Messages

1

Hardware and Performance / Re: Home OPNSense setup: reliable, budget-friendly fanless Mini PC suggestions?

« on: August 30, 2024, 06:33:34 pm »

@aleco

Home Network Guy has a lot of useful guides. Maybe start here: https://homenetworkguy.com/how-to/install-and-configure-opnsense/

This was from 2 years ago so some parts may be a little dated (e.g. ZFS is now the default install).

2

Hardware and Performance / Re: Home OPNSense setup: reliable, budget-friendly fanless Mini PC suggestions?

« on: August 28, 2024, 06:36:41 pm »

@Greg_E You might find something on https://mitxpc.com/

3

Hardware and Performance / Re: Home OPNSense setup: reliable, budget-friendly fanless Mini PC suggestions?

« on: August 28, 2024, 03:36:49 pm »

I'd go with the 8GB of RAM model. Default install now uses ZFS and it will use the extra memory if it is available. My system is currently using about 6GB. And you want to use ZFS so you can use bectl.

4

Hardware and Performance / Re: Home OPNSense setup: reliable, budget-friendly fanless Mini PC suggestions?

« on: August 27, 2024, 02:45:43 pm »

I think Netgate 2100 uses a ARM CPU. Not sure Opnsense runs on that, at least official builds.

Why not include the Elkhart Lake CPUs as well (e.g. J6412)? The performance is similar to N5105, N5095 (Jasper Lake). Take with a pinch of salt but:
https://www.cpubenchmark.net/compare/5157vs5337vs4474vs4472vs4412/Intel-N100-vs-Intel-N97-vs-Intel-Celeron-J6412-vs-Intel-Celeron-N5095-vs-Intel-Celeron-N5105

Other thoughts. There appear to be lots of people running OpnSense on Alder Lake CPUs (e.g. N100) bought from PRC companies. You may need to do a microcode update. See:
https://forum.opnsense.org/index.php?topic=36139.0

I believe Protectli machines are made in PRC as well but you get better warranty, support and product is more consistent but you pay quite a bit more for similar features. There are lots of posts here that give you some idea of the manufacturing quality control of PRC companies selling on Ali Express e.g.: https://forum.opnsense.org/index.php?topic=41232.msg203797. Some people appear to buy these units and have great success and others have problems. You roll the dice...

The Taiwanese companies mentioned previously (GigaIPC, Jetway, AAEON) may also manufacture in PRC but to ISO manufacturing standards. They appear to be mostly making industrial PCs to sell to businesses rather than consumers and people who are happy to tinker. But again, you are likely to pay more. And they are slower to bring latest and greatest low-power CPUs to market compared to PRC companies selling on Ali Express and elsewhere.

You have to decide what trade-off is right for you in terms of CPU performance/features -- manufacturing quality/reliability/support -- cost. 

A thought on heat issue: I installed an NVMe drive on my last machine. Faster but I think the extra speed is unnecessary for this application and likely generates more heat than other storage options.

5

Hardware and Performance / Re: Home OPNSense setup: reliable, budget-friendly fanless Mini PC suggestions?

« on: August 26, 2024, 09:14:08 pm »

I couldn't find a Mini PC from these manufacturers with an N100 chip, and fanless models seem to be scarce.

https://www.jetwaycomputer.com/BFTADN1.html
https://www.jetwaycomputer.com/BFDADN1.html

https://www.gigaipc.com/en/products-detail/QBiX-Pro-ADNAN97H-A2/

These are all fanless with N97. N97 is closely related to N100. See comparison here:
https://ark.intel.com/content/www/us/en/ark/compare.html?productIds=231803,233090

6

Hardware and Performance / Re: Home OPNSense setup: reliable, budget-friendly fanless Mini PC suggestions?

