jessikitty/ha-wirelesscontrol-migration

Fork 0

Files

jessikitty 8879a15468 Add Mac mini OPNsense implementation summary and roadmap

2025-12-21 01:26:15 +11:00

12 KiB

Raw Permalink Blame History

🚀 Mac Mini 2014 OPNsense Router - Implementation Guide

Transform your Mac mini into an enterprise-grade router with ZERO hardware cost!

💻 Your Hardware (PERFECT for this!)

Mac Mini 2014 Specifications:

CPU: Intel Core i5 (4th gen) ✅
RAM: 8GB ✅
Storage: 500GB SSD ✅
Network: 3x Gigabit Ethernet (1 onboard + 2 Thunderbolt) ✅

This hardware is MORE capable than a $400 Protectli!

Performance Expectations:

✅ 1 Gbps routing with Deep Packet Inspection
✅ Suricata IDS/IPS + Zenarmor simultaneously
✅ Handles 50+ devices (you have 22)
✅ VPN server capability
✅ Years of detailed logs

🎯 Network Configuration

IP Addressing:

Router: 10.0.0.254
DHCP Range: 10.0.0.1 - 10.0.0.200
Gateway: 10.0.0.254
DNS: 10.0.0.55 (Home Assistant with AdGuard)

Static Reservations:

10.0.0.55 - Home Assistant
10.0.0.2 - Archer AX72 Pro (AP mode)
Custom exclusions as needed

📅 4-Phase Implementation Plan

Phase 1: Basic Router Setup (Day 1, 2-3 hours)

Goal: Get internet working through Mac mini

Steps:

Download OPNsense ISO
Create bootable USB
Install on Mac mini (erases macOS!)
Configure WAN/LAN interfaces
Setup DHCP (10.0.0.1-200)
Point DNS to AdGuard (10.0.0.55)
Set Archer AX72 Pro to AP mode
Test connectivity

Result: Mac mini routing all traffic, WiFi working via Archer AP

Phase 2: Advanced Features (Day 2-3, 3-4 hours)

Goal: Add monitoring, security, optimization

Steps:

Install ntopng (network traffic analysis)
Configure Suricata IDS/IPS (intrusion detection)
Setup device identification:
- IP tracking
- MAC tracking
- NetBIOS/mDNS detection
- Periodic nmap scanning
Configure traffic shaping (QoS)
Enable comprehensive logging
Security hardening

Result: Enterprise-grade monitoring and security

Phase 3: Zenarmor Parental Controls (Day 4-5, 4-6 hours)

Goal: Application-level controls for each child

Steps:

Install Zenarmor (os-sensei)
Run setup wizard
Create policies:
- Bella (14yo): Strict controls
- Xander (15yo): Moderate controls
- William (17yo): Relaxed controls
Configure application blocking:
- Block TikTok, adult content
- Limit YouTube, gaming
- Allow educational sites
Setup time-based rules:
- School hours: Educational only
- After school: Limited social/gaming
- Bedtime: Block everything
Enable Safe Search enforcement
Configure daily email reports

Result: Application-level parental controls (way better than MAC blocking!)

Phase 4: Home Assistant Integration (Day 6-7, 2-3 hours)

Goal: Full automation and dashboard control

Steps:

Enable OPNsense API
Install HACS integration in HA
Configure device trackers
Create firewall rules for HA control
Build automations:
- Bedtime blocking
- School hours restrictions
- Bandwidth alerts
Create dashboard
Setup Zenarmor API sensors
Configure notifications

Result: Complete control via Home Assistant dashboard

🎁 What You Get

Compared to OpenWRT on Archer:

Feature	OpenWRT	OPNsense on Mac mini
Hardware	Archer (limited)	Mac mini (powerful)
CPU	880 MHz MIPS	i5 @ 2+ GHz
RAM	512MB	8GB
Storage	128MB flash	500GB SSD
Application Control	❌	✅ Full DPI
See What Apps	❌	✅ YouTube, TikTok, etc.
Time Quotas	❌	✅ 2 hours/day per app
Content Filtering	❌ DNS only	✅ DPI + DNS
Reporting	❌ Manual	✅ Automated daily
Cost	$0	$0 hardware, $59/year Zenarmor

Verdict: OPNsense on Mac mini is VASTLY superior!

💰 Cost Comparison

What You're Saving:

Hardware Options:

Protectli VP2420: $400-450
Qotom J4125: $250
Your Mac mini: $0 ✅

Software:

OPNsense: FREE
Zenarmor Home: $59/year
Total: $59/year (vs $400+ for new hardware)

Comparable Commercial Solutions:

Firewalla Gold: $500
Qustodio Premium: $138/year (no router!)
Circle Home Plus: $130 + $10/month

You're getting enterprise-grade for consumer prices!

