jessikitty/ha-wirelesscontrol-migration
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ha-wirelesscontrol-migration/OPNSENSE_RECOMMENDATION.md

257 lines
7.1 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# OPNsense vs OpenWRT: The Superior Choice
## 🎯 Bottom Line Recommendation
**Buy a Protectli VP2420 ($400-450) and run OPNsense with Zenarmor**
Your current hardware (Archer AX72 Pro) becomes a dedicated WiFi Access Point.
## Why OPNsense Wins for Your Household
### What You Get vs What You Can't Get
| Feature | OpenWRT on Archer | OPNsense + Dedicated HW |
|---------|-------------------|-------------------------|
| **Application Control** | ❌ Can't distinguish apps | ✅ Block TikTok, allow Khan Academy |
| **Traffic Visibility** | Basic bandwidth totals | **Full Deep Packet Inspection** |
| **Parental Controls** | All-or-nothing blocking | **Per-app time quotas & schedules** |
| **Reporting** | Manual log analysis | **Automated daily email reports** |
| **Content Filtering** | DNS only | **DPI + DNS + TLS inspection** |
| **Cost (5 years)** | $0 | $695 ($400 HW + $295 Zenarmor) |
## The Game-Changing Difference
### OpenWRT Says:
```
"Bella used 2GB today"
```
### OPNsense with Zenarmor Says:
```
Bella used 2GB today:
- 1.2GB YouTube (700MB educational, 500MB entertainment)
- 500MB TikTok (EXCEEDED QUOTA at 5:43 PM - BLOCKED)
- 200MB Discord
- 100MB Khan Academy
Peak usage: 3-5 PM
Violations:
- Attempted adult site at 4:32 PM (BLOCKED)
- Bypassed SafeSearch at 6:15 PM (BLOCKED)
- 3rd violation this week (parent alert sent)
```
**That's the difference!**
## Real-World Example: School Night Gaming
### Problem: "Bella is gaming too much during school hours"
#### OpenWRT Solution:
- Block ALL internet during school hours
- OR manually identify gaming server IPs and block those
- **Problem:** Can't distinguish homework from gaming
- **Result:** Blocks everything or nothing
#### OPNsense + Zenarmor Solution:
```yaml
Policy: Bella (14yo) - School Days
7 AM - 3 PM (School Hours):
✅ Allow: Educational sites (Khan Academy, school portal)
✅ Allow: Research (Wikipedia, Google for homework)
❌ Block: Gaming (Fortnite, Roblox, Minecraft, web games)
❌ Block: Social Media (TikTok, Instagram, Snapchat)
❌ Block: Streaming (YouTube, Netflix, Disney+)
3 PM - 9 PM (After School):
✅ Allow: YouTube Educational (2 hours max)
⏱️ Limit: Gaming (1 hour max)
⏱️ Limit: TikTok (30 minutes max)
🔒 Force: SafeSearch on all searches
9 PM - 7 AM (Bedtime):
❌ Block: Everything except emergency sites
Always:
❌ Block: Adult content, Gambling, Violence
📧 Alert: Parent on violations
📊 Log: All blocked attempts
```
**OpenWRT CANNOT do this!**
## Recommended Hardware: Protectli VP2420
### Specs ($400-450):
- **CPU:** Intel Celeron J6412 (4 cores, 2.0 GHz)
- **RAM:** 8GB DDR4 (upgradeable to 32GB)
- **Storage:** 256GB M.2 SSD
- **Network:** 4x Intel 2.5GbE
- **Power:** 6-10W (silent, fanless)
### Performance:
- ✅ 1 Gbps with Zenarmor Deep Packet Inspection
- ✅ Runs Suricata IDS/IPS simultaneously
- ✅ Months of detailed logs
- ✅ Room for future features
### vs Archer AX72 Pro (for reference):
- CPU: 880 MHz MIPS ❌
- RAM: 512MB ❌
- Storage: 128MB flash ❌
- **Cannot run Zenarmor** ❌
- **Cannot do DPI** ❌
## Cost Justification
### 5-Year Total:
- **OPNsense:** $400 + ($59/year × 5) = **$695 total** ($11.58/month)
- **Commercial Service (Qustodio):** $138/year × 5 = **$690**
- **OpenWRT:** $0 (but basic features only)
**OPNsense gives you MORE than commercial services for the SAME price!**
Plus you get:
- Professional firewall
- Network security (IDS/IPS)
- Traffic analysis
- Router redundancy
- Future upgrade path
## What Zenarmor Gives You
### 1. Live Session Monitoring
See RIGHT NOW what each person is doing:
- "Bella is watching YouTube (Educational) - 2.5 Mbps"
- "Xander is on Discord voice chat - 500 Kbps"
- "William is downloading from Steam - 45 Mbps"
### 2. Application-Level Blocking
- "Block TikTok for Bella"
- "Block Fortnite during school hours"
- "Block all social media 9 PM - 7 AM"
- Works even if they use VPNs or proxies!
