OPNsense Forum
English Forums => Hardware and Performance => Topic started by: shtech on January 31, 2018, 10:28:07 pm
-
I'm new to opnsense and I've been lurking for a quite a while getting opnsense running on a dell optiplex 980. Then i read a post mentioning QOTOM and about fell out of my chair.
I've read posts on this forum about the QOTOM hardware and it seems like my choice.
I like this one:
https://www.aliexpress.com/item/QOTOM-4-LAN-Mini-PC-with-Core-i3-4005U-i5-5250U-processor-and-4-Gigabit-NIC/32812678037.html?spm=2114.10010108.100009.1.21d01bcaKwKMQB&traffic_analysisId=recommend_2037_null_null_null&scm=1007.13482.91320.0&pvid=46ab5e3a-62a4-4d02-aa74-c392845f1ccb&tpp=1 (https://www.aliexpress.com/item/QOTOM-4-LAN-Mini-PC-with-Core-i3-4005U-i5-5250U-processor-and-4-Gigabit-NIC/32812678037.html?spm=2114.10010108.100009.1.21d01bcaKwKMQB&traffic_analysisId=recommend_2037_null_null_null&scm=1007.13482.91320.0&pvid=46ab5e3a-62a4-4d02-aa74-c392845f1ccb&tpp=1)
My problem:
1. The same device listed by the same seller with drastically different prices? Drastically being +$10-$20 difference. Anyone know why? Sometimes the same specs! Google shopping shows even more price variations.
2. Amazon has them but they don't have SSD, RAM, etc for more money than aliexpress. Does anyone have a goto place that won't take 2 weeks to ship?
-
I got mine from the official Qotom store on Aliexpress. Took about a week to Canada, pretty much anything from the U.S> takes a week so that's pretty good. DHL was a tad pricey, but got it here.
I actually have 2, they've been pretty solid. My newest one had a few problems booting. Once when I first installed Sophos, and again last weekend trying to install OPNsense. A factory reset of the BIOS settings cured it, not sure if I changed something (I don't usually deviate from defaults, other than setting power settings and turing on SMART, so I didn't deliberately overclock or anything) but has been fine since.
My only complaint is the O/S doesn't see the NICs in the numbered order.
As for the price variance, there are some subtle differences when you order that can be hard to spot in the specs. Case size is one. the larger case will take a SATA SSD. Smaller case has the cables but no way you'd squeeze one in.
-
My only complaint is the O/S doesn't see the NICs in the numbered order.
I encourage you to use the auto-detect function, so you'll have them accordingly. :)
-
How can you tell the case size? some of the listings say the package size, my link above it does give (i think it's the device not packaging) the size. Luckily it comes with an SSD.
Never ordered from aliexpress and I'm just getting started with opnsense, so i'm a little nervous to spend a few hundred bucks and get the wrong stuff.
-
Not very sure about that, but I presume that if their configs/ optional adds offer only mSATA, this means the case wouldn't accommodate a 2.5 HDD/ SSD. Otherwise, I have found that if you dig deep enough on their descriptions, you would find what you need, and quite more than you had hoped. (See attachment).
Unfortunately, they didn't "copy-paste" all applicable info from one model to another, but a bit of correlation between same cases/ sizes would do the trick.
-
Consider yourself lucky to be able to even discuss the Qotom devices. The pf forum has banned all mention of them.
I have a Q355G4, wonderful piece of kit. Bought it barebones, slotted 8Gb of memory into it and it currently has a 20Gb mSata. I also have a 256Gb Sammy that I bought to use as I was going to run both my mail server and firewall on the same device using a bare metal VM, although I had it all working I was not happy that I got no thermal info from the CPU's back into either the firewall or mail server VMs, so now it just runs Opnsense, and very solidly too.