« on: August 26, 2024, 03:04:16 pm »

I'd avoid the Fitlet3. The Fitlet2 was a nice machine but the built-in LAN ports on the Fitlet3 appear not to play well with BSD. See https://fit-pc.com/wiki/index.php?title=Fitlet3_Errata_Notes#FITLET3ERR005:_fitlet3_default_LAN_interfaces_are_not_recognized_by_some_-nix_based_OS

Other options that might be worth a look are AAEON and Jetway (these are both Asus companies) and GigaIPC (Gigabyte). These companies all make industrial minipcs for various purposes. They will generally be more expensive than the boxes made in the PRC but manufacturing standards are likely to be higher and you'll get better support. I'm currently using a GigaIPC with J6412 and dual Intel 1G LAN ports to run Opnsense. Barebones cost me $169 last year but cheapest I can find it for now is $240. I have no experience with Jetway boxes but you can find their J6412 barebones online with 2 to 4 i225v for under $300. They also sell a couple of Alder Lake N systems with dual i225v.

7

Hardware and Performance / Re: Protectli Vp2420 performance experiences

« on: July 04, 2024, 07:29:17 pm »

I am using a small box with a J6412 (https://www.gigaipc.com/en/products-detail/QBiX-EHLA6412-A1/), 16GB Ram, and running a paid version of Zenarmor. There's miles of headroom but the network load is not exactly demanding and I am not running either Suricata or a VPN.

8

Hardware and Performance / Re: Is this Topton mini PCs a good choice?

« on: April 10, 2024, 07:57:44 pm »

There are Taiwanese options if you are looking for better manufacturing, quality control, and support e.g. AAEON and Jetway (both Asus companies). GigaIPC (Gigabyte) sells a barebone box with a J6412 and two Intel I211 that can be had for as little as $225.

9

General Discussion / Re: Would you like to see Fido U2F?

« on: February 09, 2024, 04:08:35 pm »

Yes, although preferably Webauthn/FIDO2. This is likely to become increasingly popular now passkeys are supported on iOS, Android and other devices. The US Federal government is also keen to get rid of any form of authentication that isn't phishing resistant. See https://zerotrust.cyber.gov/federal-zero-trust-strategy/#identity

MFA will generally protect against some common methods of gaining unauthorized account access, such as guessing weak passwords or reusing passwords obtained from a data breach. However, many approaches to multi-factor authentication will not protect against sophisticated phishing attacks, which can convincingly spoof official applications and involve dynamic interaction with users. Users can be fooled into providing a one-time code or responding to a security prompt that grants the attacker account access. These attacks can be fully automated and operate cheaply at significant scale.

Fortunately, there are phishing-resistant approaches to MFA that can defend against these attacks. The Federal Government’s Personal Identity Verification (PIV) standard is one such approach. The World Wide Web Consortium (W3C)’s open “Web Authentication” standard, another effective approach, is supported today by nearly every major consumer device and an increasing number of popular cloud services.

Agencies must require their users to use a phishing-resistant method to access agency-hosted accounts. For routine self-service access by agency staff, contractors, and partners, agency systems must discontinue support for authentication methods that fail to resist phishing, including protocols that register phone numbers for SMS or voice calls, supply one-time codes, or receive push notifications.

10

Hardware and Performance / Re: Help deciding between Protectli VP2410 vs FW6A

« on: November 03, 2023, 04:38:33 pm »

If you plan on having more than one AP, you might want to look at Ubiquiti Unifi, TP-Link Omada, and Aruba Instant-On. Those are the more affordable systems that people use in home setups that are a step up from mesh systems (e.g. Eero). There are reviews and comparisons of all three systems at https://evanmccann.net/. If you use this type of system rather than a router in AP mode, you'll probably want a switch that supports PoE with sufficient PoE ports and power to support however many APs or other PoE devices you are likely to attach to the network.

11

Hardware and Performance / Re: Looking for guidelines to help choose the optimal hardware or opnsense ?

« on: September 22, 2023, 02:29:01 am »

Presumably, you already have a fairly good idea what sort of CPU and how much memory you need based on your current N5105 machine. Does it handle the requirements above? If not, there are review sites that benchmark various 11th and 12th gen Intel mobile and embedded CPUs running Opnsense in various configurations. Memory and storage is cheap, especially if you buy and install it yourself, so you may not save much by being economic.

