jessikitty/ha-wirelesscontrol-migration
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Add comprehensive OPNsense vs OpenWRT recommendation

Browse Source
This commit is contained in:
jessikitty
2025-12-21 01:13:22 +11:00
parent ee3cf9e5a8
commit 7be2f91ac4
1 changed files with 256 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

256
OPNSENSE_RECOMMENDATION.md Normal file
View File

@@ -0,0 +1,256 @@
# OPNsense vs OpenWRT: The Superior Choice
## 🎯 Bottom Line Recommendation
**Buy a Protectli VP2420 ($400-450) and run OPNsense with Zenarmor**
Your current hardware (Archer AX72 Pro) becomes a dedicated WiFi Access Point.
## Why OPNsense Wins for Your Household
### What You Get vs What You Can't Get
| Feature | OpenWRT on Archer | OPNsense + Dedicated HW |
|---------|-------------------|-------------------------|
| **Application Control** | ❌ Can't distinguish apps | ✅ Block TikTok, allow Khan Academy |
| **Traffic Visibility** | Basic bandwidth totals | **Full Deep Packet Inspection** |
| **Parental Controls** | All-or-nothing blocking | **Per-app time quotas & schedules** |
| **Reporting** | Manual log analysis | **Automated daily email reports** |
| **Content Filtering** | DNS only | **DPI + DNS + TLS inspection** |
| **Cost (5 years)** | $0 | $695 ($400 HW + $295 Zenarmor) |
## The Game-Changing Difference
### OpenWRT Says:
```
"Bella used 2GB today"
```
### OPNsense with Zenarmor Says:
```
Bella used 2GB today:
- 1.2GB YouTube (700MB educational, 500MB entertainment)
- 500MB TikTok (EXCEEDED QUOTA at 5:43 PM - BLOCKED)
- 200MB Discord
- 100MB Khan Academy
Peak usage: 3-5 PM
Violations:
- Attempted adult site at 4:32 PM (BLOCKED)
- Bypassed SafeSearch at 6:15 PM (BLOCKED)
- 3rd violation this week (parent alert sent)
```
**That's the difference!**
## Real-World Example: School Night Gaming
### Problem: "Bella is gaming too much during school hours"
#### OpenWRT Solution:
- Block ALL internet during school hours
- OR manually identify gaming server IPs and block those
- **Problem:** Can't distinguish homework from gaming
- **Result:** Blocks everything or nothing
#### OPNsense + Zenarmor Solution:
```yaml
Policy: Bella (14yo) - School Days
7 AM - 3 PM (School Hours):
✅ Allow: Educational sites (Khan Academy, school portal)
✅ Allow: Research (Wikipedia, Google for homework)
❌ Block: Gaming (Fortnite, Roblox, Minecraft, web games)
❌ Block: Social Media (TikTok, Instagram, Snapchat)
❌ Block: Streaming (YouTube, Netflix, Disney+)
3 PM - 9 PM (After School):
✅ Allow: YouTube Educational (2 hours max)
⏱️ Limit: Gaming (1 hour max)
⏱️ Limit: TikTok (30 minutes max)
🔒 Force: SafeSearch on all searches
9 PM - 7 AM (Bedtime):
❌ Block: Everything except emergency sites
Always:
❌ Block: Adult content, Gambling, Violence
📧 Alert: Parent on violations
📊 Log: All blocked attempts
```
**OpenWRT CANNOT do this!**
## Recommended Hardware: Protectli VP2420
### Specs ($400-450):
- **CPU:** Intel Celeron J6412 (4 cores, 2.0 GHz)
- **RAM:** 8GB DDR4 (upgradeable to 32GB)
- **Storage:** 256GB M.2 SSD
- **Network:** 4x Intel 2.5GbE
- **Power:** 6-10W (silent, fanless)
### Performance:
- ✅ 1 Gbps with Zenarmor Deep Packet Inspection
- ✅ Runs Suricata IDS/IPS simultaneously
- ✅ Months of detailed logs
- ✅ Room for future features
### vs Archer AX72 Pro (for reference):
- CPU: 880 MHz MIPS ❌
- RAM: 512MB ❌
- Storage: 128MB flash ❌
- **Cannot run Zenarmor** ❌
- **Cannot do DPI** ❌
## Cost Justification
### 5-Year Total:
- **OPNsense:** $400 + ($59/year × 5) = **$695 total** ($11.58/month)
- **Commercial Service (Qustodio):** $138/year × 5 = **$690**
- **OpenWRT:** $0 (but basic features only)
**OPNsense gives you MORE than commercial services for the SAME price!**
Plus you get:
