Messages

https://www.supermicro.com/en/products/motherboard/A2SDi-4C-HLN4F

Comes with IPMI, full monitoring of everything like voltages, fan speed, temperatures availably with e.g. Observium. Can easily drive a 1Gbit/s uplink, no experience with higher speeds.

Thanks for the recommendation! Indeed, it is starting to look like that I have to utilize IPMI and do a custom build. Not my favourite option but probably what I have to go for in the end.

O.K. - last bit of debate about just one error in your string beliefs. Here is the smartctl output of a lightly use home installation of OpnSense:

[...]

Oh, just in case you do not have a calculator at hand, that amounts to 222 GByte/day, and BTW: those were not logs. You'll learn the hard way.

Good luck, I am out of here.

19.5 TB data written over 3,661 power on hours should amount to 128 GB per day - not 222 GB per day.

Regardless, SSD endurance is still not a problem:

• A 500 GB WD Red SN700 NVMe SSD (advertised for use in NAS environments) has an endurance of 1000 TBW and costs only marginally more than a budget WD NVMe SSD. Even at a rate of 222 GB data written per day, it would take 12 years for the SSD to exceed the guaranteed endurance.
• Plenty of people are running their OPNsense comfortably for many years on SSDs with much less endurance and without replacing them. It does not seem to be the limiting factor.

I'm not here to debate my requirements; I do not find it productive and they are not that outlandish either. Of course I'm open to questions and very thankful for security concerns I have overlooked, such as the vendor BIOS updates but primarily I'm here to find out what options exist and whether I need to increase my budget.

Let's not get sidetracked and refocus on the original problem again.

Hardware requirements:

• 6x RJ45 1Gb/s LAN ports
• Quiet, active cooling (or retrofitting a fan is possible)
• Hardware properly supported by FreeBSD
• Low power draw

Corrections:

• I need full hardware monitoring (temperatures, voltage, fan PWM), not just CPU/SSD temperatures
• BIOS updates are not on my list, they are optional but nice to have
• Cost is ideally ~500€ (like mentioned, can be stretched, e.g. to 700€), it is not "under 500$ (425€)"

Some clarifications for context, no need to debate:

• SSD endurance does not matter, even a cheap WD Blue (150 TBW) would need 137 GB of writes per day to hit that limit in 3 years. OPNsense logs are in the range of a few GB per day and anything bigger needs to go into a proper log aggregation system like Loki to be of use anyway.
• A single 80x80 mm intake 1W fan dropped the CPU temperature by 10°C on my test device, despite the CPU being installed on the opposite site of the casing. More headroom means less throttling, less power draw, higher performance and higher lifespan of nearly all components. And I like to have the option to use the performance I paid for.
• Proper Super I/O sensors help with detecting fan issues and system cooling issues before they become a problem. They detect degraded VRMs and may even detect a dying PSU, which can show up as voltage deviations. CPU and SSD temperature sensors are not related to this in any way and can not detect most of these issues reliably.
• Not monitoring a 24/7 edge device is the unusual position here, not the other way round. Every serious vendor exposes board sensors by default. Proper hardware monitoring helps to identify problems before they become actual hardware failures and allows shutdown options through self-monitoring where BIOS options are not available or reliable.

Questions that are still open:

• Turning ASPM off - Does this have any negative side effects aside from an increase in PCIe power consumption and is this bug present on every hardware?
• What is the minimum budget for the requirements I've set?
• Which hardware does ship with supported full hardware monitoring?
• Are there other vendors that offer OPNsense compatible hardware, aside from the ones I listed yet?

Hello, I've been researching this topic thoroughly for a while now and so far it's been very hard for me to find sane, affordable hardware options with the requirements that I have.

My requirements are the following:

• 6x RJ45 1Gb/s Ports (2.5Gb/s is nice to have but not required)
• Active cooling but quiet when idle (I don't trust passively cooled devices that run 24/7 very much and thermal wear on other components is much lower)
• Proper device monitoring including mainboard temperatures and fan PWM
• Hardware properly supported by FreeBSD
• Low power draw
• Affordable, meaning the hardware costs around 500€ (a bit more is also fine)

I don't mind buying passively cooled hardware and upgrade it with a fan myself, as long as it fulfills the requirements posted above. Please note that I don't want to deal with external USB fans, the fans should be installed inside the device.

So far I have checked a lot of the N100/N150 desktop mini PC hardware, however most of them contain ITE IT8613E Super I/O chips, meaning proper monitoring is not possible. A hwmon driver has been written for this Super I/O chip, however it has been in review for 2+ years and who knows when it will be finished. I wouldn't mind helping out with that but just reading up on all the bureaucratic procedures regarding this is causing me headaches already. All the posted warnings about very specific N100/N150 incompatibilities, are making me wary of this option as well - I don't want to buy hardware and then see random errors piling up later, that can't possibly be fixed due to BIOS constraints and the like.
On the positive side: I've tried out such an appliance before and I was able to tweak the processor options in the BIOS and OPNsense similar to what has been stated in the "Built on N150" thread. It helped to reduce power consumption, as well as heat by a good margin.

Now, I've done some research and looked at my options:

• Official OPNsense hardware: No affordable device with 6x RJ45 ports (costs over 1,500€).
• Landitec: Business to business only.
• Thomas-Krenn AG: Same as Landitec.
• Known desktop brands (ASUS, Intel, etc.): Haven't been able to find any device with 6x RJ45 ports, not even taking low power draw into consideration.
• CWWK: There is a whole zoo of products that ultimately are only rebranded CWWK hardware. Contains the aforementioned ITE IT8613E chips which makes hardware monitoring impossible, needs manual fan installation and the quality assurance process is questionable (I've heard about "magic smoke" coming out of the power supply in some cases). I'd rather buy from a more reputable manufacturer.
• Protectli: Same as CWWK, except the brand is more reputable and therefor the quality assurance is probably a lot better. Same hardware monitoring problem and I'm not sure if you can manually install a fan in all of them.
• NRG Systems: Has a N150 rack option (IPU610) with three fans, which is more in line with what I'm thinking about but the case fans can only run on full power with no PWM input, meaning quite an amount of hardware tweaking is required to make them work the way I like to. Sadly contains a ITE IT8613E chip as well and I don't have a rack (though rack installation is not necessarily required but will require buying a larger open shelf).

Can someone more knowledgeable than me maybe provide some insight or assistance? I don't have CPU heavy workloads, meaning no VPN or packet inspection, having a bit of "leeway" with the CPU is a plus however, traffic shaping could be an interesting option.