[talk] opnsense box for home: APU2 or something else?

Sujit K M kmsujit at gmail.com
Wed Dec 20 09:53:27 EST 2017 

On Dec 20, 2017 7:52 PM, "Isaac (.ike) Levy" <ike at blackskyresearch.net>
wrote:

Hey There Thomas,

On Tue, Dec 19, 2017, at 5:07 PM, N.J. Thomas wrote:
> Looking to pull the trigger on an OPNSense box for home. Cheap and low
> power are probably my two main requirements.

w00t!

>
> Currently eyeing the APU2, which looks to be about $190. If anyone's got
> any other suggestions, I would love to hear it.

Disclaimer for my ramble: I'm not a vendor, and don't work for PCEngines-
but I am pretty biased.  After all of Pascal's donations to the *BSD
universe over the years, I really love those folks and their gear- and I
certainly do love my OPNSense systems.
Apologies in advance for not quite answering your question about alt hw:

OPNSense (and any FreeBSD) will run on nearly anything with >1 network
interface, and there's certainly lots of small gear out there.  Yet, for a
solid small GigE router, I highly recommend the APU2 boards from PCEngines,
for a couple reasons:

- They are perhaps the smallest low-power box which allows all the big
features of OPNSense.  Depending on your application, you may not want/need
these features, and *way* smaller hardware is totally acceptable!

- MSATA slot, and cheap SSD's....  If you wish to use the OPNSense onboard
Netflow traffic analysis tools <https://wiki.opnsense.org/
manual/netflow.html>, or any of the anti-malware IDS/IPS rulesets, <
https://wiki.opnsense.org/manual/ips.html>: you simply need some fast
onboard disk to store netflows.  For this case, the APU2 boards come at an
excellent price point, (their 20Gb SSD is quite reasonably priced, and way
more than enough space).  These are *absolutely* features which are a no-go
for systems using flash based media, not only because of speed, but burning
them out with writes capturing all that network i/o.

- Plenty of CPU/Mem for other fun, and the GigE NICS are well supported by
FreeBSD.

- The boards are really flexible- little things like slightly variable
power requirements make it so that many wall-warts in a drawer will happily
power the board, (within bounds).  This has saved my tail after power
surges and the like.

- The boards are super solid.  I've been through nearly 100 APU series
boards, and never have I received a dead one- (ALIX either), and knock on
wood, none I own or manage have died.  I'm having a better run that I did
with Soekris back in the day, but I remember only 1 board which came DOA,
(and Soekris gear was high quality as well- I loved that gear too).

- Open Hardware, which I care a *lot* about.  The full hardware design spec
is online, and PCEngines has been very nice answering specific details
about chips on the board, etc...  In a world of hardware-compromised
blackbox machines, this model is terribly important to me- how can one
build securable networks with mystery stuff in the hardware?

Those are the things that matter to me, at home, and in applied use
professionally.

--
As an aside, (not quite what you want), I've also built out slightly larger
systems using Lanner hardware, http://www.lannerinc.com/ - basically just
larger boxes than PCEngines, (more GigE NICS, for my applied use).  More
expensive than PCEngines, but comparing per-port pricing in a build it's on
par with PCEngines.  Hard part, their raw gear is hard to get- they sell
mostly to VARS and don't do retail.
But, as an alternative, I've had similarly rock-solid experiences with this
gear and OPNSense, (sized just below getting into big stuff with commodity
server hardware).

Best,
.ike


>
> Thomas
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk


What is the purpose? If it is just home network ing. There are branded
one's like D-Link.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20171220/49efa3b7/attachment-0001.html>

More information about the talk mailing list