If there’s one thing I’ve learned after building a self-hosted network stack, it’s that DIY routers tend to pack extra features, better web UIs, and superior security provisions than the ones shipped by ISPs. Heck, I’d been using a Raspberry Pi-powered OpenWRT setup for a long time before making the transition to an OPNsense router built from a mini-PC last year. Speaking of OPNsense, the router OS recently received a major update, but judging from the community posts, it has some quirks that need ironing out.
But just moth to a flame, I couldn’t resist the urge to try setting up the newest version of OPNsense. Since I didn’t want to put my primary DIY OPNsense router in harm’s way, I figured it’d be a good idea to install the newest update on an old PC and resurrect it as a makeshift router. What I didn’t anticipate were the sheer compatibility issues with using a Marvell AQtian Ethernet adapter with OPNsense and an old accessory that would help bring this project to fruition when all hope seemed lost.
Setting up OPNsense
It went smoothly until I got betrayed by my PCIe NIC
I’ve configured OPNsense a couple of times already, so I began this project expecting it wouldn’t take more than an hour. After going through the usual procedure of downloading the image, writing its contents to a flash drive using Balena Etcher, and switching the BIOS on my old PC to boot from the USB drive, I plugged my PCIe Ethernet card into the system.
For the uninitiated, OPNsense requires two Ethernet interfaces: a WAN port that connects to a modem or an ISP device, and a LAN interface that lets my devices access the Internet. My B450 motherboard already includes a built-in 1GbE port, so all I needed was another Ethernet controller. Since I had a spare TP-Link TX401 Ethernet card lying around, I figured I could leverage it as the LAN port and connect it to my 10GbE switch – which turned out to be a big mistake.
Now, I’m fully aware that the Marvell AQtian controller isn’t ideal for OPNsense, but I didn’t have a single Mellanox card on hand. Plus, seeing how I’ve had zero problems using the same TX401 card with Proxmox, TrueNAS, and other Linux platforms, I thought it would work with OPNsense (or rather, FreeBSD) just as well – and any driver issues would be resolved after an update.
Unfortunately, my hopes were dashed when OPNsense failed to detect the TX401 NIC. Since I only had the built-in Ethernet controller (which I planned to use as the WAN interface), I couldn’t just configure everything from my PC over an SSH connection. Well, I could technically run some commands using the OPNsense shell, but I didn’t want to spend minutes typing multi-line scripts and commands manually.
My USB-to-Ethernet adapter came in clutch
Since the PCIe network card was borderline useless in its current state, I decided to put it on the backburner until after I finished installing OPNsense. That’s when I remembered I had a spare USB-to-Ethernet adapter that could serve as the temporary LAN interface.
Interestingly, the TP-Link USB Ethernet dongle was detected by OPNsense immediately. So, I quickly configured both the WAN and LAN interfaces and ran the installer command inside the live boot version of the distro. Afterward, I picked the Keymap settings and Installation directory before waiting for the wizard to perform its magic. Soon, OPNsense was installed on my old PC, and it was time to give my NIC another shot.
Configuring OPNsense using the web UI
All my attempts at installing the NIC drivers were in vain
With the OPNsense web interface finally accessible, I put on my troubleshooting hat. Since I wanted to run some terminal commands, I enabled Secure Shell Login and Root Login inside the Administration Settings of the System tab. I know it’s far from secure, but I wanted to avoid running into privilege issues when configuring OPNsense to detect my TX401 Ethernet card.
The first step was installing TX401 drivers, though it was a lot easier said than done. The driver package I wanted to install was aquantia-atlantic-kmod, and every repository link to it was broken – be it the outdated 0.0.5_2 version or its (comparatively) new 0.0.5_3 variant. In the end, I ditched FreeBSD repos and ran the fetch https://pkg.fr.ghostbsd.org/stable/FreeBSD:13:amd64/latest/All/aquantia-atlantic-kmod-0.0.5_2.pkg command to pull the necessary package from GhostBSD’s repo before installing it with pkg install aquantia-atlantic-kmod-0.0.5_2.pkg.
I also installed the nano editor, used it to open the /boot/loader.conf.local file, and added the if_atlantic_load=”YES” line before restarting the router. Unfortunately, the driver refused to work even after all my efforts, and it was time to put the Ethernet card back into my cupboard, where it belonged.
Nevertheless, I managed to get my custom-built router up and running
With the PCIe card out of the way, I had no choice but to use the USB-to-Ethernet adapter. So, I added the usual traffic rules to the Firewall tab, set up a new IPv4 gateway, and configured its built-in IPS. While I plan to buy a Mellanox card simply because I’d rather rely on a dedicated PCIe NIC, the USB adapter isn’t bad per se. I’d used a similar setup on my OpenWRT Raspberry Pi firewall for months, and it didn’t give me too much trouble.