Questions about running OPNsense in live mode

[jonf]

Greetings,

I've recently bought a new pico-ITX PC to use as my home router and I've chosen to use OPNsense for this.  When I boot into the DVD ISO image I notice it starts by default in live mode.  I've read it can also be run permanently in such a mode ("embedded", I think?) if you want.  Just out of curiosity, I have a couple of questions about this:

- Aside from reducing the number of read/write operations for certain types of flash media (depending on the user's chosen hardware), would there be any other benefit(s) in running OPNsense this way vs. a more permanent installation (e.g. security-wise)?

- I see that you can install plugins for extra functionality in OPNsense.  If I run it in live mode, are these plugins 'installed' in RAM with the rest of the system, or can they be saved onto non-volatile storage (i.e. to reduce recovery time from a power outage)?

- Would backing up the config in live mode just restore your core settings, or would it also include whatever plugins (or their respective config) you chose?

[newsense]

Other than verifying the hardware is fully operational on opnsense there's little benefit of running in live mode.

Furthermore, you'll be missing a lot of security patches and be stuck on the release image at least for the kernel, so in a nutshell, do a regular install and subsequent updates on a decent drive and keep a current backup when all is configured.

[jonf]

Other than verifying the hardware is fully operational on opnsense there's little benefit of running in live mode.

Furthermore, you'll be missing a lot of security patches and be stuck on the release image at least for the kernel, so in a nutshell, do a regular install and subsequent updates on a decent drive and keep a current backup when all is configured.

Fair enough, thanks for the input.

[Ricardo]

@jonf: if you plan to use ssd for the opnsense install, no need to worry about ssd wear. You can setup /var as memory filesystem (a.k.a RAM drive if you wish), so the frequent writing of log files will not torture the ssd, it will remain in RAM-only. Other files are not written very heavily in other parts of the system, unless you perform version updates/reinstall etc. Only side effect is that you will lose the log content during reboot/shutdown. So if you care about the content of the logs, you have to back them up periodically. Same memory based filesystem can be activated for /tmp as well (but temp itself already has only very minimal writing traffic, so that is not a real concern anyway). The big advantage is that you can do this RAM disk enablement from GUI, and you can revert back to normal filesystem storage anytime if you change your mind.

[Patrick M. Hausen]

Adding to @Ricardo I have come to recommend Transcend 370S series SSDs. 2.5", M.2, mSATA. whatever fits your platform. Pros:

• still available in small sizes like 32, 64, 128 G
• not dirt cheap but reasonably priced
• have an insane TBW (write endurance) for the size

My apu4d4 has got an 128 G SSD of that line and OPNsense uses between 2 and 3 currently. So huge breathing room combined with a TBW of 360, that means they guarantee that you can write 360 Terabytes to that drive ... not going to wear out just by writing.