Question Help with finding an RJ11 Modem ONLY (preferred) that supports VDSL2 30A or VDSL2 30B (again preferred)?

[old_rager]

Hey Guys,

I'm trying to install a dedicated OPNsense firewall at home. I have a mini PC with 2 GbE ports and need to source a VDSL2 30B (preferred) or VDSL2 30A modem that supports RJ11 connectivity to go between our copper based wall sockets (that go down to a Fibre to the Basement (FttB) solution) and the OPNsense firewall. From that, I can stick with my carrier provided router (https://service-provider.tp-link.com/vdsl/vx420-g2h/) that will act as a simple switch/WIFI access point for our premises with its Ethernet connection to the OPNsense mini PC. As I'm on the disability pension, cost is an issue for me, but I'm kind of hoping to future proof things as much as I can by getting something that will enable up to 200/300Mbps down and 100Mbps up should our carrier activate this functionality in our FttB solution in the future.

Any help you can provide would be greatly appreciated!!! 😉

Dave.

 

[bill001g]

Why do you need a firewall. I assume for a vpn ?. Most so called firewall features are not needed in a home install because you are protected by the NAT and you can do little content filtering of machines inside of your house because of encryption.

In any case you seem to know more than the average person if you know about the sub variants like 30a on VDSL.

The problem is DSL only modems are hard to get. There seems to be little market for them since most people want the modem and router combined. Also most ISP provide DSL modem routers as part of the contract, since the DSL has to match what the ISP uses. Overall this means there is very little demand for any type of DSL equipment so you end up with very limited options.
Even if you were to find a modem only that matches the type of DSL you need they tend to cost the same if not more than a device that also has the router function.

Generally what is simpler and many times cheaper is to use the ISP provided solution as the modem and then look for a router. Since you are only going to use the router as a AP you likely can shop around for the simplest device that has the wifi radios/standards you can use. I would either go wifi5 ie 802.11ac or jump all the way to wifi6e. For most people wifi6 does not perform any better than wifi5 because of all the restrictions on using 160mhz radio bands on the 5ghz radio channels.

 

[old_rager]

Thank you for your thoughts. The reason why I'm going with an OPNsense dedicated firewall is that with routers, after 3-4 years, the router manufacture generally ceases providing security updates for the firewall - and other aspects of the all-in-one units provided by carriers. Therefore, separating the firewall with OPNsense enables me to truly protect my network without having to worry about having any external threats getting through. The physical separation of my home network from any internet traffic by a dedicated firewall I guess gives me a bit more peace of mind knowing that my network is as secure as I can reasonably expect.

I am thinking that I might have to just get another router from my service provider to enable to complete the solution. 😞

Again, thank you for your thoughts, they are much appreciated!!! 😉

 

[bill001g]

It is hard to find detailed specs on that unit but it appears to be pretty much a generic wifi6 router. You should be able to buy pretty much any wifi6 router if you wanted one that was the same.

A note on protecting your network. Your network will be safe without any kind of firewall just because routers are stupid. Any traffic coming into your IP address needs go though NAT to figure out which machine to send it to. Unless one of your internal machines talked to some IP on the internet first there is no entry in the NAT table. Any traffic the router does not find a entry for is just discarded.

This is pretty much the same as a common firewall rule to allow only "established" connections through.

So in effect nothing on the internet can ever get past even the most simple router unless you put in stuff like port forwarding.

Most other types of threats a firewall is useless at protecting. Many years ago they talked about deep packet inspection so they could find virus and other bad traffic. Because all modern traffic is now encrypted it is impossible to inspect data. In most cases you can't even tell what site is being accessed because IP addresses now map back to large cloud providers like google or cloudflare.

Network type of firewalls are more used if you are running some kind of server. For a server to function you must allow external machines to have access to your network. You now need fancy protection that can allow some kinds of traffic in but attempt to block attacks against the server.

The most common attacks a firewall can't really stop. They are send inside the encrypted data streams. You have to depend on firewalls and malware detection software on the end machine to stop them.

 

[old_rager]

I do run a Plex Media Server where I employ port forwarding, as well as port forwarding for the XBox .