this post was submitted on 06 Mar 2026
20 points (95.5% liked)

Selfhosted

57238 readers
468 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
20
OPNsense Mini PC Suggestion + Switch + AP? (And running cables) (lemmy.blahaj.zone)
submitted 14 hours ago by Imaginary_Stand4909@lemmy.blahaj.zone to c/selfhosted@lemmy.world
9 comments fedilink hide all child comments
 

Hi, it's me again. I like to think that my endless questions help fuel community engagement to feel less bad :sweat_smile:

So like the title says, I'm interested in running an OPNsense router for my home network so I can do better firewall filtering for both security and privacy (ad-blocking, phoning home, etc.) purposes. I found this video by Dave's Garage that talks about running OPNsense in Transparent Filtering Bridge mode. I also researched that it's better to use a switch and APs for any wireless traffic rather than having the router/firewall combo do it, so any hardware suggestions there? Here's info about my network:

  • 500 Mbps download and 50 Mbps upload speeds (stick with 1 Gbps ports right?)
  • My Proxmox homelab is wired connection only, so I need to use one of the switch ports for it
  • We do have a door camera (I pray it's not Ring...), so I should set up VLANs right?
    • VLAN ideas: Guests, Family/Home, IoT, Homelab specifically? (any others suggestion VLANs/segmentation???)
    • Maybe I'll do selfhosted IoT devices in the future because of this? ~~The homelab must grow~~
  • My mom watches a lot of YT on our FireTV, so any guides on what IPs to block for that?

So what Mini PC should I stick with (just 2 ports for WAN & LAN is fine right)? Do I need to avoid any specific brand NICs (do Mediatek cards suck)? What 4-port switch would be good? What wireless AP is recommended? Furthermore, how do you go about running cables in your home? The coax plate that my modem is connected to is literally in the corner of my house. The Wifi is bad in some spots because of this, so we've thought about extenders. But if I do my homelab and have a wireless AP, I can just run an Ethernet cable from the switch to a properly placed AP (I guess I'd need PoE then...) right? My mom is afraid of tripping on wires and while I say to just run them along the baseboard, she's doubting me.

top 9 comments
sorted by: hot top controversial new old
[–] grue@lemmy.world 1 points 5 hours ago

Furthermore, how do you go about running cables in your home?

You watch some Youtube videos about how to do it and then you follow the instructions.

It's going to depend a lot on the construction details of your house:

  • Do you have wooden framing (common in the US), masonry (common in Europe, as I understand it), or something else?
  • Do you have access to an attic or basement/crawlspace?
  • Do you need to run wires on exterior walls (which means dealing with insulation), or just interior ones?

For me (wooden frame construction, accessible attic and basement), I didn't find it to be too difficult. Is it work? Yeah, of course. But it's not that bad, and I recommend spending the effort because having proper wall plates wtih in-wall wires is way nicer than having stuff snaking along surfaces.

[–] eleitl@lemmy.zip 2 points 7 hours ago (1 children)

Look at protectli, there are equivalent devices on aliexpress if too expensive. If you're particular about open source, try finding ones with openboot.

Use a PoE switch, or a power injector for AP. If open source, OpenWRT APs.

[–] jubilationtcornpone@sh.itjust.works 2 points 6 hours ago

Second Protectli. They are solid little x86 boxes with no moving parts.

[–] Decronym@lemmy.decronym.xyz 1 points 7 hours ago* (last edited 5 hours ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
AP WiFi Access Point
PCIe Peripheral Component Interconnect Express
PoE Power over Ethernet
Unifi Ubiquiti WiFi hardware brand
VPN Virtual Private Network

5 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.

[Thread #138 for this comm, first seen 6th Mar 2026, 11:40] [FAQ] [Full list] [Contact] [Source code]

[–] m4ylame0wecm@lemmy.zip 2 points 13 hours ago* (last edited 13 hours ago)

I would go with the separate AP route unless your firewall device is conveniently located and want to add a wireless card to whatever firewall box. You'll need something new for wireless anyway once you plop the firewall in front of the modem.

Used enterprise APs can be good value. Unifi is super easy, reasonably priced, and you can run the controller/management thing as a container on your proxmox for localamagemrnt. Then probably ly anything supported by OpenWRT you can find cheap. Their hardware db might be helpful for comparing models/features in general.

Power for AP can use a poe injector at the switch or AP side of the run. Or whatever power adapter (many "APs" still have some DC power).

Cable runs along baseboards is fine. You can get cable channels and have it look super neat. Way cheaper, there's little nail in cable rings for exactly that too. Pick a cable color that matches, or paint the channels. If there's decent coax run all over the house, you could do adapters to avoid a cabling job.

Some random (GMKtek?) N100 dual nic thing runs my opnSense (VM on proxmox) at 1Gbps throughout, through I have minimal filtering applied now. I haven't tested wireguard/VPN throughput or anything heavy though.

Switch you need anything managed for the VLANs. "Smart" or "Lite" I think get thrown around a lot too for basic managed. If you're into labbing, again the used business/enterprise can get any range of features. Just have to deal with the noise/power/heat.

Edit: run pihole or adguard home as a container, then have that as the dns given by the current router/dhcp. Should help with filtering until you have something in-line.

[–] ProperlyProperTea@lemmy.ml 2 points 13 hours ago

PC prices are crazy right now, but if you can find a used Lenovo ThinkCentre, I'd go for that.

I'm running an m720q and it's neat because you can get a riser board and install an extra PCIe NIC of your choosing.

If you don't want to go that route try to find a mini PC with 2 intel NICs, since they're historically the most reliable and well supported.

Depending on the firestick you may be able to jailbreak it.

[–] dlakelan@mastodon.sdf.org 0 points 14 hours ago (2 children)

@Imaginary_Stand4909

If you're gonna dedicate the hardware to OPNSense or any other router software, then get something not too expensive. A Raspberry Pi 4 can route and traffic shape a gigabit without breaking a sweat, so you don't need much mini PC just to do routing. N150, N100, N95, or whatever are fine.

If you want to combine functions, running something like Proxmox and putting OPNSense on a VM, then get yourself something more capable, Ryzen 5 or 7 7000 series maybe, 16 GB of RAM

[–] cmnybo@discuss.tchncs.de 2 points 11 hours ago

OPNsense doesn't officially support ARM. You need an x86 PC for it unless you want to mess with an experimental build.

OpenWRT does support the Raspberry Pi though. You will want the Pi 5 for that since it has PCIe to connect an ethernet card to.

[–] dlakelan@mastodon.sdf.org 1 points 14 hours ago

@Imaginary_Stand4909

Whatever you get make sure it has 2 NICs, and I like to bond them and put them into a LAG on the switch.

Get a managed switch, low end Zyxel is better and more secure than the low end TP-link, the higher end TP-Links are more featureful than the higher end Zyxels.