[talk] opnsense box for home: APU2 or something else?
okan at demirmen.com
Wed Dec 20 11:10:31 EST 2017
On Wed, Dec 20, 2017 at 9:53 AM, Sujit K M <kmsujit at gmail.com> wrote:
> On Dec 20, 2017 7:52 PM, "Isaac (.ike) Levy" <ike at blackskyresearch.net>
> Hey There Thomas,
> On Tue, Dec 19, 2017, at 5:07 PM, N.J. Thomas wrote:
>> Looking to pull the trigger on an OPNSense box for home. Cheap and low
>> power are probably my two main requirements.
>> Currently eyeing the APU2, which looks to be about $190. If anyone's got
>> any other suggestions, I would love to hear it.
> Disclaimer for my ramble: I'm not a vendor, and don't work for PCEngines-
> but I am pretty biased. After all of Pascal's donations to the *BSD
> universe over the years, I really love those folks and their gear- and I
> certainly do love my OPNSense systems.
> Apologies in advance for not quite answering your question about alt hw:
> OPNSense (and any FreeBSD) will run on nearly anything with >1 network
> interface, and there's certainly lots of small gear out there. Yet, for a
> solid small GigE router, I highly recommend the APU2 boards from PCEngines,
> for a couple reasons:
> - They are perhaps the smallest low-power box which allows all the big
> features of OPNSense. Depending on your application, you may not want/need
> these features, and *way* smaller hardware is totally acceptable!
> - MSATA slot, and cheap SSD's.... If you wish to use the OPNSense onboard
> Netflow traffic analysis tools
> <https://wiki.opnsense.org/manual/netflow.html>, or any of the anti-malware
> IDS/IPS rulesets, <https://wiki.opnsense.org/manual/ips.html>: you simply
> need some fast onboard disk to store netflows. For this case, the APU2
> boards come at an excellent price point, (their 20Gb SSD is quite reasonably
> priced, and way more than enough space). These are *absolutely* features
> which are a no-go for systems using flash based media, not only because of
> speed, but burning them out with writes capturing all that network i/o.
> - Plenty of CPU/Mem for other fun, and the GigE NICS are well supported by
> - The boards are really flexible- little things like slightly variable power
> requirements make it so that many wall-warts in a drawer will happily power
> the board, (within bounds). This has saved my tail after power surges and
> the like.
> - The boards are super solid. I've been through nearly 100 APU series
> boards, and never have I received a dead one- (ALIX either), and knock on
> wood, none I own or manage have died. I'm having a better run that I did
> with Soekris back in the day, but I remember only 1 board which came DOA,
> (and Soekris gear was high quality as well- I loved that gear too).
> - Open Hardware, which I care a *lot* about. The full hardware design spec
> is online, and PCEngines has been very nice answering specific details about
> chips on the board, etc... In a world of hardware-compromised blackbox
> machines, this model is terribly important to me- how can one build
> securable networks with mystery stuff in the hardware?
> Those are the things that matter to me, at home, and in applied use
> As an aside, (not quite what you want), I've also built out slightly larger
> systems using Lanner hardware, http://www.lannerinc.com/ - basically just
> larger boxes than PCEngines, (more GigE NICS, for my applied use). More
> expensive than PCEngines, but comparing per-port pricing in a build it's on
> par with PCEngines. Hard part, their raw gear is hard to get- they sell
> mostly to VARS and don't do retail.
> But, as an alternative, I've had similarly rock-solid experiences with this
> gear and OPNSense, (sized just below getting into big stuff with commodity
> server hardware).
> What is the purpose? If it is just home network ing. There are branded one's
> like D-Link.
I believe the purpose above is to avoid all that crap.
More information about the talk