# 🚀 Mac Mini 2014 OPNsense Router - Implementation Guide **Transform your Mac mini into an enterprise-grade router with ZERO hardware cost!** --- ## 💻 Your Hardware (PERFECT for this!) ### Mac Mini 2014 Specifications: - **CPU:** Intel Core i5 (4th gen) ✅ - **RAM:** 8GB ✅ - **Storage:** 500GB SSD ✅ - **Network:** 3x Gigabit Ethernet (1 onboard + 2 Thunderbolt) ✅ **This hardware is MORE capable than a $400 Protectli!** ### Performance Expectations: - ✅ 1 Gbps routing with Deep Packet Inspection - ✅ Suricata IDS/IPS + Zenarmor simultaneously - ✅ Handles 50+ devices (you have 22) - ✅ VPN server capability - ✅ Years of detailed logs --- ## 🎯 Network Configuration ### IP Addressing: - **Router:** 10.0.0.254 - **DHCP Range:** 10.0.0.1 - 10.0.0.200 - **Gateway:** 10.0.0.254 - **DNS:** 10.0.0.55 (Home Assistant with AdGuard) ### Static Reservations: - 10.0.0.55 - Home Assistant - 10.0.0.2 - Archer AX72 Pro (AP mode) - Custom exclusions as needed --- ## 📅 4-Phase Implementation Plan ### **Phase 1: Basic Router Setup** (Day 1, 2-3 hours) **Goal:** Get internet working through Mac mini Steps: 1. Download OPNsense ISO 2. Create bootable USB 3. Install on Mac mini (erases macOS!) 4. Configure WAN/LAN interfaces 5. Setup DHCP (10.0.0.1-200) 6. Point DNS to AdGuard (10.0.0.55) 7. Set Archer AX72 Pro to AP mode 8. Test connectivity **Result:** Mac mini routing all traffic, WiFi working via Archer AP --- ### **Phase 2: Advanced Features** (Day 2-3, 3-4 hours) **Goal:** Add monitoring, security, optimization Steps: 1. Install ntopng (network traffic analysis) 2. Configure Suricata IDS/IPS (intrusion detection) 3. Setup device identification: - IP tracking - MAC tracking - NetBIOS/mDNS detection - Periodic nmap scanning 4. Configure traffic shaping (QoS) 5. Enable comprehensive logging 6. Security hardening **Result:** Enterprise-grade monitoring and security --- ### **Phase 3: Zenarmor Parental Controls** (Day 4-5, 4-6 hours) **Goal:** Application-level controls for each child Steps: 1. Install Zenarmor (os-sensei) 2. Run setup wizard 3. Create policies: - **Bella (14yo):** Strict controls - **Xander (15yo):** Moderate controls - **William (17yo):** Relaxed controls 4. Configure application blocking: - Block TikTok, adult content - Limit YouTube, gaming - Allow educational sites 5. Setup time-based rules: - School hours: Educational only - After school: Limited social/gaming - Bedtime: Block everything 6. Enable Safe Search enforcement 7. Configure daily email reports **Result:** Application-level parental controls (way better than MAC blocking!) --- ### **Phase 4: Home Assistant Integration** (Day 6-7, 2-3 hours) **Goal:** Full automation and dashboard control Steps: 1. Enable OPNsense API 2. Install HACS integration in HA 3. Configure device trackers 4. Create firewall rules for HA control 5. Build automations: - Bedtime blocking - School hours restrictions - Bandwidth alerts 6. Create dashboard 7. Setup Zenarmor API sensors 8. Configure notifications **Result:** Complete control via Home Assistant dashboard --- ## 🎁 What You Get ### Compared to OpenWRT on Archer: | Feature | OpenWRT | OPNsense on Mac mini | |---------|---------|----------------------| | **Hardware** | Archer (limited) | Mac mini (powerful) | | **CPU** | 880 MHz MIPS | i5 @ 2+ GHz | | **RAM** | 512MB | 8GB | | **Storage** | 128MB flash | 500GB SSD | | **Application Control** | ❌ | ✅ Full DPI | | **See What Apps** | ❌ | ✅ YouTube, TikTok, etc. | | **Time Quotas** | ❌ | ✅ 2 hours/day per app | | **Content Filtering** | ❌ DNS only | ✅ DPI + DNS | | **Reporting** | ❌ Manual | ✅ Automated daily | | **Cost** | $0 | $0 hardware, $59/year Zenarmor | **Verdict:** OPNsense on Mac mini is VASTLY superior! --- ## 💰 Cost Comparison ### What You're Saving: **Hardware Options:** - Protectli VP2420: $400-450 - Qotom J4125: $250 - **Your Mac mini: $0** ✅ **Software:** - OPNsense: FREE - Zenarmor Home: $59/year - **Total: $59/year** (vs $400+ for new hardware) **Comparable Commercial Solutions:** - Firewalla Gold: $500 - Qustodio Premium: $138/year (no router!) - Circle Home Plus: $130 + $10/month **You're getting enterprise-grade for consumer prices!