-
I have two both the i5 and i7
I run a 500/250 FTTP service on the i7 and even when I’m giving the link some real heavy work the cpu has never gone over 5%
The i5 is used on a FTTC 80/20 service and rarely hit more than 3%
Boot time is soooo much quicker compared to the AP2U I used to use
Worth checking how well the thermal paste was applied in Assembly
My i5 ran hot until I reapplied it. The i7 was fine
-
Consider yourself lucky to be able to even discuss the Qotom devices. The pf forum has banned all mention of them.
Interesting. Why would they do that? Too serious competition for Netgate devices?
-
pfSense police
IMHO It is only a matter of time before they lock down the solution to their own hardware and kill the community edition
-
Or you'll need a subscription to be able to run it.
-
pfSense police
IMHO It is only a matter of time before they lock down the solution to their own hardware and kill the community edition
No problem: so was the case with ZFS (Oracle locked it down more than ten years ago, when they bought Sun - the creator of ZFS), and the community forked the file system and continued to improve it. And, boy, so they did! ;)
Deciso is already doing the same for some years, regarding pfSense, and even if Deciso, unlikely but theoretically possible, will lock down OPNsense at some point, there for sure will be another fork, and another, and as many as necessary.
Once you get in the Open Source game, you better know and adopt the rules, and especially the appropriate strategy.
-
I run a 500/250 FTTP service on the i7 and even when I’m giving the link some real heavy work the cpu has never gone over 5%
What about VPN (hence encryption)? What effective throughput do you get using, say, OpenVPN with 256 CBC? I am very interested in that, I would have to deploy many small, remote and mobile custom vehicles which, every and each, has like a small office network in them, with many devices, starting from switches, continuing with computers with different OSs, and finishing with video surveillance, all of them in multiple isolated broadcast domains, in between which an OPNsense device will do the routing, NAT and FW, and especially VPN for remote admin and management of all devices behind it. Everything regarding OS updates, cloned image pushing etc will be done through VPN.
Do you think it's possible to get a decent encrypted VPN throughput on a i7 Qotom, since, as far as I know, OpenVPN is still single threaded task, so number of cores is irrelevant for it (and maybe even an i5 will do)?
PS I still wait for Deciso to update the models they sell, since the last update was in the summer of 2016, which makes Deciso specs a bit (just a bit, but enough) obsolete, and a bit overpriced, especially when compared to APU** and Qotom devices.
-
You're correct OpenVPN is single threaded, so to mitigate that you need a faster clock. The i5 Qotom runs at 1.6Ghz, Not sure what the i7 version runs at. I have a Qotom i5 and an APU2C4, the Qotom way outperforms the APU.
-
I don't know either, please let me know if you have some specific numbers regarding effective throughput using OpenVPN
-
Google is your friend. 8)
https://www.reddit.com/r/HomeNetworking/comments/6pu2jd/qotomq355g4_pfsesne_open_vpn/ (https://www.reddit.com/r/HomeNetworking/comments/6pu2jd/qotomq355g4_pfsesne_open_vpn/)
-
Google is your friend. 8)
https://www.reddit.com/r/HomeNetworking/comments/6pu2jd/qotomq355g4_pfsesne_open_vpn/ (https://www.reddit.com/r/HomeNetworking/comments/6pu2jd/qotomq355g4_pfsesne_open_vpn/)
Already did read this, as a couple of others, as well as any comment made on the AliExpress product page itself...
I just hoped for someone in our community making the tests on OPNsense itself, since everybody else I have read about up to now were making tests on pfSense.
I know, it should be about the same. Until is not! :)
-
I have two both the i5 and i7
I run a 500/250 FTTP service on the i7 and even when I’m giving the link some real heavy work the cpu has never gone over 5%
The i5 is used on a FTTC 80/20 service and rarely hit more than 3%
Can you estimate how a Celeron 3865u (Kaby Lake) or a Core i3 7100u (Kaby Lake ) compares to the Core i5-5250U of Qotom is in regards of power consumption and power?
