I Replaced My Firewall While Drunk and Only Cried Once

So there I was, three whiskeys deep on a Monday night, staring at a ZimaBoard 2 like it owed me money.

My trusty Protectli with its ancient Celeron J3160 had served me well, but with 2Gbps fiber on the horizon, those 1GbE ports were starting to feel like dial-up. The ZimaBoard 2 promised dual Intel i226-V 2.5GbE NICs, an N150 processor that actually belongs in this decade, and a 6W TDP that wouldn’t heat my office like a space heater. The whiskey said “do it tonight.” The whiskey was wrong, but I listened anyway.

The install started smooth enough. Flash OPNsense to USB, boot it up, watch it recognize both interfaces like a good little BSD box. Then I did what any responsible sysadmin would do: I yanked all the cables from my production firewall mid-install and went full YOLO. No safety net. No fallback. Just vibes and alcohol. The config restore worked, the interfaces came up, WAN grabbed an IP, and I thought I was a genius. Then I noticed WiFi wasn’t working. Not “slow” or “intermittent” — just fully fucking dead. DHCP was being a little bitch.

Turns out the ISC DHCP plugin decided it didn’t want to generate a config file. The error logs were helpful in that special way where they tell you exactly what’s wrong but not how to fix it. “Can’t open /etc/dhcpd.conf: No such file or directory.” Yeah no shit, that’s the problem. After an hour of increasingly creative troubleshooting — and another whiskey courtesy of DoorDash, because I have priorities — a plugin reinstall and reboot finally convinced OPNsense to do its one job. WiFi clients started connecting. Victory was mine.

But wait, there’s more! My Pixel Tablet decided this was the perfect moment to throw a tantrum. “Authentication problem. Check password and try again.” I know the damn password. I made a QR code for it. I’ve used this network for years. Turns out Android’s MAC randomization resets every time you forget a network, so the tablet kept showing up as a new device and getting confused. The fix? Manually set it to use the device MAC instead of a randomized one. For my home network. Where the only entity tracking me is my own Pi-hole. Thanks Google, very cool.

The ZimaBoard 2 is now humming along at like 5% CPU, sipping power, waiting patiently for that 2Gbps fiber drop. The old Protectli is in the closet waiting for a second career as a travel router or eBay listing. DynDNS is updating to Cloudflare, all my static mappings are working, and the house hasn’t lost internet once since the migration. Total cost: one ZimaBoard, one mini DisplayPort adapter, and roughly half a bottle of whiskey. Was it the smartest way to spend a Monday night? Absolutely not. Would I do it again? Already planning the next upgrade. Cheers.