OPNsense Forum
English Forums => Hardware and Performance => Topic started by: JoK on February 19, 2019, 11:30:44 am
-
Hi
I have spend a lot of time finding the right hardware for my, soon to come, OPNsense router/firewall.
Any words about this one https://www.thomas-krenn.com/en/products/application/opnsense-firewalls/les-compact-4l.html
Its almost perfect I think, except the price is a little steep, small, no fans, low power, support AES-NI for future VPN and Intel chipset and NIC's
What can i expect from ordenary use with this and Opnsense Vs my Cisco RV-340? I'm thinking performance/speed and stability?
I really don't trust these factory routers and there proprietary firmware, and specially not Cisco after been reading about backdoors in there routers.
Thanks
I would like to have a router that I can trust, and I think I'll get a lot closer to that with Opnsense
-
Hi!
I'am also interested for this hardware version but not sure if it has enough power for 100/100Mbit WAN with security features enabled.
best regards,
Sarge
-
Anyone?
The only thing I'll use it for, is ordinary router use by 10-15 clients, but I'll like to use the IDS/IPS if its possible and its not cripple my gigabit line, is this plausible?
-
In that series, and with the performance requirements for gigabit and ids I would probably have looked at this model instead: https://www.thomas-krenn.com/en/products/application/opnsense-firewalls/les-network-plus-opnsense.html
Or alternatively a Qotom Q355G4, can be found cheaper
Or alternatively a custom build around for example a Asus P10S-I mini itx board. You’d have to add a dual or quad Ethernet card (PCI).
https://www.asus.com/Commercial-Servers-Workstations/P10S-I/
-
(sorry, regarding gigabit and ids, I must have mixed up the threads. ;-) anyway, take the advise for what it is - if you want more performance, look at those other options, and Qotom is likely to give you the best bang for the buck depending on where you live and whether you can order them direct from AliExpress or not... I’m using an i5 mode with great success for my gigabit wan.)
-
Compact 4L will achieve GB without IDS. I had a test sample here and also hosted a webinar with it. As it has 4 cores it should also fit for AV scanning for up to 15 users.
-
Thanks guys, so I will benefit in full from my gigabit line without IPS but with IDS?
Its not an option to get a Qotom, I cant buy them here in Denmark, I guess AliExpres og similar sites is the only way, and that makes them expensive with fees, customs and sh't
I really like this one, looks like its good quality
-
I didnt benchmark with IDS and already returned the sample, osorry. But as it have the i210 NIC I dont have any concerns
-
Yeah, as I can understand from this forum, intel NIC's is the way to go :-)
There isn't a lot of user experiences with this box, so your posts is really appreciated
-
For what it's worth, I'm running on an i5-5250U and Intel NICs and get about 600-700MBit with Suricata and some rules enabled. Easily saturate gigabit without Suricata.
I wouldn't have gone below i5 with gigabit wan. Next machine is going to be beefier to ensure some headroom, likely Xeon. Probably still possible to keep it quiet, with careful selection of chassis and coolers.
-
Thanks, but if I cant expect to get full gigabit with the setup you got, I wouldn't want to go with suricata or anyting else "heavy"
Damn, I get full giga with my Cisco RV-340 and that is like a 900mhz sh*t CPU and 1 gig RAM
-
I like the idea of it (Suricata), although must confess I don’t think I’ve ever caught anything with it ;-) (lots of false positives though)
Just another point worth considering too.. to whatever extent you plan to run services on the box beyond vanilla routing and firewall, like caching & filtering web proxy (squid), dns, vpn (site-to-site, outbound or road warrior) etc - it’s nice to have them sharp & snappy. I’m kind of used to it from back home and don’t think about it but can often tell the difference when I’m on other networks.
-
Most of the rules are kinda useless when you have a private home net and not serving any services to outside :)
-
I like the idea of it (Suricata), although must confess I don’t think I’ve ever caught anything with it ;-) (lots of false positives though)
Just another point worth considering too.. to whatever extent you plan to run services on the box beyond vanilla routing and firewall, like caching & filtering web proxy (squid), dns, vpn (site-to-site, outbound or road warrior) etc - it’s nice to have them sharp & snappy. I’m kind of used to it from back home and don’t think about it but can often tell the difference when I’m on other networks.
