WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha’s. The gotcha’s occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that.
If you have software/services running on your local network that you want to remotely access, you may have encountered a situation in which your IP address changes periodically. Many ISPs do not assign static IP addresses to non-business accounts especially for IPv4 addresses because they are extremely limited and have technically been exhausted for some time now. When your modem stays connected for a long period of time with an ISP, it is possible your IP address will not change often.
When you are new to creating VLANs on your network, you may wonder about the necessary steps in order to create a properly functioning VLAN. If you set up OPNsense with one WAN and one LAN interface, it is kind enough to set up a basic configuration for the LAN interface with DHCP enabled and a single firewall rule that allows access to the Internet. You can consider this configuration to be a “flat” network, which means that every device is on the same network and can communicate.
Pi-hole is open source software which provides ad blocking (and more) for your entire home network. It does this by blocking known ad serving domains. Pi-hole even has the ability to block network requests to malicious domains if the domain name is contained in one of the block lists. The high level statistics compiled by Pi-hole provides a much greater insight to what is going on in your home network.
After installing OPNsense, the default login is the root user. Logging in as the root user is generally not advised because the root user has full access to files and processes. Linux users, for instance, are asked to create a separate user account upon installation. The user can then use the sudo command to elevate privileges to perform administrative tasks. If the user’s account is compromised, in theory the root account is still protected (assuming there is no privilege escalation vulnerability being exploited or the password has been discovered).