6 OPNsense plugins that make a home network a joy to use

2025-05-03 15:38:32

gadgeteer@hub.netzgemeinde.eu

6 OPNsense plugins that make a home network a joy to use

“When you finally get tired of your ISP router, one of the most-recommended replacements is making your own with a custom OPNsense firewall. This puts the power back in your hands, limits what your ISP can do to your connection, and gives you plenty of protection and features you've been missing all this time. But one of the awesome things about OPNsense isn't just that it's a powerful router, but that you can make it even better by installing other services as plugins.”

OPNsense is a fork of PFsense, with a more modern UI, more regular updates, and slightly lighter resource requirements.

The plugins listed are all very useful, but it is worth also just making some comments about some of them here, as I've been using a few of them myself after having considered alternatives:
* Zenarmor can be used for free, but it will then lack the device tracking and alerting for unknown devices, as well as the more advanced rules management and additional profiles. For me, the device identification and management was quite key. Zenarmor is ideal for protecting the LAN side of the firewall by inspecting every network packet, and blocking/altering regarding known and emerging threats. It is similar to the free ntopng plugin, but ntopng really only analyses and inspects, and does no blocking. If you are interested in buying the Zenarmor subscription, my referral code SVNCDQ4TQW294 will get you 10% off your first payment (month or year).
* OPNsense does have a built-in IDS/IPS system, but the issue really is you have to configure the rules to be downloaded, and then set them to alert/block, and it is a rather cumbersome process.
* CrowdSec is ideal for blocking threats from outside your WAN, also compared to known threats. The free version is usually good enough for most people, and it adjusts the blocking rules of OPNsense.
* Tailscale is a remote access tool that is based on WireGuard. For me, its big advantage can be that it is easier to configure end devices for access, and it will work well with dynamic IP addresses. Although Tailscale is a commercial product, the free version will do what most home users require.
* The linked article mentions os-git-backup plugin for backing up config changes, but I am using the Nextcloud plugin to back up automatically to my own Nextcloud.

It is really worth exploring the OPNsense plugins as they can provide some really rich extra functionality. Just bear in mind everything may not work, e.g. the SMART drive plugin does not work with my Protectli eMMC drive.

See 6 OPNsense plugins that make my home network a joy to use

OPNsense has tons of awesome plugins to use.

#technology #OPNsense #security #networking

technology security networking OPNsense