Secure Home Network with OPNsense

-
I was working on some smart home project as I bought a new home earlier this year.  With more and more devices connected to my home network then to Internet.  I do have some concerns regarding the security of those devices.  For two reasons:
  1. Quite of the smart home devices need to have Internet connection and being controlled by some SaaS platform
  2. Any devices in my home network can communicate with the smart home devices
  3. Smart home devices can freely talk to other devices in my home network
In order to provide some protection to the home network and those smart home devices, I decided to bring some open source software firewall to segregate the traffic for different types of the devices.
After doing some research, I decided to go with OPNsense firewall.  According to the article on Wikipedia, OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso. It is a fork of pfSense, which in turn was forked from m0n0wall built on FreeBSD.  A few reasons OPNsence is chosen,
  • FreeBSD is known to be a relatively reliable open source operating system
  • FreeBSD has good performance when using as a router to route traffic between different network interfaces
  • FreeBSD is one of the operating system that I am familiar with
  • OPNsense is using a relatively new FreeBSD kernel, so it support more new hardwares
  • OPNsense provides a Web GUI for management tasks
With the network firewall in place, I am planning to set up the network like this.
The firewall will filter all traffic between the home network VLANs and Internet.  Meanwhile, it will also filter the traffic between different home VLANs.  Some general ideas like
  • Devices in guest VLAN should only have the access to Internet but not any other devices either in User VLAN or IOT VLAN.
  • Devices in IOT VLAN can have Internet access, but they should not access other devices either in User VLAN or IOT VLAN.  But computers in User VLAN can access the devices in IOT VLAN for device management purposes.
  • ...
In order to run the software firewall, I purchased a barebones firewall appliance, which comes with an Intel Core I5-5200U CPU, four 10/100/1000 Mbps ethernet port. More important, it's fanless!

Comments

Post a Comment

Popular posts from this blog

Dropping Into "initramfs" Prompt After Installing Ubuntu 22.04 LTS on to Dell VRTX Server

-
Image
Background During one of the recent projects, I want to install a Linux OS onto a Dell VRTX server. Without checking the hardware compatibility list and with limited knowledge about the Dell VRTX server platform, I started to install Ubuntu 20.04 LTS on one of the server blades in the chassis. And running into some interesting issues, which forces me to learn more about the Dell VRTX platform and Linux OS. Though spending quite a lot of effort in sorting out the issue, I am happy to share it with others who are interested to know more about it. Server blades inside the Dell VRTX chassis have no hard hard drive installed. But the chassis enclosure has 25 2.5 in SAS hard drive installed. Before starting the whole process, I picked up two of the SAS hard drive and created a RAID-1 logical drive, and assigned it to the server blade. I thought the system would be able to boot from the new logical drive. The Start of the Problem After inserting the USB disk with Ubuntu 22.04, the server blad...
Read more

Ubuntu 22.04 Multipath I/O Problem with Dell VRTX

-
Image
High-Level Architecture of Dell PowerEdge VRTX In the previous article , I explain the issue I am running into when installing Ubuntu 22.04 on a Dell VRTX server.  To understand a little bit more about what went wrong and potentially fix the problem, I tried to know how the Dell VRTX server was designed. After some googling, I found the  Technical Guide from Dell.  It revealed a pretty interesting design of the system.  The Dell VRTX system is designed to be a Cost-Effective Hyperconverged server system for a small office environment or remote office environment, where there are some compute power is needed but not on a large scale.  One Dell VRTX chassis can host up to 4 server blades, up to 25 x 2.5 in. NLSAS, SAS, or SAS SSD hot-plug drives (not including the hard drive bays on the server blades), and 8 flexible PCIe slots.  All those hard drives, PCIe slots, and network ports belong to the Dell VRTX chassis.  The chassis management syste...
Read more