OPNsense will run on just about anything, including a low-power Raspberry Pi single-board computer (SBC). I have an old Minisforum NucBox 2 collecting dust and decided to throw OPNsense on the system to act as a testbench of sorts for loading up plugins, configuring various parts of the firewall OS, and testing deployments before applying changes to my primary OPNsense device, which was a purchase specifically for running as a router.

What you'll need to run OPNsense

Not much, but don't go overboard

OPNsense has fairly lax requirements, you could even run it through a virtual machine, though I advise against using virtualization for your networking infrastructure. Should the system running the VM go offline, your entire network will drop. The Minisforum NucBox 2 mini PC I'm using for this setup and guide has everything we need for a capable OPNsense firewall. It's not the most powerful system around, but it'll more than get the job done.

Inside this mighty little box is an 8th-gen Intel Core i5-8259U quad-core processor, capable of boosting to 3.80 GHz though we won't push the CPU hard at all. Joining this processor is 8 GB of DDR4 RAM, more than enough for handling the firewall and routing traffic across the LAN. The 256 GB SSD is also excellent for storing and running OPNsense, so we won't need to rely on a USB drive outside installation.

The best part about this mini PC is the dual LAN stack. We've got two 1Gb LAN ports. Sure, it's not 2.5Gb, but having two ports means we don't need to mess around with USB network interface controller (NIC) adapters, though we may require a few if no network switch will be used and you have a few devices to wire up to the OPNsense box. Being a mini PC also means the OPNsense system will take up very little space, especially compared to an old desktop PC.

So long as you have an x86-64 CPU, more than 2 GB of RAM, and a drive with at least 4 GB of space, you can install and run OPNsense. Repurposing an old desktop PC opens up other avenues too, including NIC PCI expansion cards, though selling the system and purchasing a used mini PC or dedicated passively cooled device would be the better option here. Using NIC adapters of any kind with OPNsense wouldn't be as good as picking up a cheap unmanaged switch.

Setting up the OPNsense firewall

This is easier done than said

Installing OPNsense is easy. My esteemed colleague, Ayush Pande, wrote a comprehensive guide on each step required to download, write, and install OPNsense. Suffice it to say, you'll need a free USB drive, a downloaded ISO of OPNsense, the device you'll repurpose as an OPNsense router-cum-firewall, and about 20 minutes. The installation process is fairly straightforward and OPNsense can often automatically detect and configure WAN and LAN connections.

Once up and running, you'll be able to configure virtual LANs (VLANs), virtual private networks (VPNs), dynamic domain name service (DDNS), reverse proxies, SSL certifications, and much more. The Minisforum NucBox 2 uses up to around 10% of its CPU power with a few devices connected to the LAN and a fiber link at full throttle. These specifications are largely overkill for such a device, but the fan is quiet and effective, and the system is fairly efficient.

Depending on which device you plan on using for OPNsense (or pfSense for that matter), it's important to create a dummy network using the device with a few of your primary systems connected. This can prove useful for determining whether it can handle the load. If everything runs smoothly with zero issues, you can replace the ISP-supplied router with OPNsense, a switch, and a wireless access point (or two).