[talk] opnsense box for home: APU2 or something else?

Okan Demirmen okan at demirmen.com
Wed Dec 20 11:10:31 EST 2017


On Wed, Dec 20, 2017 at 9:53 AM, Sujit K M <kmsujit at gmail.com> wrote:
>
> On Dec 20, 2017 7:52 PM, "Isaac (.ike) Levy" <ike at blackskyresearch.net>
> wrote:
>
> Hey There Thomas,
>
> On Tue, Dec 19, 2017, at 5:07 PM, N.J. Thomas wrote:
>> Looking to pull the trigger on an OPNSense box for home. Cheap and low
>> power are probably my two main requirements.
>
> w00t!
>
>>
>> Currently eyeing the APU2, which looks to be about $190. If anyone's got
>> any other suggestions, I would love to hear it.
>
> Disclaimer for my ramble: I'm not a vendor, and don't work for PCEngines-
> but I am pretty biased.  After all of Pascal's donations to the *BSD
> universe over the years, I really love those folks and their gear- and I
> certainly do love my OPNSense systems.
> Apologies in advance for not quite answering your question about alt hw:
>
> OPNSense (and any FreeBSD) will run on nearly anything with >1 network
> interface, and there's certainly lots of small gear out there.  Yet, for a
> solid small GigE router, I highly recommend the APU2 boards from PCEngines,
> for a couple reasons:
>
> - They are perhaps the smallest low-power box which allows all the big
> features of OPNSense.  Depending on your application, you may not want/need
> these features, and *way* smaller hardware is totally acceptable!
>
> - MSATA slot, and cheap SSD's....  If you wish to use the OPNSense onboard
> Netflow traffic analysis tools
> <https://wiki.opnsense.org/manual/netflow.html>, or any of the anti-malware
> IDS/IPS rulesets, <https://wiki.opnsense.org/manual/ips.html>: you simply
> need some fast onboard disk to store netflows.  For this case, the APU2
> boards come at an excellent price point, (their 20Gb SSD is quite reasonably
> priced, and way more than enough space).  These are *absolutely* features
> which are a no-go for systems using flash based media, not only because of
> speed, but burning them out with writes capturing all that network i/o.
>
> - Plenty of CPU/Mem for other fun, and the GigE NICS are well supported by
> FreeBSD.
>
> - The boards are really flexible- little things like slightly variable power
> requirements make it so that many wall-warts in a drawer will happily power
> the board, (within bounds).  This has saved my tail after power surges and
> the like.
>
> - The boards are super solid.  I've been through nearly 100 APU series
> boards, and never have I received a dead one- (ALIX either), and knock on
> wood, none I own or manage have died.  I'm having a better run that I did
> with Soekris back in the day, but I remember only 1 board which came DOA,
> (and Soekris gear was high quality as well- I loved that gear too).
>
> - Open Hardware, which I care a *lot* about.  The full hardware design spec
> is online, and PCEngines has been very nice answering specific details about
> chips on the board, etc...  In a world of hardware-compromised blackbox
> machines, this model is terribly important to me- how can one build
> securable networks with mystery stuff in the hardware?
>
> Those are the things that matter to me, at home, and in applied use
> professionally.
>
> --
> As an aside, (not quite what you want), I've also built out slightly larger
> systems using Lanner hardware, http://www.lannerinc.com/ - basically just
> larger boxes than PCEngines, (more GigE NICS, for my applied use).  More
> expensive than PCEngines, but comparing per-port pricing in a build it's on
> par with PCEngines.  Hard part, their raw gear is hard to get- they sell
> mostly to VARS and don't do retail.
> But, as an alternative, I've had similarly rock-solid experiences with this
> gear and OPNSense, (sized just below getting into big stuff with commodity
> server hardware).
>
> Best,
> .ike
>
>
>>
>> Thomas
>
> What is the purpose? If it is just home network ing. There are branded one's
> like D-Link.

I believe the purpose above is to avoid all that crap.



More information about the talk mailing list