Hi all,
I have been running opnsense for almost two years now on a fujitsu futro S920 with 8GB ram and AMD GX-222GC SOC CPU. I know this machine is not the strongest out there but it serve me well on my previous connection which was 200MB/50MB (download/upload). In that setup I was also running Openvpn, wireguard, suricata on wan in ids mode and zenarmor in LAN in ips mode. I have arround 50-60 devices connected to the internet (but most of them are IOT devices). Ok things were not ideal due to one of the nics being a realtek but still I was happy giving the amount of money put to it.
Now I have upgrade to a fiber connection of 1GB/250MB (download/upload) speed. In order to get the most of my router I replaced zenarmor with adguard and make some tweaks on the tunnables of the router. Overall I do not see the cpu gets bottleneck all the time but when I speedtest (from a wired pc directly connected to the router) I only get in the best case scenario ~850MB download. Most of the times my speed is capped at around ~550MB. Not sure if there is something I can do more to get more of my speed, I tried disabling suricata and stopping other services but the result was the same.
So I am thinking to moving to new hardware and migrating everything to a new router. I search online to either a dell/HP/lenovo SFF pc or either a ready made router from aliexpress (with N150 cpu and 16GB ram) but I having trouble figuring out whether the new system will be enough.
My requirements are:
1) Being able to get my full speed 1GB/250MB
2) Run OpenVPN for 2-3 clients (not heavy traffic all the time)
3) Run wireguard for 2-3 clients (not heavy traffic all the time)
4) Have a few VLans configured
5) Enable IPv6 in the near future
and ideally ...
6) Run Suricata in IPS mode in wan
7) Run Zenarmor in IPS mode in LAN
Is the N150 even close enough to what I want to achieve or I need to stay clear? What is the recommended hardware for my setup? What are your thoughts on the matter?
Thanks
Phanos
N150 can do it.
It usually boils down to OPNsense stuff.
Read my N150 post (https://forum.opnsense.org/index.php?topic=48166.0), note the hardware being used, three 2.5G copper and two 10G sfp. I run Suricata IPS mode, it's the resource hog. Look for similar hardware. Load testing (LAN clients accessing internet via WAN, etc) is always key when it come to performance. IPS, IPsec, Proxy, plugins, etc etc.
My mem usage is very low, disk usage about nill. 16GB ram 512GB ssd (nvme, etc) seems good. If you can squeeze in 32BG ram that's good too. Choose hardware that can run the fastest RAM, etc.
That device I got has a low noise fan, I saw temps from Lobby saying it got near 61C, N150 has max op temp of about 110C. I will add two small 40mm fans to the bottom plate in push-pull orientation (i'll 3d print a thin cradle for the device to sit in, etc). To keep fans quiet (albeit lowering cfm) I run 24v fans on 12v power.
Above 2.5G the LAN side switching then becomes another look-at point. Can have fast on WAN side, but the LAN side needs it too.