I am fairly new to OPNSense. I migrated from Arista Untangle over the last couple of weekends. So far so good.
I'm running on a 10 year old Dell XPS 8700, 16 GB RAM, intel i7-4770 processor.
I have symmetric 1 GbE up/down fiber-fed internet, but 2 GbE is now available. I have all Unifi switches and AP's downstream of my OPNSense box.
This old machine is chugging along. It even passed the ZenArmor HW check. I'm using about 55% of my RAM. My only concern is that... it's 10 years old... and if/when it fails, other than a new power supply, it will be hard to troubleshoot/repair it and home internet would be down until I can address it.
I found this GMK TEC NUC out there with dual 2.5 GbE ports. See link below. $559 isn't a horrible price as an insurance policy. Would plan to migrate to the NUC and keep the old Dell in reserve.
Just wondering if anyone has tried running OPNSense on a NUC like this one with and Intel Ultra 5 processor and the Arc graphics.
https://www.gmktec.com/products/intel-ultra-5-125h-mini-pc-nucbox-k9?spm=..product_9969cb68-cccf-484c-b41e-f986a55099da.header_1.1&spm_prev=..product_abb67de7-5ca3-4fd3-bb37-35f346d6bb58.header_1.1&variant=2c517a3e-15dd-4cfc-a862-41dc0a7da684
Alternatively, I've considered building my own computer using:
ASRock IMB-X1314 motherboard (has 3 Intel 2.5 GbE ports, and can use ECC RAM)
12th Gen Intel i5-12500 (last one with only P cores / no e-cores... might be urban legend that e-cores are an issue... not really sure)
Plus
32 GB DDR4 3200 GHz ECC Ram,
Dual WD red SATA SSD (so I can do ZFS mirror-ed disks),
power supply and
case with Noctua case fans.
Thoughts on either the GMK TEC NUC or my proposed build would be appreciated.
Personally I dont use a NUC, but I have seen from some post people are running OPNsense as well on NUC without problems.
However I would avoid this NUC, looks like it has Realtec NICs, those are pain to work with. You could hit a lot of performance and other problems with those.
If you have the money to spare, for same/less money is better the Minisforum MS-01, it has Intel NIC, better CPU, more ports, SFP+ support up to 10G and its expandable for modules.
https://store.minisforum.com/products/minisforum-ms-01?variant=44480511279349
The i5 variant is more than you will need most likely.
Regards,
S.
Thanks for your input.
That Minisforum MS-01 looks tempting. I almost bought one. However, after reading the comments/reviews one person said that in the Bios it does not have "auto power on after power is restored".
Auto-power-on after a power outage is a must for me. Before I figured that out in the bios of my old Dell, I would have to get out a step ladder (to reach the top shelf of the closet) and manually turn the Dell back on after a power outage. My wife did not like having to mess with this if I wasn't home.
That info is plain wrong (https://www.reddit.com/r/MiniPCs/comments/1cf2nco/minisforum_not_resuming_on_power/). There is even an image showing that setting here (https://imgur.com/XgxMXp8).
You should set ASPM off, although, in order to avoid problems with the network adapters.
Also, there is a current Amazon Prime day offering. I would use the 12600H variant, because it will suffice, is cheaper and uses way less power than the bigger variants.
Thanks meyergru for the input.
I went ahead and ordered a barebones MS-01 from Amazon.
I'm pairing it with the following (also ordered from Amazon today)
- 32 GB of Crucial DDR5 5600 MHz ram (two sticks of 16 GB) (i know I'll only get 5200 with the MS-01)
- two WD_BLACK 1TB SN770 NVMe Internal Gaming SSD Solid State Drives (I want to set up OPNSense with XFS - mirror). Could have gone with 250 or 500 GB drives... but why not get 1 TB's for around $30 more total.
Total cost $650 including sales tax.
The build from scratch option was going to cost around $1,170 including tax, although I already own the new power supply I was going to use. System performance of the MS-01 should be comparable, might actually be lower power consumption.
I hope you took my advice about the CPU, since the 13th gen also seem to be unstable as hell (https://forum.opnsense.org/index.php?topic=41578).
Quote from: meyergru on July 16, 2024, 08:50:08 PM
I hope you took my advice about the CPU, since the 13th gen also seem to be unstable as hell (https://forum.opnsense.org/index.php?topic=41578).
And 14th gen too, which is what I recently rolled out into a classroom... I'm hoping I get the updated version that Intel is shipping for replacements. These were purchased in May, HP Z2 with i7-14xxx which I'm told are really just i9-13xxx with a new name and probably some bad cores logically turned off. Gamer's Nexus has been making videos about this Intel issue, jump on Youtube and give them a watch if you haven't yet.
Sometimes using old leftover hardware has advantages, my production machine is running a Xeon E3-1230v5 that has already proven to be stable. I'll get a couple more years out of it before pushing to buy a DEC2770 (or whatever is current in that level of performance).
Correct, I was referring to 13th gen only because with the MS-01, 14th gen is not yet available.
Older hardware is typically less energy-efficient, though. For example, I just ordered an N100, which presumably is more efficient than the older N5105. For 24/7 usage like in a router, old PC hardware is at a big disadvantage energy-wise, but probably has proven to be more stable.
And besides that, the original Intel stirrup started with the recent Level1Tech youtube video (https://www.youtube.com/watch?v=QzHcrbT5D_Y&t=1s). Gamer's Nexus only reacted to this and even featured Wendell in one of those videos (https://www.youtube.com/watch?v=oAE4NWoyMZk).
Yes, I went with the 12600H.
As long as you don't have a top of the line 13th or 14th gen model you should be fairly ok.
Nope (https://www.golem.de/news/defekte-intel-cpus-raptor-lake-probleme-koennen-alle-geraete-betreffen-2407-187266.html).
The core i3 1215u seems to be a fairly well suited cpu.
I got OPNSense up and running on the Minisforum (MS-01 i5-12600H with 32 GB RAM). I have ZenArmor running as well.
I tried turning on IPS/IDS (e.g., Suricata) and locked myself out of the GUI and even the console didn't respond. I ended up doing a new clean install and then restore from back-up. Will have to try again with Suricata. After choosing some rulesets there were tens of thousands of rules that appeared. Have no idea how to choose which rules to choose / turn on.
Otherwise, the MS-01 seems to be doing fine. Getting near 1 Gbps up and down on wired speed tests and 350 Mbps up/down on wifi speed tests (using Unifi switches and LR6 hotspots).
I was only getting around 100 Mbps until I disabled all the ecores in the BIOS. Now it is guaranteed to be using a p core. I also disabled the 10 GBPS ports, the PCI port, the Wifi module, and then disabled ASPM on the NICs via the BIOS.
Usually, the E-Cores perform quite well. It is a well-known fact that for the time being, Zenarmor can only make use of a single thread, so maybe that was the problem. I did not see any slowdown on my MS-01, although mine is a 12900H.
For most things, the E cores should be fine. What would be nice is to assign Zenarmor only to the P cores and let the E cores idle along for the general overhead.
4770k will do 2gbs fiber fine. Drop in some intel i225/226 cards from aliexpress (or a t2 10gbe card, depending on what your provider uses). Make sure you have an ssd in the machine. My old lenovo 3570t box is doing 1.5gbs cable at my parents house with some i225 cards. Using a 12400 build with 64gb to run proxmox with opnsense in a vm. Kludge of old parts and new. Runs 3gbs fiber without issues.
https://youtu.be/dx2bo__naP0 better system for you