OPNsense Forum
English Forums => Hardware and Performance => Topic started by: thomas-hn on August 03, 2020, 07:36:19 pm
-
Hello,
in the future I would like to use OPNsense as Router/Firewall and, therefore, I'm looking for a powerful and energy-efficient hardware.
My requirements are:
- Usage of OPNsense
- the case shall be a server-case for 19 inch racks
- my current Internet connection is 100/40 MBit/s, but I want to have the option for future GBit FTTH
- having the option for using Snort/Suricata
- having the option for using a DNS filter
- using HAproxy
- maximum of around 6-8 simultaneous VPN connections via IPsec/OpenVPN (IPsec for Windows notebooks, OpenVPN to use HTTPS to bypass some networks which try to block VPN)
- Support for AES-NI
- IPMI
The hardware I'm tending to at the moment:
- SuperMicro A2SDi-4C-HLN4F
- CPU: Intel Atom C3558, 4 Cores
- 4x GBit-LAN, Intel C3000 SoC
- Case: SuperChassis 505-203B
- 8 GB RAM ECC
- SSD: Samsung EVO
My questions:
- Do you have concerns regarding compatibility of my setup with OPNsense? Are there any known bugs/issues?
- Do you recommend any other components?
- OPNsense appliances are often found with i3, i5, Celeron or Xeon CPUs.
- Would those CPUs provide a huge benefit over my "Intel Atom C3558, 4 Cores"?
- Do you have any experiences regarding power consumption of such more powerful CPUs? (the Intel Atom C3558 has TDP 16W)
- Do you recommend another CPU which provides more power at a comparable power consumption?
- Do you have some experience about the other OPNsense systems which are often used?
- IPU662 with i5-6200U (Skylake Dual Core (4 Threads) 2.3 GHz, Turbo Boost bis zu 2.8 GHz, 15W TDP)
- Celeron J3160 (4 Cores, 1.6GHz)
- other i3, i5, Celeron, Xeon systems?
- My proposed board uses Intel C3000 SoC network controllers. Are they compatible to OPNsense? Are they better/worse/comparable to widely-used Intel controllers like i210/i211?
Thanks a lot in advance,
Thomas
-
No recommendations/experiences?
-
Have also a look at https://www.deciso.com/ and https://www.thomas-krenn.com/en/index.html
-
High there, The motherboard you have chosen A2SDi-4C-HLN4F with chassis 505-203B will be a good starting point for your current connection(100/40) I don't dare say anything about the multiple VPN connections you want to run on it.
However , if you get a 1Gbit up/down it may be enough or just not..
I have since shortly updated my complete network and I have the same chassis, one type higher MB c3758 and 1G up/down fiber. My OPNsense runs as a VM on Proxmox. I have a NUC which I have used to download a 2 Gig ISO from Liteserver (https://linuxmint.mirror.liteserver.nl) to test the speed and it was close to Gbit. Internal networking is 10Gbit(Proxmox - not tested) & Local networking is Gbit allover.
Power consumption is low, I don't know how high but, this server, a 12 6+HT core NUC and a SM D410+HP Quad Gbit are on 24/7 and use around 75W
So, depending on your needs you could choose a slightly higher configuration but I think you won't be disappointed with
the c3558. Although I have not tested VPN ATM. I think your max speed won't be very high, but I doubt it'll be that high on a c3758.
Maybe some with that CPU has tested it.
Would you like to know more? just ask.
BTW. even though I'm running OPNsense as a Proxmox VM on this board, I never had real problems. :)
Greetings, mark