Blogs
Getting Started With a Home Lab

Getting Started With a Home Lab

March 15, 2022

A well designed home lab is a marvel of a thing and a source of endless possibilities for useful services to make life easier without sacrificing privacy. If you are new to creating a home lab then the first question is where to start. After running my home lab for a few years now I can easily say that the most important place to start is at the router coming into your home. It is the entry point to everything and a capable full featured router is essential to everything you will do and is the front line of defense to what can be a hostile Internet.

I do not recommend the commercial routers that you will find on Amazon or WalMart. The reason is simple. They are not secure! A router manufacturer generally provides firmware updates for a specific model for a year or two and then they abandon all support as they move to the new model. Often times the model names and numbers stay the same but the hardware internals change radically which further complicates finding and installing the proper updated firmware. The end result is that most routers out there are a huge security risk to everything on your network.

A few routers will allow the install of open source firmware such as OpenWRT or DD_WRT. These are better options and are updated regularly but they simply do not have the feature set you will ultimately need to run a home lab. They may check a few more boxes when it comes to the functionality you will need but the best options are pfSense and OPNsense.

I ran pfSense for a few years and it is a good product. It is feature rich and has the capabilities you will need. It is stable and receives regular updates. However, it is not the best option. The company behind pfSense leaves a lot to be desired and the product just has too much drama behind it. Also, updates and new features are very SLOW to market and often buggy on initial release.

I eventually switched to a what I consider a better option and that is OPNsense. OPNsense has all the features of pfSense. It is truly open source and has an active community. Releases and security patches happen quite frequently, generally monthly. Bugs are fixed quickly and the product is every bit as stable as pfSense without all the company drama. Besides, it’s nice to support a truly open source option.

So what are the key features you need for your home lab that OPNsense provides that a commercial router may or may not provide:

  • Automatic security certificates via Let’s Encrypt so you can do https to your public services. You will need to own a domain. One is enough since you can create unlimited subdomains.
  • Proxy and load balance servers on your network to the public Internet via HAProxy
  • Inbound VPN access for secure access to services that don’t need to be accessible 7×24
  • An outbound VPN to keep your ISP from hijacking your DNS and other data mining activities.
  • Intrusion detection and prevention systems to block malicious users
  • Robust firewall rules to isolate your lab and IOT devices from your users. Do you really want some 3rd party device running on the same network as the one you bank from? With firewall rules you control who/what has Internet access and what can talk to what.

You can run OPNsense on a used PC workstation from eBay for under $100 and it is the best investment you will make for your home lab. Simply add a multiport network card and you will have what you need to get started. There is a learning curve. I wont sugar coat it. There is more time involved in managing a full featured router. But once it is up and running you will wonder how you ever operated without it and ongoing maintenance after the initial setup is worth the investment.

With OPNsense you now have the start of a topology that will support whatever your future plans may include. Such as a VOIP telephony server, a hosted email solution, home automation, a number of docker services, etc. The list goes on…

Geoip Blocking Made SimpleMailcow vs Docker Mailserver