OPNsense Forum
English Forums => Hardware and Performance => Topic started by: FarmServer on January 27, 2017, 07:30:33 pm
-
I have opnsense on a server handling vpn traffic. I like the idea of using a read-only install on an SD card and just loading a config file onto it and using ram disks for logs(which I don't really need to check or keep). So my question is, will the firewall and opnvpn function fine without being able to write data? What functions need to write data in opnsense? I get that caching and storage do but what else?
If the img file is 400mb about why do you need a 4gb SD card? Is this to write data to? If so what would the minimum size?
-
Hi there,
The image is only 400MB because it's compressed as BZip2. ;)
Historic reasons: The minimum is 2GB for a partition in order to apply updates. The Nano-Image was a 2 x 2GB image, makes a total of 4GB. Then we had trouble with "small" 4GB cards that can't carry 3.6 GB of an image and people were asking for smaller images, which we can't because then 2GB needed for updates shrinks smaller and smaller and can prevent correct upgrades.
Starting with 17.1 the Nano image was changed to 3G as a single slice. The main reason this isn't 2GB is that major firmware upgrades may fail on 2GB. Now it fits all 4GB cards and it will automatically expand to use all available space. You could even flash an SSD and it would grab 64/128 GB if it's there.
When one builds the Nano image from source, one can make it as small as 900 MB, but it won't be able to upgrade as it needs to store files persistently, which it can't when there is no room. But there are some use cases for it.
Cheers,
Franco
-
Ok good to know on the sizing. The card sizing was mostly because smaller cards are cheaper, no sense paying for 32gb+ when you need 4 or whatever.
What plugins wont work if the os isnt allowed to write to the card? I will be using the ramdisk options. Like I said I really only am using the firewall and the opnvpn plugin, so I assume I can just load all that after booting via a saved config file.
-
Yes, we had talks in 2015 about which should be the minimum size in general. The consensus was that people may still have 1/2 GB cards on stock, but they were hard to order and were not much cheaper than 4 GB cards. Looking back, that was a sustainable decision because firmware updates got in the way, especially in 2016.
Now in 2017 we're ready for anything greater than 4 GB without wasting space and slowing the wear-down of the card because of this.
OpenVPN and firewall do not need read/write on SD, but we are permanently read/write for several reasons, most prominently speed issues during configuration and the low likelihood of large writes (except firmware again).
Logs and NetFlow data lands in RAM on Nano as well.
Hope this helps,
Franco