OPNsense

How to Protect Against the Cable Haunt Vulnerability Using OPNsense

How to Protect Against the Cable Haunt Vulnerability Using OPNsense

Is your modem vulnerable to Cable Haunt and your ISP has not provided a firmware update? Take matters into your own hands!

Cable Haunt is a recent vulnerability that has been found in over 200 million cable modems in Europe and likely many more in other countries as well. Many modern modems use similar Broadcom chipsets and used the same reference firmware which contained the vulnerability. Because of this, the impact of this vulnerability is much greater than it would have been otherwise. Software running in many (probably nearly all) consumer modems have not implemented best practices for security.
Need an Offline Local Network for a Home Lab or IP Video Cameras?

Need an Offline Local Network for a Home Lab or IP Video Cameras?

Configure OPNsense to create an isolated VLAN with no Internet access

Having an offline local network with no Internet access can be useful for a number of reasons. A few that come to mind are home lab networks, non-cloud IoT device networks, and “closed circuit” IP security camera network. For my network, I set up a separate offline IP security camera network using Amcrest IP cameras (affiliate link) as a baby monitor system. The quality is so much better and it is more secure than traditional baby monitors because I can lock down access from outside users.
Accessing Your Home Network with Your Very Own OpenVPN Server on OPNsense

Accessing Your Home Network with Your Very Own OpenVPN Server on OPNsense

Want to access your home network remotely and securely?

A VPN server can provide an encrypted connection to your home network. It is a great way to remotely access your network since it provides a high level of security. Once you are connected to the VPN server, you essentially become a part of the network in which you are connected. This is different than using an SSH server because you are not directly connecting to a single machine on your network.
How to Configure DNS over HTTPS (DoH) Using DNSCrypt-Proxy in OPNsense

How to Configure DNS over HTTPS (DoH) Using DNSCrypt-Proxy in OPNsense

Add more privacy by encrypting your DNS queries!

Historically, DNS is a service that was designed to be unencrypted. Whenever a device from your network is trying to go to a web address, it needs to determine the IP address of the website in order to access it. With the increasing levels of tracking and data sharing/selling, a growing awareness that having DNS traffic unencrypted is not a good idea from a privacy and security standpoint. ISPs and other entities are able to know which sites you visit even if all of your web traffic is encrypted.
How to Configure Split DNS in OPNsense using Unbound DNS

How to Configure Split DNS in OPNsense using Unbound DNS

Want local users to use your internal IP address rather than the external address?

On my home network, I host a few public facing services that my family and I make use of when away from home such as Plex Media Server. On Plex I have limited the bandwidth remote users may use to be slightly less than the maximum of my upload speed so my home network is still usable. I am using my own registered domain name which I use to refer to devices on my network (both internally and externally, which you can read more about with another article I wrote).