Why building a custom OPNsense firewall was my best home networking upgrade

I was ecstatic when we were finally able to make the move from Fibre to the Cabinet (FTTC) to Fibre to the Premises (FTTP) or “full fibre”. It completely changed how we were able to use the internet and provided much-needed bandwidth for all my home labbing. Glorious 1 Gbps speeds from our selected ISP enabled us to enjoy around 80-90 MB/s worth of download speeds with a hampered 10 MB/s upload limit. Availability has been rock solid, but this wasn’t the best upgrade for my home network.

Upgrading the broadband from 500 Mbps to 1 Gbps is a substantial jump forward, but it’s still not quite matching what I would rate as the absolute best upgrade I’ve made to the Local Area Network (LAN). This was building my own OPNsense-powered firewall. Replacing the older Netgear router we used in place of our ISP device, the new wired-only firewall is an absolute unit and provides the means to create a reliable, yet highly capable LAN for the future.

A custom firewall is great for a home lab

It’s almost a must-have

Building your own firewall is a great achievement when you’re ready to leave consumer units or ISP-provided hardware. There are a few software options available, but we recommend giving OPNsense a go. Just about anything with a compatible processor can run OPNsense, everything from used enterprise servers to a single-board computer (SBC). So long as you can have two Network Interface Cards (NICs) for WAN and LAN gateways, you’re good to go.

I picked up an affordable $150 fanless mini PC with an Intel N3700 processor and four 2.5Gb Ethernet ports. After adding a small boot SSD and 16 GB of RAM, the firewall was ready for OPNsense to be installed. The entire process took less than 10 minutes from start to finish, and I had a new network up and running within half an hour. Though not perfect (I would like to move to a new system with 10Gb SFP links), it’s proven to be reliable enough for keeping the LAN alive for almost a year.

Building your own firewall is a great achievement when you’re ready to leave consumer units or ISP-provided hardware.

Though not everyone requires a custom firewall, it’s almost a requirement for a home lab and running your own services. Running anything beyond bare metal, you’re going to want to isolate your network somehow, especially when throwing smart home products into the mix. I swear by Virtual LANs (VLANs) as they’re an invaluable tool for providing some security to your home by segmenting clients into virtual networks.

Even if your router supports VLANs, it may be a relatively rudimentary implementation. I needed this functionality to create a guest network, as well as VLANs for servers and other infrastructure. Keeping everything isolated ensured nothing connected to anything it wasn’t supposed to — even I have limits when it comes to trusting lesser-known branded devices. OPNsense even allowed me to configure DDNS and internal DNS overrides to make it easier to access all our self-hosted content.

I value security over speed

Full control over everything

Improving network speed is one thing, but I much prefer healthy security measures when it comes to the LAN at home. That said, through creating my own firewall, I was able to hit two birds with one stone, thanks to the 2.5 Gb LAN ports. This was a notable upgrade over the 1 Gb ports on the ISP and consumer routers we previously used. This essentially upgraded the LAN with 2.5x the bandwidth and provided some future proofing for increased broadband speeds.

Where OPNsense really takes off compared to standard routers is support and control. You have full ownership of the firewall and are now in charge of handling system updates and configurations. The settings available through OPNsense can be daunting at first when moving from consumer hardware, but it’s worth checking through all the various sections to learn more about how your network works and what can be achieved through the software.

For starters, OPNsense is continuously developed and is freely available to all. This means that so long as you keep the software updated, your firewall will be rocking the latest and greatest packages from OPNsense and the wider Linux community. Contrast that with branded routers, where support isn’t guaranteed outside of the designated periods offered by the manufacturer. Once your router reaches end of life (EOL), you’ll need to replace it.

Other advanced networking features, such as Quality of Service (QoS), link aggregation, and traffic shaping, can all help to improve network performance both inside and outside the home. Even though building a new firewall may not immediately unlock better speeds, the network can be configured to provide precisely that through enhancements and refinements to how traffic is handled across the LAN.

Building your own firewall is fun

This is something that isn’t often associated with networking, but creating something from scratch can be incredibly rewarding. It’s why the home lab has become such a popular hobby and why more people are looking to self-host as much as possible. It’s a great way to learn something new, develop new skills, and be rewarded with a notably more capable LAN that’s not only more secure, but can be configured in such a way as not possible with standard routers.