### 3. Time Quotas Per App
- "2 hours of YouTube per day"
- "1 hour of gaming per day"
- "30 minutes of TikTok per day"
- Automatic blocking when exceeded
### 4. Safe Search Enforcement
- Google: Forced Safe Search
- YouTube: Restricted Mode
- Bing: Strict filtering
- **Cannot be disabled by kids**
### 5. Category-Based Filtering
- Block: Adult Content, Gambling, Violence (always)
- Limit: Social Media (time-based)
- Limit: Streaming (bandwidth-based)
- Allow: Educational (always)
### 6. Professional Reporting
Automated daily email:
```
Daily Report - December 21, 2025
BELLA (14yo):
Usage: 2.1 GB
Top Apps: YouTube (1.2GB), Discord (400MB), TikTok (200MB)
Violations: 3 (attempted adult site, SafeSearch bypass, quota exceeded)
Time Online: 4.5 hours
XANDER (15yo):
Usage: 3.4 GB
...
```
## Home Assistant Integration
### OPNsense has OFFICIAL integration:
```yaml
# Via HACS - auto-creates entities:
device_tracker.opnsense_bella_iphone # Presence
sensor.opnsense_bella_bandwidth # Usage
switch.opnsense_firewall_bella_block # Control
sensor.opnsense_bella_violations # Alerts
# Plus Zenarmor API:
sensor.bella_youtube_time_today # Per-app usage
sensor.bella_policy_violations # Violation count
```
### OpenWRT requires manual SSH commands:
```yaml
shell_command:
block_device: "ssh root@router 'iptables...'"
sensor:
- platform: command_line
command: "ssh root@router 'nlbwmon...'"
```
## Setup Timeline
### OPNsense Path (1 week total):
**Day 1:** Order Protectli VP2420
**Days 2-7:** Read docs, watch tutorials
**Day 8:** Install OPNsense (2 hours)
**Day 9:** Setup HA + Zenarmor (3 hours)
**Day 10:** Configure policies (4 hours)
**Days 11-14:** Test & optimize
**Result:** Enterprise system for years!
### OpenWRT Path (2 weeks):
**Week 1:** Flash, setup, configure
**Week 2:** HA integration, testing
**Result:** Better than stock, but limited.
## Decision Factors
### Choose OPNsense If:
- ✅ You want to know WHAT apps kids use
- ✅ You need different rules per child
- ✅ You want professional reports
- ✅ You have 3 kids with 22 devices
- ✅ You're willing to invest $400
- ✅ You want it to "just work"
### Choose OpenWRT If:
- ✅ $0 budget is critical
- ✅ Basic blocking is sufficient
- ✅ You enjoy tinkering
- ✅ You don't need app-level visibility
## Final Verdict
For a household with **3 children (14, 15, 17)** and **22 devices**, **OPNsense on dedicated hardware is the clear winner**.
The $400 investment gives you:
- 🏆 Enterprise-grade parental controls
- 🔒 Professional network security
- 📊 Complete visibility
- 🚀 Room to grow
- 😌 Peace of mind
**It's worth it.**
## Next Steps
1. **Order:** Protectli VP2420 from Protectli.com or Amazon
2. **Read:** Full OPNsense setup guide (see DOCS_INDEX.md)
3. **Install:** OPNsense (30 minutes)
4. **Configure:** Zenarmor policies (few hours)
5. **Enjoy:** Professional parental controls!
---
**For complete technical details, see the full OPNSENSE_VS_OPENWRT_COMPARISON.md file (822 lines) in your outputs directory.**
---
*This summary captures the key decision points. Your specific needs (3 kids, 22 devices, age-appropriate controls) make OPNsense the obvious choice.*
Reference in New Issue View Git Blame Copy Permalink