I agree with Patrick that for business users, going with a Decisio or Supermicro makes sense. In the overall scheme of things those products are likely to be seen as good value for money in that context. As a home user I'm not sure I want to spend that sort of money but think the AliExpress route has a fairly substantial risk of being a false economy. Reading accounts here and elsewhere of some the heating and other issues that users sometimes run into doesn't make me want to buy.  I guess some people love tinkering but I just want a reliable box that won't get me into trouble with family members working from home. I'd rather just pay another $100-$200 for improved design, manufacturing and proper quality control. If you buy something from AliExpress I think you are guaranteed to be a guinea pig no matter what you buy because the models and components are constantly changing. See discussion here: https://forum.opnsense.org/index.php?topic=27938.msg139706#msg139706.

You didn't state which product you are interested in. There are probably decent options that would arrive much quicker. The downside with the manufacturers like the ones I mentioned previously are that they are selling 'industrial' PCs  to businesses who want/need reliability. I think for that reason the product cycle is a bit slower. That means if you want a fanless box with the latest and greatest low-wattage CPU, say an Alder Lake N, you have to wait or go with a cheap PRC box from AliExpress or elsewhere.

12

Hardware and Performance / Re: Looking for guidelines to help choose the optimal hardware or opnsense ?

« on: September 20, 2023, 07:31:59 pm »

I'm looking for opnsense hardware selection tool / guidelines to help choosing the right hardware (especially optimal CPU and RAM to avoid wasting resources and money).

I am curious why there isn't more discussion of what I would label middle-ground options that lie somewhere between Decisio and Supermicro on the one hand and stuff you can buy on AliExpress on the other hand. They would seem to offer a better balance of price/performance/quality. Less pricey than the former but much better manufacturing quality control than the stuff being sold on AliExpress and, presumably, also better support. I am thinking of gear from Taiwanese companies like AAEON, Jetway, Up Systems (all affiliated in some way with Asus), GigaIPC (Gigabyte) and Lanner. The latter's hardware is often sold for network firewalls under other labels. Most of these companies are selling boxes with Elkhart Lake CPUs which have roughly equivalent performance to the N5105 mentioned above as well as having similar power and thermal properties and Intel LAN ports.

A couple of examples: J6412, 4 Intel LAN ports, around $370 (~330CHF). Add your own memory and storage.
https://www.jetwayipc.com/products/hbfdf13-6412-b-series/
https://www.aaeon.com/en/p/desktop-network-appliance-atom-x6000e-fws-2280

13

Hardware and Performance / Re: Compulab Fitlet3

« on: August 13, 2023, 04:01:30 pm »

These posts suggest that the issue might be resolved/resolvable in FreeBSD 13.2:

https://www.reddit.com/r/opnsense/comments/15nju4b/comment/jvmjfw0/

https://forums.freebsd.org/threads/marvell-88e1512-phy-support-in-13-2.88893/

14

Hardware and Performance / Re: Compulab Fitlet3

« on: April 21, 2023, 07:19:43 pm »

I have been using a Fitlet2 since 2019 and it's been rock solid running OpnSense. Great build quality and very reliable. I had a Fitlet3 on order for a second location but canceled after seeing the FITLET3 ERR005 note. My understanding is that they had planned to use Intel controllers but they have had supply issues. Hopefully this gets resolved and later versions use Intel.

15

General Discussion / Re: Help choosing wireless access points

« on: January 12, 2023, 04:03:24 pm »

I am not sure how widely MoCA is used in the US. I just discovered it as an option last year. Before that I had no awareness of MoCA. It works well in my use case. I can't tell the difference in performance between the AP I have connected via CAT5e and one I have connected through MoCA.

I have no idea where the OP resides or how common it is for homes outside of North America to have coax installed. I did do a quick search and most of the MoCA adapters for sale on Amazon US also appear to be for sale on Amazon UK so there must be some market for them elsewhere.