📋 Full Implementation Guide

Due to the comprehensive nature of the guide (1,959 lines), the complete step-by-step guide is available in:

Location: /mnt/user-data/outputs/MAC_MINI_OPNSENSE_GUIDE.md

The full guide includes:

✅ Detailed installation instructions
✅ Every configuration step with screenshots
✅ Troubleshooting for each phase
✅ Example configurations
✅ Dashboard YAML code
✅ Automation examples
✅ Security hardening steps
✅ Maintenance procedures
✅ Emergency recovery procedures

🚦 Quick Start Checklist

Before You Begin:

Mac mini ready (will erase macOS!)
8GB+ USB drive for installer
HDMI monitor + USB keyboard
3x Ethernet cables
2-3 hours uninterrupted time
Backup any important Mac mini data
Note all current MAC addresses for devices

Phase 1 (Day 1):

Download OPNsense ISO
Create bootable USB (Rufus on Windows / dd on Mac)
Install OPNsense on Mac mini
Configure WAN (em1) - to modem
Configure LAN (em0) - to network @ 10.0.0.254
Setup DHCP (10.0.0.1-200, DNS 10.0.0.55)
Set static IP for Home Assistant (10.0.0.55)
Configure Archer as AP @ 10.0.0.2
Test internet connectivity
STOP and test for 24 hours!

Phase 2 (Day 2-3):

Install ntopng for monitoring
Install Suricata IDS/IPS
Configure device tracking (IP/MAC/NetBIOS)
Setup traffic shaping
Enable comprehensive logging
STOP and test for 24 hours!

Phase 3 (Day 4-5):

Install Zenarmor (os-sensei)
Run setup wizard
Create policy for Bella (14yo)
Create policy for Xander (15yo)
Create policy for William (17yo)
Configure application blocks/limits
Setup time-based rules
Enable Safe Search
Configure email reports
STOP and test for 2-3 days!

Phase 4 (Day 6-7):

Generate OPNsense API keys
Install HACS OPNsense integration
Configure device trackers
Create firewall rules for HA
Build bedtime automations
Build school hours automations
Create dashboard
Setup Zenarmor API sensors
Test all automations
DONE!

⚠️ Important Notes

About Erasing macOS:

OPNsense will COMPLETELY ERASE macOS
Backup any important files first
Mac mini will become a dedicated router
Cannot dual-boot (must choose: macOS OR router)
Recommended: Keep it as dedicated router (it's perfect for this!)

Network Interfaces:

em0: Onboard Ethernet → LAN (your network)
em1: Thunderbolt adapter 1 → WAN (to modem)
em2: Thunderbolt adapter 2 → Spare (future guest network/DMZ)

DHCP Exclusions:

OPNsense will avoid assigning these automatically if you set static mappings:

10.0.0.55 - Home Assistant (MUST be static)
10.0.0.2 - Archer AX72 Pro AP
10.0.0.1-10 - Infrastructure devices

Testing Between Phases:

CRITICAL: Test each phase for 24-48 hours before proceeding!

Phase 1 must be rock-solid before Phase 2
Phase 2 must be stable before Phase 3
Phase 3 must work perfectly before Phase 4

This prevents cascading issues and makes troubleshooting easier.

🎯 Why Mac Mini is Perfect

Advantages Over Dedicated Hardware:

vs Protectli VP2420 ($400):

✅ Same CPU generation (4th gen Intel)
✅ Same RAM (8GB)
✅ MORE storage (500GB vs 256GB)
✅ Built-in power supply (no adapter)
✅ Thunderbolt expandability
✅ $0 cost!

vs OpenWRT on Archer:

✅ 4x more CPU power
✅ 16x more RAM
✅ 4000x more storage
✅ Can run Zenarmor (Archer can't)
✅ Can run Suricata effectively
✅ Can store months of logs
✅ Room for unlimited features

Only Disadvantage:

❌ Slightly higher power consumption (~20W vs 6-10W)
Offset by: $400 hardware savings = 6+ years of extra electricity cost

📊 Example Results

What You'll See in Zenarmor:

Bella's Daily Report:

Date: December 21, 2025

Total Usage: 2.1 GB
Applications:
  1. YouTube - 1.2 GB (Educational: 700MB, Entertainment: 500MB)
  2. Discord - 400 MB
  3. Khan Academy - 300 MB
  4. TikTok - BLOCKED (5 attempts)

Policy Violations: 3
  - 2:32 PM: Attempted adult site (BLOCKED)
  - 4:15 PM: Tried to bypass SafeSearch (BLOCKED)  
  - 5:43 PM: Exceeded TikTok quota (BLOCKED)

Time Online: 4.5 hours
Bandwidth Quota: 68% used (1433 MB / 2048 MB daily limit)

Alerts: Bella tried to access "proxy-site.com" (bypassing attempt detected)

