I have a new spare time (yes, I do have some spare time now and then) project: Re-building my home network so it runs IPv6 only. Yes. No legacy IP. Devices only get an IPv6 address. If they want to communicate with a device on the internet which is IPv4 only, a technique called NAT64 (and DNS64) needs to be used.
My current firewall (actually I have two firewalls) – an Ubiquity Security Gateway – cannot do that. The USG feels like abandonware anyway – no real software update for a year now. So time to get rid of it. Step by step. I mentioned two firewalls – connection to the outside world is actually a Fritzbox (very popular home router in Germany) which brings everything a standard uses needs. But I am not a standard user. I am a network engineer.
So here is the plan: Replace the USG by something more powerful and flexible. After a lot of reading I decided to build an OPNsense based firewall. First step was to get the hardware and install OPNsense. It can run on any Intel based system, but for a firewall device, the following items are needed:
- At least two Ethernet interfaces
- Low power (it runs round the clock)
The system I decided for is a Chinese mini-pc, called HSIPC J4125. There are cheaper options, but I decided for the version with 8GB memory and 120GB SSD. It arrived today with pfSense (another firewall I did not want to run for reasons) pre-installed. You can see it above in the picture. I have not opened it up yet (I am an engineer – I open things up to look whats inside), but when I do I will post a picture. Promised.
First task was to remove pfSense and to install OPNsense. It took me a while because I could not figure out how to get into the BIOS of that box and change it to “boot from USB”. It did not help that my monitor (connected via HDMI) takes some time to pick up the signal after the box boots. At the end I figured out that I can start the USB bootloader by entering “chain disk1” from the FreeBSD boot prompt. And thats all for today, the rest of the OPNsense installation worked out like described.
To be continued.
Did the same effort last night. Hitting the Delete key during boot processing get you into the American Megatrends (AMI) boot menu. You can use the Boot tab to increase the delay for subsequent boots.