OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: eorlin on July 05, 2017, 07:23:15 am

Title: OPNSense for RPI3
Post by: eorlin on July 05, 2017, 07:23:15 am
Hi all

I'm new to this forum and i was atracted here searching for a FW for my RPI3

I tried the tutorial for RPI 1 but doesnt work (RPI3 is not armv6)

I would like to know if there is any project for making the system capable for RPI3. I've a usb-to-ethernet device, so my PI has 2 ethernets, and my intention is to make some testings in a local network

Thanks in advance
Title: Re: OPNSense for RPI3
Post by: lattera on July 05, 2017, 04:35:45 pm
I meant this to be a surprise to the community (not even Franco, Ad, or Jos knew about this), but this weekend I'm going to start on testing building a native generic arm64 build of OPNsense. This would be a good first step towards arm64 support.

However, since dev boards like the RPI3 use u-boot or other funky methods for booting, the image installation image I generate will not work on the RPI3.

Gotta do this one step at a time. Once I get the steps solid for doing a native arm64 build of OPNsense, I naturally plan to apply those same efforts to dev boards like the RPI3 and Pine64.

And, of course, the builds I do will be experimental and based on HardenedBSD 12-CURRENT.
Title: Re: OPNSense for RPI3
Post by: chemlud on July 05, 2017, 05:07:48 pm
...I wished I could be helpful, but lack of skills prevents from doing anything relevant...
Title: Re: OPNSense for RPI3
Post by: Noctur on July 15, 2017, 04:45:02 pm
Just curious why someone would want to use an RPi3 for a serious application like what I think OPNsense is intended for. Eg. a single 100mb Ethernet port onboard, with wifi. The I/O will kill you for a small home lan. Granted, with the 4 USB you can pop on 2 USB/GB eth adapters to gain throughput and use the 10/100 for management, but the cost would jump up.

For a similar cost, there are several purpose-built dev boards that would have far better specs: http://espressobin.net/tech-spec/ $49 on Amazon, with 3 gb E (WAN & 2 LAN).

Not saying you're wrong, I have a RPi3 I tinker with, just curious on endgoal.
Title: Re: OPNSense for RPI3
Post by: lattera on July 15, 2017, 04:59:14 pm
Noctur, I completely understand and agree with you 90%. The RPI3 is vastly underwhelming as far as performance is concerned. In addition to a not-so-powerful CPU, the NIC is connected via the USB bus, thus further limiting the NIC's speed.

With that said, however, I love how portable the RPI3 is. I've got a friend who is developing a wireless radio sniffer with an RPI3, an SDR dongle, and a touchscreen and putting that in an old-fashioned Gameboy chassis.

(I'm not speaking for OPNsense here, but for myself personally). What attracts me to the RPI3 is that it's arm64. Low-level exploit mitigations like ASLR don't do much on 32-bit platforms, but are extremely effective on 64-bit platforms, like the RPI3. I myself have very little interest in any 32-bit platform because of security limitations. The RPI3 being 64-bit provides a nice portable testing platform for projects like OPNsense. I wouldn't use OPNsense on an RPI3 in production, but I would use it for development and testing.

With that said, though, my RPI3 device running HardenedBSD that acts as a Tor relay and is running a Tor-ified network is performing beautifully. I get great performance out of it. I have multiple systems sitting behind it with all their traffic being served by the RPI3. I've got a second RPI3 doing the same thing, but in a portable version that I can take with me anywhere I go. Yay for anonymity on the not-so-anonymous Internet!