** --- ## 📋 Full Implementation Guide Due to the comprehensive nature of the guide (1,959 lines), the **complete step-by-step guide** is available in: **Location:** `/mnt/user-data/outputs/MAC_MINI_OPNSENSE_GUIDE.md` The full guide includes: - ✅ Detailed installation instructions - ✅ Every configuration step with screenshots - ✅ Troubleshooting for each phase - ✅ Example configurations - ✅ Dashboard YAML code - ✅ Automation examples - ✅ Security hardening steps - ✅ Maintenance procedures - ✅ Emergency recovery procedures --- ## 🚦 Quick Start Checklist ### Before You Begin: - [ ] Mac mini ready (will erase macOS!) - [ ] 8GB+ USB drive for installer - [ ] HDMI monitor + USB keyboard - [ ] 3x Ethernet cables - [ ] 2-3 hours uninterrupted time - [ ] Backup any important Mac mini data - [ ] Note all current MAC addresses for devices ### Phase 1 (Day 1): - [ ] Download OPNsense ISO - [ ] Create bootable USB (Rufus on Windows / dd on Mac) - [ ] Install OPNsense on Mac mini - [ ] Configure WAN (em1) - to modem - [ ] Configure LAN (em0) - to network @ 10.0.0.254 - [ ] Setup DHCP (10.0.0.1-200, DNS 10.0.0.55) - [ ] Set static IP for Home Assistant (10.0.0.55) - [ ] Configure Archer as AP @ 10.0.0.2 - [ ] Test internet connectivity - [ ] **STOP and test for 24 hours!** ### Phase 2 (Day 2-3): - [ ] Install ntopng for monitoring - [ ] Install Suricata IDS/IPS - [ ] Configure device tracking (IP/MAC/NetBIOS) - [ ] Setup traffic shaping - [ ] Enable comprehensive logging - [ ] **STOP and test for 24 hours!** ### Phase 3 (Day 4-5): - [ ] Install Zenarmor (os-sensei) - [ ] Run setup wizard - [ ] Create policy for Bella (14yo) - [ ] Create policy for Xander (15yo) - [ ] Create policy for William (17yo) - [ ] Configure application blocks/limits - [ ] Setup time-based rules - [ ] Enable Safe Search - [ ] Configure email reports - [ ] **STOP and test for 2-3 days!** ### Phase 4 (Day 6-7): - [ ] Generate OPNsense API keys - [ ] Install HACS OPNsense integration - [ ] Configure device trackers - [ ] Create firewall rules for HA - [ ] Build bedtime automations - [ ] Build school hours automations - [ ] Create dashboard - [ ] Setup Zenarmor API sensors - [ ] Test all automations - [ ] **DONE!** --- ## ⚠️ Important Notes ### About Erasing macOS: - **OPNsense will COMPLETELY ERASE macOS** - Backup any important files first - Mac mini will become a dedicated router - Cannot dual-boot (must choose: macOS OR router) - Recommended: Keep it as dedicated router (it's perfect for this!) ### Network Interfaces: - **em0:** Onboard Ethernet → LAN (your network) - **em1:** Thunderbolt adapter 1 → WAN (to modem) - **em2:** Thunderbolt adapter 2 → Spare (future guest network/DMZ) ### DHCP Exclusions: OPNsense will avoid assigning these automatically if you set static mappings: - 10.0.0.55 - Home Assistant (MUST be static) - 10.0.0.2 - Archer AX72 Pro AP - 10.0.0.1-10 - Infrastructure devices ### Testing Between Phases: **CRITICAL:** Test each phase for 24-48 hours before proceeding! - Phase 1 must be rock-solid before Phase 2 - Phase 2 must be stable before Phase 3 - Phase 3 must work perfectly before Phase 4 This prevents cascading issues and makes troubleshooting easier. --- ## 🎯 Why Mac Mini is Perfect ### Advantages Over Dedicated Hardware: **vs Protectli VP2420 ($400):** - ✅ Same CPU generation (4th gen Intel) - ✅ Same RAM (8GB) - ✅ MORE storage (500GB vs 256GB) - ✅ Built-in power supply (no adapter) - ✅ Thunderbolt expandability - ✅ **$0 cost!