How do you experience the "speed" or responstime in daily use, I'm thinking websurf, compared to standard routers?
-
Well I guess it’s hard to know what’s what in the whole chain of ISP, router and network including WiFi.. so maybe I’m reading too much into it. But with the combination of an ISP well-known for reliability and speed, gigabit fiber, opnsense on i5 and then WiFi on Ubiquiti access points it’s more the *absense* of any sort of discernible lag or uneven performance, ever, unless it is evidently at the other end (e.g. Apple iCloud...). And that includes most of the family computers that accesses the web through Squid on opnsense so that I can filter content (using one of those public lists) to block some of the really bad stuff. Opnsense also running its own caching nameserver, dhcp and ntp.
I frequently find on other networks that performance is much more uneven or even categorically slower even if on paper it should be the same of faster.
But as mentioned, never easy to know what is what... but I like headroom. ;-)
-
Well I guess it’s hard to know what’s what in the whole chain of ISP, router and network including WiFi.. so maybe I’m reading too much into it. But with the combination of an ISP well-known for reliability and speed, gigabit fiber, opnsense on i5 and then WiFi on Ubiquiti access points it’s more the *absense* of any sort of discernible lag or uneven performance, ever, unless it is evidently at the other end (e.g. Apple iCloud...). And that includes most of the family computers that accesses the web through Squid on opnsense so that I can filter content (using one of those public lists) to block some of the really bad stuff. Opnsense also running its own caching nameserver, dhcp and ntp.
I frequently find on other networks that performance is much more uneven or even categorically slower even if on paper it should be the same of faster.
But as mentioned, never easy to know what is what... but I like headroom. ;-)
Thanks, I don't know if its my Cisco RV340 thats weird but sometimes it "hangs" and feel sluggish, a reboot use to help
-
Hello JoK,
did you already bought/tried the unit "LES compact 4L" ?
best regards,
sarge
-
No, they are currently out of stock :-(
-
Thanks guys, so I will benefit in full from my gigabit line without IPS but with IDS?
Its not an option to get a Qotom, I cant buy them here in Denmark, I guess AliExpres og similar sites is the only way, and that makes them expensive with fees, customs and sh't
I really like this one, looks like its good quality
I've just ordered the Q535G6 (200 Euro including shipping), from AliExpress with EMS shipping. I've been told by a friend who's ordered using EMS shipping many times before they've not been stopped by customs at least in the UK anyway.
I'll post back on here if I get it Customs Tax free.
-
Sound nice, but I don't think you can compare UK and DK, the customs in DK are thorough, they sweep anything in, specially from china. So the 200 euro, can become a lot more, really fast
-
Sound nice, but I don't think you can compare UK and DK, the customs in DK are thorough, they sweep anything in, specially from china. So the 200 euro, can become a lot more, really fast
How much is your import tax?
I have to pay VAT basically which adds on 20% of the cost of the item.
Your import tax must be pretty high, for buying it off Ali express not to be viable. :o
-
Dont know exactly, but there is customfee, tax and import fee
-
I got my little box and have installed OPNsense on it, its REALLY snappy and fast compared to my old Cisco router.
I have a 750/750 mbit fiber and the setup eats that up with no problems, I get the same throughput as before, but when i measure the line speed, speedtest APP for Mac, the gauge slams up there really fast, where my Cisco more "crawled" up the scale :-)
I got the impression before I bought it, that OPENsens could use one of the four RJ45 ports for WAN, and the 3 remaining for LAN, like my old Cisco, but that is apperently not so, only one for LAN.....but I'm REALLY happy with my setup and I would definitely not go back :)
-
Hello JoK,
thanks for your feedback! I also ordered a LES 4L and it is on the way :-) I really look forward to this appliance
best regards,
Sarge
-
You will not be disappointed, its a really nice and fast box