Replacing the router brain. Notes for the next person doing the same in their basement.
permalink nebrivI had been running an off-the-shelf consumer router for about eight years too long. It worked fine until it didn’t.
In February I finally rebuilt the network around an OPNSense box, a small managed switch, and four VLANs that actually have semantic meaning. The new setup has been up for ninety days at the time of this writing, which is a record. Here’s what I wish I’d known.
Most home-lab guides assume you start from zero. This one assumes you are migrating a working network you can’t take down for a weekend. I had to keep the lights on.
I drew this on graph paper before I bought a thing. Recommend the practice. Four VLANs is the minimum useful number. Anything less and the IoT lightbulbs end up on the same network as your laptop, anything more and you spend the rest of your life writing firewall rules.
vlan10 for the trusted machines, vlan20 for IoT, vlan30 for the lab itself, vlan40 for guest traffic with bandwidth caps.
OPNSense runs on a small N100 mini PC with two NICs. The install is straightforward: boot from USB, set a root password, click through the wizard. Spent the first hour poking around the dashboard remembering why I never liked FreeBSD.
The DNS rebuild was the part that surprised me. I expected pain; I got Unbound, which just works. Two minutes of config and it has been resolving everything correctly since.
WireGuard is small enough that I should have done it years ago and instead spent those years configuring OpenVPN. The whole tunnel is about thirty lines of config split across two devices. I had it working in an evening.
The single best quality-of-life upgrade in a home lab is a local resolver with a sane naming scheme. I named everything in my house the same way: kitchen.lab, printer.lab, plex.lab. Never remembering an IP address again is worth the hour it takes to set up.
If you take one thing away from this post, take this: spend a Saturday on your local DNS. It will not be a wasted Saturday.