I’m a pretty novice person considering installing opnsense for my personal home use.
Their documentation has what would seem to be incomplete hardware requirement.
For example it does not list any network hardware. I assume you need at least 1 Ethernet connection. I recall reading somewhere that you might need 2 network cards? One for in and one for out?
What about network card specs? I have old computers lying around that exceed the CPU/RAM/SSD requirements but cards are practically antiques. Should I upgrade? If so, to what?
ETA: The best internet I could subscribe to where I’m at is 1024 Mbps down, 50 Mbps up. So don’t worry about wasting fibre speeds. :(
Does anyone know about a more thorough description of requirements?
For hosting/homelab you probably want 3 network interfaces (WAN/LAN/DMZ), you can get away with only two (WAN/LAN) got it gets kinda dangerous if your server gets hacked.
Resources depends on what you want to do, just running a router/firewall doesn’t require many resources, but running full IDS/IPS require a lot of resources.
Does “interface” mean you need separate cards? Or you have a single card with multiple interfaces?
Is DMZ like a guest network?
I looked up “IDS/IPS” and it wounds like something I would prefer to avoid doing if I can.
I can be a card with multiple interfaces, or a device with multiple onboard interfaces.
Hardware like https://eu.protectli.com/ and Chinese clones is very popular, it has everything you need in a single box.
I was hoping to make use of one of the various computers I have cluttering this place up so I could justify continuing the collection. ;)
Do you know how to determine suitability of an existing card, or how to correctly purchase a replacement?
I think most server cards will work.
You can run it in a VM, I’m using an Intel I350-T4 in my VMware server, never had any issues with it.
What’s a server card?
I’d prefer to avoid VMs if possible I never had much luck with them.
You can buy multi-port Intel ethernet cards cheap on eBay. But a used one and drop it into your computer. If you stick to Intel you should have a better time with driver support under OPNsense, and it would enable you to have separate ports for VLANs if you wanted to get fancy.
thanks! so for example: Intel Gigabit Dual PORT GIGABIT ETHERNET PCIe NIC Card EXPI9402PT NC360T which is CA$30. Does that sound right?
Yes, that kind of thing. I can’t guarantee it will work but I’ve had good luck with Intel cards in the past. You can get 4-port ones too.
just to check my understanding: a 4 port card provides different capability than a 1 or 2 port card with a switch attached, yes?
DMZ is usually where you put servers that should be externally accessible
it’s like a guest network in that it is a separate network segment with different filtering/forwarding rules than the main local network
that sounds useful.
i like to keep things separate when plausible.