DIY OPNsense Router Build (x86 Firewall Appliance)

Executive Summary

This project documents the design and deployment of a custom x86-based router/firewall using OPNsense and repurposed enterprise hardware. The objective was to build a low-cost, professional-grade routing platform while gaining hands-on experience with hardware constraints, network interface selection, and FreeBSD driver compatibility. The system now operates as a functional WAN/LAN router and serves as the foundation for future network security projects.

Project Objectives

• Build a dedicated router/firewall using open-source software rather than consumer hardware.
• Maintain physical separation between WAN and LAN interfaces.
• Select stable, enterprise-supported network hardware compatible with FreeBSD / OPNsense.
• Document the hardware design and installation process for portfolio use.

Environment and Hardware

Base System

• Dell OptiPlex 3070 Small Form Factor
• Intel Core i5 (soldered CPU)
• 8 GB DDR4 RAM
• 500 GB SATA HDD
• Onboard Realtek Ethernet controller

Additional Network Interface

• Additional 8 GB RAM
• 128 GB NVMe SSD
• M.2 Key-E to RJ45 Ethernet adapter
• Chipset: Intel i210
• Bus: PCIe (native, not USB)
• Driver: FreeBSD igb

Operating System

• OPNsense (FreeBSD-based firewall/router OS)

Design Constraints and Decisions

The OptiPlex Small Form Factor chassis limited use of the primary PCIe expansion slot due to physical clearance under the drive cage. To maintain dual-interface routing without modifying the chassis, the onboard M.2 Key-E WLAN slot was repurposed to host a dedicated Ethernet adapter.

The Intel i210 chipset was intentionally selected due to:

• Native FreeBSD driver support (igb)
• Proven stability in firewall and appliance workloads
• Compatibility with OPNsense and future IDS/VPN features

This approach provided physical WAN/LAN separation while avoiding unreliable USB-based adapters.

Implementation Process

1. Removed the original Wi-Fi adapter from the M.2 Key-E slot and installed the Intel i210 Ethernet adapter.
2. Created OPNsense installation media and installed the operating system onto the OptiPlex system.
3. Verified hardware detection during boot and through the OPNsense console.
4. Identified network interfaces:
   • igb0 – Intel i210 (M.2 adapter)
   • re0 – Onboard Realtek NIC
5. Assigned interfaces:
   • WAN: igb0 (Intel i210)
   • LAN: re0 (onboard Realtek)

Placing the Intel interface on the untrusted WAN side prioritized stability and driver reliability for inbound traffic handling.

Validation and Testing

• Confirmed link negotiation and interface status on both NICs.
• Verified DHCP address assignment on the WAN interface.
• Confirmed LAN address assignment and management access via the OPNsense web interface.
• Observed correct driver loading (igb) and stable interface initialization.

The router successfully initialized with functional WAN/LAN separation and was ready for integration into the home network.

Outcome

The project resulted in a fully operational custom router/firewall appliance with:

• Dedicated physical WAN and LAN interfaces
• Intel-based primary network interface for stability
• Expandable x86 platform suitable for advanced routing and security features

This system now serves as the core routing platform for future network segmentation, monitoring, and security experimentation.

Skills and Concepts Demonstrated

• Hardware selection under mechanical and form-factor constraints
• FreeBSD driver validation and interface identification
• OPNsense installation and base interface configuration
• Enterprise-style router/firewall platform design

Next Steps

• Firewall policy design
• VLAN segmentation
• Centralized logging
• SIEM integration