jessikitty/ha-wirelesscontrol-migration
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8879a15468671c132b63a69065f6af8eb9cda4b1
ha-wirelesscontrol-migration/OPNSENSE_RECOMMENDATION.md

7.1 KiB
Raw Blame History

OPNsense vs OpenWRT: The Superior Choice

🎯 Bottom Line Recommendation

Buy a Protectli VP2420 ($400-450) and run OPNsense with Zenarmor

Your current hardware (Archer AX72 Pro) becomes a dedicated WiFi Access Point.

Why OPNsense Wins for Your Household

What You Get vs What You Can't Get

Feature OpenWRT on Archer OPNsense + Dedicated HW
Application Control Can't distinguish apps Block TikTok, allow Khan Academy
Traffic Visibility Basic bandwidth totals Full Deep Packet Inspection
Parental Controls All-or-nothing blocking Per-app time quotas & schedules
Reporting Manual log analysis Automated daily email reports
Content Filtering DNS only DPI + DNS + TLS inspection
Cost (5 years) $0 $695 ($400 HW + $295 Zenarmor)

The Game-Changing Difference

OpenWRT Says:

"Bella used 2GB today"

OPNsense with Zenarmor Says:

Bella used 2GB today:
 - 1.2GB YouTube (700MB educational, 500MB entertainment)
 - 500MB TikTok (EXCEEDED QUOTA at 5:43 PM - BLOCKED)
 - 200MB Discord  
 - 100MB Khan Academy

Peak usage: 3-5 PM
Violations: 
 - Attempted adult site at 4:32 PM (BLOCKED)
 - Bypassed SafeSearch at 6:15 PM (BLOCKED)
 - 3rd violation this week (parent alert sent)

That's the difference!

Real-World Example: School Night Gaming

Problem: "Bella is gaming too much during school hours"

OpenWRT Solution:

  • Block ALL internet during school hours
  • OR manually identify gaming server IPs and block those
  • Problem: Can't distinguish homework from gaming
  • Result: Blocks everything or nothing

OPNsense + Zenarmor Solution:

Policy: Bella (14yo) - School Days

7 AM - 3 PM (School Hours):
  ✅ Allow: Educational sites (Khan Academy, school portal)
  ✅ Allow: Research (Wikipedia, Google for homework)
  ❌ Block: Gaming (Fortnite, Roblox, Minecraft, web games)
  ❌ Block: Social Media (TikTok, Instagram, Snapchat)
  ❌ Block: Streaming (YouTube, Netflix, Disney+)

3 PM - 9 PM (After School):
  ✅ Allow: YouTube Educational (2 hours max)
  ⏱️ Limit: Gaming (1 hour max)
  ⏱️ Limit: TikTok (30 minutes max)
  🔒 Force: SafeSearch on all searches

9 PM - 7 AM (Bedtime):
  ❌ Block: Everything except emergency sites

Always:
  ❌ Block: Adult content, Gambling, Violence
  📧 Alert: Parent on violations
  📊 Log: All blocked attempts

OpenWRT CANNOT do this!

Recommended Hardware: Protectli VP2420

Specs ($400-450):

  • CPU: Intel Celeron J6412 (4 cores, 2.0 GHz)
  • RAM: 8GB DDR4 (upgradeable to 32GB)
  • Storage: 256GB M.2 SSD
  • Network: 4x Intel 2.5GbE
  • Power: 6-10W (silent, fanless)

Performance:

  • 1 Gbps with Zenarmor Deep Packet Inspection
  • Runs Suricata IDS/IPS simultaneously
  • Months of detailed logs
  • Room for future features

vs Archer AX72 Pro (for reference):

  • CPU: 880 MHz MIPS
  • RAM: 512MB
  • Storage: 128MB flash
  • Cannot run Zenarmor
  • Cannot do DPI

Cost Justification

5-Year Total:

  • OPNsense: $400 + ($59/year × 5) = $695 total ($11.58/month)
  • Commercial Service (Qustodio): $138/year × 5 = $690
  • OpenWRT: $0 (but basic features only)

OPNsense gives you MORE than commercial services for the SAME price!

