Firewall throughput measurements: OPNsense on APU4d4, OPNsense in a Proxmox VM, and OpenWRT on Turris Omnia

Getting OPNsense to perform well on a low-powered CPU, e.g. the APU4d4 board, can be tricky. As there are some open questions, this post summarizes some measurements taken in a home lab setup.

Enabling per-device traffic analysis with separate VLANs, 802.1x MAC based authentication, and OpenWRT

Why For analysing what devices do on a network - specifically the shared medium of a wireless LAN - just packet tracing based on IP address is often not sufficient. There are multicasts, the initial DHCP requests, and potentially other types of traffic not captured by that. Even MAC address based packet tracing is problematic given recent defaults of MAC address randomization e.g. on Android (default since Android 10, optional before).

Transparent Tor-ifying VLAN (separated WLAN SSID) with OpenWRT

Why Tor allows to anonymize Internet traffic through onion routing, typically via 3 separate hops. At INS, we run one of the fastest Tor exit nodes in Austria, and provide statistical data on its usage. For more details, please check those project websites. On my personal home network, I use Tor - among other reasons - to test various devices such as mobile phones, tablets, etc. with apps I do not necessarily trust, “smart home” / IoT style devices, or wearables.

IPsec/L2TP gateway for Android and iPhone clients on OpenWRT

How to set up an OpenWRT router/gateway as an IPsec/L2TP gateway for Andoid and iPhone clients The only “reasonable” (that is, not counting PPTP due to its known security issues) VPN protocol supported by default on non-rooted / non-jailbroken Android / iPhone phones as clients is the combination of IPsec and L2TP. Most probably, this was chosen due to its out-of-the-box support by newer Windows clients and MacOS/X as well.