OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: epoch on January 27, 2017, 05:45:44 pm
-
I apologize for not visiting often the forums...
There is still a little bit of time for new year wishes, so all the best to OPNsense and its team for 2017.
I came across 2 threads about ARM/RPi, I just want to say a build for Rpi3 would be huge.
I dwell around the raspberrypi forums quite a bit, and I predict an OPNsense distro could save the bacon of quite a few youngsters and their family networks ;)
I think RPi3 should be a primary target platform because setting up an AP is a common need, and that is not so simple for beginners under Linux. Another sore point is setting up NTP (the Pi does not have an RTC clock). And general security of course, many Pis are run headless with ssh enabled (and not really secured.) You get the picture.
Availability would be great news. Do not miss announcing on Raspberrypi's forums when the time comes.
I'll try to pass by more often and see if I can kick the tires of a beta (for RPi 3 or RPi2)
Cheers!
-
Hi epoch
opnSense is basicly not an AP or an NTP server software - it's a firewall. For a firewall you need more than one physical ethernet interface, so couldn't implement it with a RPi. Or - you do it with VLAN's, but for this scenario, you need a managed switch and more knowledge about switching, subnets and VLAN's and last but not least, it's not physical separated and recommended.
From the price side, an easy solution with an APU.2C4 system board from PC Engines is also very cheap:
- apu2c4
- case1d2u
- ac12veur2
- a SD Card
ivo
-
Of course you can have a router on a stick with a single physical interface. Firewalls in VMs work pretty well too, no physical interface at all.
Besides Pi 3 has 2 phys out of the box: wifi and ethernet.
The fact that a Pi3 isn't a routing platform is besides the point. Pis are commonly used to manage networks of sensors and small devices, good perimeter protection for those networks is desirable. The switching capacity of the platform is of second or third order in such cases.
There are 10M Pis in the wild, 1M more every 3 months it seems, and no security solution for it.
I have no idea of the demographics of the PC Engines customer base, but something tells me there aren't many 15-y.o. that feel the need and plunk the money for an APU. Let them learn on a Pi, first.
-
FreeBSD does not yet support the WiFi chipset on RPI3 https://wiki.freebsd.org/arm64/rpi3 and as of today nobody is working on it. Maybe when FreeBSD has full support (including SMP) it will become a reality.
-
ARM64 support by upstream FreeBSD is getting closer every day. There are still a few blockers before ARM64 becomes a reality (clang/lld 4.0.0 in base, jemalloc issues, etc.).
I'm currently using an RPI3 to create a Tor-ified wireless network at home. Meaning, every outbound TCP connection that any device connected to the network makes goes through Tor. With the experience I have on the RPI3, I can say that it would be underwhelming as a real-world firewall.
Regardless of FreeBSD's support for the RPI3 and ARM64, in order to test out new devices like the RPI3, we would need to have a 12-CURRENT branch in the OPNsense src repo. That probably wouldn't be a bad idea, but the main branch is at 11.0-RELEASE.