Any desktop computer + Intel dual GB NIC + opnsense and you have an amazingly powerful router. Add in a Raspberry Pi running the Omada controller software and some Omada access points and you have an inexpensive and very robust WiFi network. Don’t forget to turn on auto updates for opnsense.
I moved away from the x86 box to Mikrotik after a late night spent debugging NIC issues in BSD/Debian (Proxmox VM)
They have inexpensive devices (Hex wired router will handle up to about 1 Gbps), and they receive software updates for longer than any hw manufacturer I can think of.
The main gateway router in my household has become something that needs to work reliably, not something I can (or want to) tinker with all that much. The MT devices are infinitely flexible, but rock solid and cheap.
I recently switched to opnsense on bare metal on an N105 with dual 2.5g NIC, after having been quite happy for many years running a bunch of Asus routers on Merlin.
My main goals were to improve throughput and security. Opnsense seems to work well OOTB, but being a dilettante in these matters I must admit to having a nagging anxiety that I may have misconfigured something important.
Any recommendations for a reliable way to check that?
Do you have a particularly complex setup or a typical home LAN with Wi-Fi? If the latter, chances are you did not do anything bad as the defaults are sane and safe. Look over Firewall -> Rules to make sure you aren’t opening any ports that shouldn’t be. Put your phone on a cell network and try to log into your box using your public IPv4 and IPv6 address. Try to run nmap against the same from a remote server (you can get a cheap or free one from Vultr for example). If you have IPv6, try to for example access ssh running on a computer inside your network from the outside, or even just nmap that address.