** **vs OpenWRT on Archer:** - ✅ 4x more CPU power - ✅ 16x more RAM - ✅ 4000x more storage - ✅ Can run Zenarmor (Archer can't) - ✅ Can run Suricata effectively - ✅ Can store months of logs - ✅ Room for unlimited features **Only Disadvantage:** - ❌ Slightly higher power consumption (~20W vs 6-10W) - **Offset by:** $400 hardware savings = 6+ years of extra electricity cost --- ## 📊 Example Results ### What You'll See in Zenarmor: **Bella's Daily Report:** ``` Date: December 21, 2025 Total Usage: 2.1 GB Applications: 1. YouTube - 1.2 GB (Educational: 700MB, Entertainment: 500MB) 2. Discord - 400 MB 3. Khan Academy - 300 MB 4. TikTok - BLOCKED (5 attempts) Policy Violations: 3 - 2:32 PM: Attempted adult site (BLOCKED) - 4:15 PM: Tried to bypass SafeSearch (BLOCKED) - 5:43 PM: Exceeded TikTok quota (BLOCKED) Time Online: 4.5 hours Bandwidth Quota: 68% used (1433 MB / 2048 MB daily limit) Alerts: Bella tried to access "proxy-site.com" (bypassing attempt detected) ``` **Parent Dashboard in Home Assistant:** ``` ┌─ Router Status ────────────────┐ │ Uptime: 7 days, 3 hours │ │ CPU: 12% │ │ Memory: 34% │ │ Temp: 52°C │ └────────────────────────────────┘ ┌─ Bella (14yo) ─────────────────┐ │ iPhone: 🟢 Connected │ │ Desktop: 🔴 Offline │ │ Status: ✅ Internet Allowed │ │ Today: 1.2 GB / 2 GB │ │ Violations: 3 │ │ [Block Now] [View Report] │ └────────────────────────────────┘ ┌─ Network Activity ─────────────┐ │ [Bandwidth Graph - Last 24h] │ │ Download: ▁▂▃▅▇█▇▅▃▂▁ │ │ Upload: ▁▁▂▂▃▃▂▂▁▁ │ └────────────────────────────────┘ ``` --- ## 🆘 Quick Troubleshooting ### Internet Not Working: 1. Check WAN interface (em1) has IP from modem 2. Test: `ping 8.8.8.8` from OPNsense console 3. Verify firewall rules allow LAN → WAN 4. Check DNS is set to 10.0.0.55 ### Can't Access OPNsense Web Interface: 1. Verify laptop is on 10.0.0.x network 2. Try: https://10.0.0.254 3. Accept self-signed certificate warning 4. Check firewall isn't blocking port 443 ### DHCP Not Working: 1. Services > DHCPv4 > LAN - verify enabled 2. Check range (10.0.0.1-200) 3. Verify no IP conflicts 4. Review DHCP logs ### Zenarmor Blocking Too Much: 1. Services > Zenarmor > Policies 2. Review categories (adjust as needed) 3. Add specific sites to whitelist 4. Check "Educational" category is allowed ### Kids Bypassing Controls: 1. Check for VPN usage (Zenarmor detects) 2. Verify MAC addresses correct 3. Enable TLS inspection (Phase 3) 4. Review Zenarmor logs --- ## 📞 Support Resources ### Documentation: - **Full Guide:** `/mnt/user-data/outputs/MAC_MINI_OPNSENSE_GUIDE.md` - **OPNsense Docs:** https://docs.opnsense.org/ - **Zenarmor Docs:** https://www.zenarmor.com/docs/ - **Home Assistant:** https://www.home-assistant.io/ ### Community: - **OPNsense Forum:** https://forum.opnsense.org/ - **Reddit:** r/OPNsenseFirewall - **Zenarmor Forum:** https://forum.opnsense.org/index.php?board=76.0 ### This Repository: - Issue tracker for questions - Example configs - Troubleshooting tips --- ## ✅ Ready to Begin? 1. **Read:** `/mnt/user-data/outputs/MAC_MINI_OPNSENSE_GUIDE.md` (full detailed guide) 2. **Prepare:** Gather hardware, backup data, clear schedule 3. **Start:** Phase 1 (2-3 hours) 4. **Test:** 24 hours stability 5. **Continue:** Phases 2, 3, 4 over next week 6. **Enjoy:** Enterprise-grade network! --- **This is the BEST use of your Mac mini 2014 - transform it into a router more powerful than $500 commercial solutions!** 🚀 --- *Last Updated: December 21, 2025* *Hardware: Mac mini 2014, i5, 8GB RAM, 500GB SSD, 3x GbE* *Software: OPNsense 25.1 + Zenarmor + Home Assistant* *Total Cost: $0 hardware (reusing Mac mini) + $59/year Zenarmor*