- Professional firewall
- Network security (IDS/IPS)
- Traffic analysis
- Router redundancy
- Future upgrade path
## What Zenarmor Gives You
### 1. Live Session Monitoring
See RIGHT NOW what each person is doing:
- "Bella is watching YouTube (Educational) - 2.5 Mbps"
- "Xander is on Discord voice chat - 500 Kbps"
- "William is downloading from Steam - 45 Mbps"
### 2. Application-Level Blocking
- "Block TikTok for Bella"
- "Block Fortnite during school hours"
- "Block all social media 9 PM - 7 AM"
- Works even if they use VPNs or proxies!
### 3. Time Quotas Per App
- "2 hours of YouTube per day"
- "1 hour of gaming per day"
- "30 minutes of TikTok per day"
- Automatic blocking when exceeded
### 4. Safe Search Enforcement
- Google: Forced Safe Search
- YouTube: Restricted Mode
- Bing: Strict filtering
- **Cannot be disabled by kids**
### 5. Category-Based Filtering
- Block: Adult Content, Gambling, Violence (always)
- Limit: Social Media (time-based)
- Limit: Streaming (bandwidth-based)
- Allow: Educational (always)
### 6. Professional Reporting
Automated daily email:
```
Daily Report - December 21, 2025
BELLA (14yo):
Usage: 2.1 GB
Top Apps: YouTube (1.2GB), Discord (400MB), TikTok (200MB)
Violations: 3 (attempted adult site, SafeSearch bypass, quota exceeded)
Time Online: 4.5 hours
XANDER (15yo):
Usage: 3.4 GB
...
```
## Home Assistant Integration
### OPNsense has OFFICIAL integration:
```yaml
# Via HACS - auto-creates entities:
device_tracker.opnsense_bella_iphone # Presence
sensor.opnsense_bella_bandwidth # Usage
switch.opnsense_firewall_bella_block # Control
sensor.opnsense_bella_violations # Alerts
# Plus Zenarmor API:
sensor.bella_youtube_time_today # Per-app usage
sensor.bella_policy_violations # Violation count
```
### OpenWRT requires manual SSH commands:
```yaml
shell_command:
block_device: "ssh root@router 'iptables...'"
sensor:
- platform: command_line
command: "ssh root@router 'nlbwmon...'"
```
## Setup Timeline
### OPNsense Path (1 week total):
**Day 1:** Order Protectli VP2420
**Days 2-7:** Read docs, watch tutorials
**Day 8:** Install OPNsense (2 hours)
**Day 9:** Setup HA + Zenarmor (3 hours)
**Day 10:** Configure policies (4 hours)
**Days 11-14:** Test & optimize
**Result:** Enterprise system for years!
### OpenWRT Path (2 weeks):
**Week 1:** Flash, setup, configure
**Week 2:** HA integration, testing
**Result:** Better than stock, but limited.
## Decision Factors
### Choose OPNsense If:
- ✅ You want to know WHAT apps kids use
- ✅ You need different rules per child
- ✅ You want professional reports
- ✅ You have 3 kids with 22 devices
- ✅ You're willing to invest $400
- ✅ You want it to "just work"
### Choose OpenWRT If:
- ✅ $0 budget is critical
- ✅ Basic blocking is sufficient
- ✅ You enjoy tinkering
- ✅ You don't need app-level visibility
## Final Verdict
For a household with **3 children (14, 15, 17)** and **22 devices**, **OPNsense on dedicated hardware is the clear winner**.
The $400 investment gives you:
- 🏆 Enterprise-grade parental controls
- 🔒 Professional network security
- 📊 Complete visibility
- 🚀 Room to grow
- 😌 Peace of mind
**It's worth it.**
## Next Steps
1. **Order:** Protectli VP2420 from Protectli.com or Amazon
2. **Read:** Full OPNsense setup guide (see DOCS_INDEX.md)
3. **Install:** OPNsense (30 minutes)
4. **Configure:** Zenarmor policies (few hours)
5. **Enjoy:** Professional parental controls!
---
**For complete technical details, see the full OPNSENSE_VS_OPENWRT_COMPARISON.md file (822 lines) in your outputs directory.**
---
*This summary captures the key decision points. Your specific needs (3 kids, 22 devices, age-appropriate controls) make OPNsense the obvious choice.*