Plus you get:

  • Professional firewall
  • Network security (IDS/IPS)
  • Traffic analysis
  • Router redundancy
  • Future upgrade path

What Zenarmor Gives You

1. Live Session Monitoring

See RIGHT NOW what each person is doing:

  • "Bella is watching YouTube (Educational) - 2.5 Mbps"
  • "Xander is on Discord voice chat - 500 Kbps"
  • "William is downloading from Steam - 45 Mbps"

2. Application-Level Blocking

  • "Block TikTok for Bella"
  • "Block Fortnite during school hours"
  • "Block all social media 9 PM - 7 AM"
  • Works even if they use VPNs or proxies!

3. Time Quotas Per App

  • "2 hours of YouTube per day"
  • "1 hour of gaming per day"
  • "30 minutes of TikTok per day"
  • Automatic blocking when exceeded

4. Safe Search Enforcement

  • Google: Forced Safe Search
  • YouTube: Restricted Mode
  • Bing: Strict filtering
  • Cannot be disabled by kids

5. Category-Based Filtering

  • Block: Adult Content, Gambling, Violence (always)
  • Limit: Social Media (time-based)
  • Limit: Streaming (bandwidth-based)
  • Allow: Educational (always)

6. Professional Reporting

Automated daily email:

Daily Report - December 21, 2025

BELLA (14yo):
  Usage: 2.1 GB
  Top Apps: YouTube (1.2GB), Discord (400MB), TikTok (200MB)
  Violations: 3 (attempted adult site, SafeSearch bypass, quota exceeded)
  Time Online: 4.5 hours
  
XANDER (15yo):
  Usage: 3.4 GB
  ...

Home Assistant Integration

OPNsense has OFFICIAL integration:

# Via HACS - auto-creates entities:
device_tracker.opnsense_bella_iphone     # Presence
sensor.opnsense_bella_bandwidth          # Usage  
switch.opnsense_firewall_bella_block     # Control
sensor.opnsense_bella_violations         # Alerts

# Plus Zenarmor API:
sensor.bella_youtube_time_today          # Per-app usage
sensor.bella_policy_violations           # Violation count

OpenWRT requires manual SSH commands:

shell_command:
  block_device: "ssh root@router 'iptables...'"
  
sensor:
  - platform: command_line
    command: "ssh root@router 'nlbwmon...'"

Setup Timeline

OPNsense Path (1 week total):

Day 1: Order Protectli VP2420
Days 2-7: Read docs, watch tutorials
Day 8: Install OPNsense (2 hours)
Day 9: Setup HA + Zenarmor (3 hours)
Day 10: Configure policies (4 hours)
Days 11-14: Test & optimize

Result: Enterprise system for years!

OpenWRT Path (2 weeks):

Week 1: Flash, setup, configure
Week 2: HA integration, testing

Result: Better than stock, but limited.

Decision Factors

Choose OPNsense If:

  • You want to know WHAT apps kids use
  • You need different rules per child
  • You want professional reports
  • You have 3 kids with 22 devices
  • You're willing to invest $400
  • You want it to "just work"

Choose OpenWRT If:

  • $0 budget is critical
  • Basic blocking is sufficient
  • You enjoy tinkering
  • You don't need app-level visibility

Final Verdict

For a household with 3 children (14, 15, 17) and 22 devices, OPNsense on dedicated hardware is the clear winner.

The $400 investment gives you:

  • 🏆 Enterprise-grade parental controls
  • 🔒 Professional network security
  • 📊 Complete visibility
  • 🚀 Room to grow
  • 😌 Peace of mind

It's worth it.

Next Steps

  1. Order: Protectli VP2420 from Protectli.com or Amazon
  2. Read: Full OPNsense setup guide (see DOCS_INDEX.md)
  3. Install: OPNsense (30 minutes)
  4. Configure: Zenarmor policies (few hours)
  5. Enjoy: Professional parental controls!

For complete technical details, see the full OPNSENSE_VS_OPENWRT_COMPARISON.md file (822 lines) in your outputs directory.

This summary captures the key decision points. Your specific needs (3 kids, 22 devices, age-appropriate controls) make OPNsense the obvious choice.

Reference in New Issue View Git Blame Copy Permalink