This forum, and the PG site in general, has been hugely useful in helping me adopt more privacy-focused tools and processes. Where I’m stuck right is on the wifi/network facet. Even after reading the Knowledge Base articles, I just don’t quite understand how all the tools fit together and what they each specifically do. (As a non-technical person, this seems by far to be the most difficult facet of the privacy journey.)
Let’s say I’m looking at the OPNsense DEC750 hardware device, Raspberry Pi with Pi-hole, and Mullvad VPN. I have a few questions:
What exactly is the OPNsense hardware device? The OPNsense website doesn’t really make it clear. Is it just a firewall? Is it a modem? Is it a router? If it’s just a firewall, are there particular modems/routers that I should be looking at?
Do the three tools I listed– OPNsense, Pi-hole, Mullvad–fit together, or do I only need one or two of them?
How does updating the OPNsense and Pi hardware work? Once they’re connected to my network, can I just update them from my computer? Do I just have to regularly check to see if updates are available, or is there some type of notification system? Even the installation process is confusing to me– to initially install Pi-hole, do I directly connect the Pi to my computer and download from there?
If this is the case, I think you’re trying to go way overboard with this on the network front from a privacy and security perspective.
I would rather look into getting a FOSS router like the Banana Pi OpenWRT Router and setting up your VPN, DNS, etc. on this instead. This should be more than enough for a lot of threat models.
I think this is part of where my confusion is – no matter what router I get, won’t I still need to setup firewall, DNS, and VPN? What are you describing that is different from what I’m describing?
I have a low threat model, just trying to find a reasonably secure & private setup that doesn’t require a high-end level of technical expertise. I like the idea of self-hosted solutions vs. cloud-based if it’s actually realistic for me.
The router I named is the a new one that is fully open source, and very popular and respected in the privacy community for all that it is. It is very easy to use and set up. Even a non technical person can do it who is atleast a little tech savvy. I assure you.
But yes, you will need to update the router software if there is one, and set that up with the many number of options and features and functionality it has for you to make use of.
Trust me (and others who I’m hoping will chime in support for the Banana Pi OpenWRT router). You can also browse this forum for posts and comments about this device to learn more.
If anyone is reading this thread, hopefully they can corroborate what I am saying.
Don’t waste your money on that, just get any old computer, slam a Mellanox ConnectX-3 into it, and load up OPNsense on it yourself, takes 30 minutes tops.
OPNsense, the fork of pfSense, is based on FreeBSD. FreeBSD’s Wi-Fi support is mediocre at best. I would not recommend building a wireless access point on FreeBSD.
I agree with @JG in that OpenWRT would be an excellent option for router, firewall, and wireless access point.
I run pfSense for router and firewall using a pair of Netgate 4200 devices, and I run OpenWRT for a temporal wireless access point using a Protectli V1211; however, this is not a simple network or hardware configuration.