During this week I've been playing around with replacing my USG with my existing home server - it already has two NICs - my first thought was to run OPNSense in a VM but nftables on NixOS seems to work well enough - there are a few examples floating online [0,1]. OpenBSD even supports the USG [2] but I couldn't think of much reason to keep the extra hardware.
The next thing I want to do is reflash my Unifi APs with OpenWRT [3] - the hardware is fine, but at that point I'll get all the support without the controller software.
My home environment is fairly basic so moving away isn't too hard - this would obviously be much harder for a small business...
That’s odd, the link works for me but the wiki was very slow earlier. From what I’ve read Ubiquiti have made it harder to flash new hardware, but even the new ax APs are supported by OpenWRT. There is a commit with some info - it seems there is a way to disable signature verification [0].
I _do_ run opnsense in a VM and am very happy with the setup. My requirements for APs are simple but hard to satisfy. Ceiling mount, PoE, present-day-best 802.11 standard, and openwrt-capable.
I had assumed a setup which had several VMs, with one being a PFSense or similar to be less secure than a standalone firewall. Reading about the pros and cons leads me to conclude that security in a virtual setup is just fine.
My understanding is that this doesn't work anymore because Ubiquiti started signing firmware. Your link also goes to a blank page.