Parent Dashboard in Home Assistant:

┌─ Router Status ────────────────┐
│ Uptime: 7 days, 3 hours        │
│ CPU: 12%                       │
│ Memory: 34%                    │
│ Temp: 52°C                     │
└────────────────────────────────┘

┌─ Bella (14yo) ─────────────────┐
│ iPhone: 🟢 Connected           │
│ Desktop: 🔴 Offline            │
│ Status: ✅ Internet Allowed    │
│ Today: 1.2 GB / 2 GB          │
│ Violations: 3                  │
│ [Block Now] [View Report]      │
└────────────────────────────────┘

┌─ Network Activity ─────────────┐
│ [Bandwidth Graph - Last 24h]   │
│ Download: ▁▂▃▅▇█▇▅▃▂▁         │
│ Upload:   ▁▁▂▂▃▃▂▂▁▁          │
└────────────────────────────────┘

🆘 Quick Troubleshooting

Internet Not Working:

Check WAN interface (em1) has IP from modem
Test: ping 8.8.8.8 from OPNsense console
Verify firewall rules allow LAN → WAN
Check DNS is set to 10.0.0.55

Can't Access OPNsense Web Interface:

Verify laptop is on 10.0.0.x network
Try: https://10.0.0.254
Accept self-signed certificate warning
Check firewall isn't blocking port 443

DHCP Not Working:

Services > DHCPv4 > LAN - verify enabled
Check range (10.0.0.1-200)
Verify no IP conflicts
Review DHCP logs

Zenarmor Blocking Too Much:

Services > Zenarmor > Policies
Review categories (adjust as needed)
Add specific sites to whitelist
Check "Educational" category is allowed

Kids Bypassing Controls:

Check for VPN usage (Zenarmor detects)
Verify MAC addresses correct
Enable TLS inspection (Phase 3)
Review Zenarmor logs

📞 Support Resources

Documentation:

Full Guide: /mnt/user-data/outputs/MAC_MINI_OPNSENSE_GUIDE.md
OPNsense Docs: https://docs.opnsense.org/
Zenarmor Docs: https://www.zenarmor.com/docs/
Home Assistant: https://www.home-assistant.io/

Community:

OPNsense Forum: https://forum.opnsense.org/
Reddit: r/OPNsenseFirewall
Zenarmor Forum: https://forum.opnsense.org/index.php?board=76.0

This Repository:

Issue tracker for questions
Example configs
Troubleshooting tips

✅ Ready to Begin?

Read: /mnt/user-data/outputs/MAC_MINI_OPNSENSE_GUIDE.md (full detailed guide)
Prepare: Gather hardware, backup data, clear schedule
Start: Phase 1 (2-3 hours)
Test: 24 hours stability
Continue: Phases 2, 3, 4 over next week
Enjoy: Enterprise-grade network!

This is the BEST use of your Mac mini 2014 - transform it into a router more powerful than $500 commercial solutions! 🚀

Last Updated: December 21, 2025
Hardware: Mac mini 2014, i5, 8GB RAM, 500GB SSD, 3x GbE
Software: OPNsense 25.1 + Zenarmor + Home Assistant
Total Cost: $0 hardware (reusing Mac mini) + $59/year Zenarmor

12 KiB Raw Permalink Blame History

🚀 Mac Mini 2014 OPNsense Router - Implementation Guide

💻 Your Hardware (PERFECT for this!)

Mac Mini 2014 Specifications:

Performance Expectations:

🎯 Network Configuration

IP Addressing:

Static Reservations:

📅 4-Phase Implementation Plan

Phase 1: Basic Router Setup (Day 1, 2-3 hours)

Phase 2: Advanced Features (Day 2-3, 3-4 hours)

Phase 3: Zenarmor Parental Controls (Day 4-5, 4-6 hours)

Phase 4: Home Assistant Integration (Day 6-7, 2-3 hours)

🎁 What You Get

Compared to OpenWRT on Archer:

💰 Cost Comparison

What You're Saving:

📋 Full Implementation Guide

🚦 Quick Start Checklist

Before You Begin:

Phase 1 (Day 1):

Phase 2 (Day 2-3):

Phase 3 (Day 4-5):

Phase 4 (Day 6-7):

⚠️ Important Notes

About Erasing macOS:

Network Interfaces:

DHCP Exclusions:

Testing Between Phases:

🎯 Why Mac Mini is Perfect

Advantages Over Dedicated Hardware:

📊 Example Results

What You'll See in Zenarmor:

🆘 Quick Troubleshooting

Internet Not Working:

Can't Access OPNsense Web Interface:

DHCP Not Working:

Zenarmor Blocking Too Much:

Kids Bypassing Controls:

📞 Support Resources

Documentation:

Community:

This Repository:

✅ Ready to Begin?

12 KiB

Raw Permalink Blame History