features add greater visibility into your network. Sensei also has built-in cloud threat intelligence that can be used to block web/application traffic and to prevent known malware attacks. For users who wish to have a low cost option yet have advanced network monitoring and protection, OPNsense with Sensei is a great option to consider.
I have been running Plex Media Server for quite a few years and enjoy self hosting all of my family’s media files. With self hosting, you do not need to rely on the Internet and cloud services. Being in control of your own data increases privacy. Imagine my dismay when my Internet was down in my neighborhood and receiving an error accessing Plex on the Apple TV. Then I tried to access the web interface and the same thing happened.
After I migrated my home server to use Proxmox, I began searching for a new offsite, cloud backup solution. I was using CrashPlan, and my discounted subscription expired. I wanted to know if I could keep the offsite backup costs a little lower than $10 per month (even though that is not a huge expense to ensure your most important files are protected) and also run a lighter weight service.
WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was not overly difficult, but I did struggle with getting everything working together in the same way that I had my OpenVPN configured.
When I first set up my home network using my OPNsense router and was learning firewall rules, I took the approach of allowing only the Unbound DNS service on OPNsense to be accessed and blocking access to all other DNS servers. This simplistic approach works well enough since any rogue access to external DNS servers are simply blocked. Only the DNS resolver on the local network is allowed (unless the DNS requests are encrypted, of course – see note below).