The MINISYS IBOX-501 N13 that is availiabe with Kaby Lake i3 Kaby Lake Celeron and mentioned above looks interesting to me.
See also here:
https://forum.opnsense.org/index.php?topic=7637.0 (https://forum.opnsense.org/index.php?topic=7637.0)
-
Go to cpuboss.com and enter the CPUs you want to compare, that should give you all the info you need.
-
Worth checking how well the thermal paste was applied in Assembly
My i5 ran hot until I reapplied it. The i7 was fine
Can you clarify what you actually did. I understood it wasn't thermal paste used but a thermal pad of some sort? Take any pics?
Thanks!
-
Consider yourself lucky to be able to even discuss the Qotom devices. The pf forum has banned all mention of them.
Good to find you here. I was a follower of the Unofficial Qotom Hardware Topic on the pfsense forums. Not only did they lock that thread, they now appear to have deleted the entire thread containing hundreds of posts with a wealth of information on using pfsense on Qotom hardware. Anyway, having discovered opnsense, I now have no need to put up with such childish behavior.
-
Ironically enough, it was *that* thread that prompted me to spend $300+ on a qotom box.
I started out with utm because it was far more novice friendly than other options. Lately i've been exploring pfsense because utm while a great option is somewhat bloated. In fact, in the course of trying to get an att gateway bypass working (see https://forum.opnsense.org/index.php?topic=7298.msg37970#msg37970 (https://forum.opnsense.org/index.php?topic=7298.msg37970#msg37970)), I needed a more plain vanilla freebsd environment. Discovered opnsense! While I was only partially successful with that bypass method (great reduction in speeds) I got a nice opportunity to explore this software.
For now, utm is still the primary firewall/router, but as time permits, I do have opnsense running on a test box so I can figure out it's ui and general operating methods. Utm has a number of firewall rules, several vpn servers and other functions enabled. I'm slowly exploring the opnsense equivalents to these.
As for the qotom box, it's now 8 months old. So far no issues. Had some heat problems early on which I took care of by using one of those afinity external usb fans. At some point I may take it apart and redo the thermal pad.
Also, everything is running under exsi. In addition to the firewall there's freepbx and a cyberpower systems vm appliance for monitoring the connected UPS. If power should go out, it gracefully shuts all the vm's and exsi down. Upon power return everything starts back up.
-
Consider yourself lucky to be able to even discuss the Qotom devices. The pf forum has banned all mention of them.
Good to find you here. I was a follower of the Unofficial Qotom Hardware Topic on the pfsense forums. Not only did they lock that thread, they now appear to have deleted the entire thread containing hundreds of posts with a wealth of information on using pfsense on Qotom hardware. Anyway, having discovered opnsense, I now have no need to put up with such childish behavior.
They seek him here they seek him there... :)
Yes, there are lots of 'ex' pfSense users here. Strangely there are not a lot in of 'ex' Opnsense users on the pfSense boat. Says it all really.
-
@marjohn
Yes it was a really bad thing , that the entire Qotom thread has dissapeared from the pfsense forum.
How was the conversion of firewall rules from pfSense to OpnSense ?
I mean was it "start from scratch" , or is opensense able to read pfsense config ?
I'm considering firing up my 3'rd (spare) Qotom i5 , and get it running w. opnsense.
Then migrate the 2 other if i'm happy w. the test.
I don't like the way the mods (Ivar) is behaving "over there" too.
-
You can import a config.xml file from pfsense, but to be honest you are better off doing it from scratch.
I know for users with big complex systems this a pita, but you will find your way around Opnsense much better if you do it all 'manually' to start with. Apart from that there are some things in opnsense and pfsense configs that do not exist in the others config. I did mine from scratch, I guess it took me about an hour to get the basics sorted and then tweaks here and there as I got it settled the way I wanted it.
I'm afraid it was the attitude of said mod that caused me to jump ship, I should thank him really.