Recommendations for new hardware for opnsense 25.7?

Started by phanos, August 04, 2025, 07:07:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 04, 2025, 07:07:47 PM
Hi all,

I have been running opnsense for almost two years now on a fujitsu futro S920 with 8GB ram and AMD GX-222GC SOC CPU. I know this machine is not the strongest out there but it serve me well on my previous connection which was 200MB/50MB (download/upload). In that setup I was also running Openvpn, wireguard, suricata on wan in ids mode and zenarmor in LAN in ips mode. I have arround 50-60 devices connected to the internet (but most of them are IOT devices). Ok things were not ideal due to one of the nics being a realtek but still I was happy giving the amount of money put to it.

Now I have upgrade to a fiber connection of 1GB/250MB (download/upload) speed. In order to get the most of my router I replaced zenarmor with adguard and make some tweaks on the tunnables of the router. Overall I do not see the cpu gets bottleneck all the time but when I speedtest (from a wired pc directly connected to the router) I only get in the best case scenario ~850MB download. Most of the times my speed is capped at around ~550MB. Not sure if there is something I can do more to get more of my speed, I tried disabling suricata and stopping other services but the result was the same.

So I am thinking to moving to new hardware and migrating everything to a new router. I search online to either a dell/HP/lenovo SFF pc or either a ready made router from aliexpress (with N150 cpu and 16GB ram) but I having trouble figuring out whether the new system will be enough.

My requirements are:
1) Being able to get my full speed 1GB/250MB
2) Run OpenVPN for 2-3 clients (not heavy traffic all the time)
3) Run wireguard for 2-3 clients (not heavy traffic all the time)
4) Have a few VLans configured
5) Enable IPv6 in the near future
and ideally ...
6) Run Suricata in IPS mode in wan
7) Run Zenarmor in IPS mode  in LAN

Is the N150 even close enough to what I want to achieve or I need to stay clear? What is the recommended hardware for my setup? What are your thoughts on the matter?

Thanks

Phanos
August 04, 2025, 11:22:45 PM #1 Last Edit: August 04, 2025, 11:25:42 PM by BrandyWine
N150 can do it.
It usually boils down to OPNsense stuff.

Read my N150 post (https://forum.opnsense.org/index.php?topic=48166.0), note the hardware being used, three 2.5G copper and two 10G sfp. I run Suricata IPS mode, it's the resource hog. Look for similar hardware. Load testing (LAN clients accessing internet via WAN, etc) is always key when it come to performance. IPS, IPsec, Proxy, plugins, etc etc.

My mem usage is very low, disk usage about nill. 16GB ram 512GB ssd (nvme, etc) seems good. If you can squeeze in 32BG ram that's good too. Choose hardware that can run the fastest RAM, etc.

That device I got has a low noise fan, I saw temps from Lobby saying it got near 61C, N150 has max op temp of about 110C. I will add two small 40mm fans to the bottom plate in push-pull orientation (i'll 3d print a thin cradle for the device to sit in, etc). To keep fans quiet (albeit lowering cfm) I run 24v fans on 12v power.

Above 2.5G the LAN side switching then becomes another look-at point. Can have fast on WAN side, but the LAN side needs it too.
August 05, 2025, 09:54:44 AM #2
thanks BrandyWine for the info. are you running zenarmor on lan as well or just suricata on the wan? how much tweak did you perform on the opnsense side after installing?

I also thinking of going with a cpu i3-1215u instead of the N150 but not sure if it is worth it.
August 06, 2025, 04:31:27 PM #3
No zenarmor yet. Suricata on wan is the ET Pro Telemetry (free) plugin.
I tweaked just a few items using Tunables, nothing crazy. See "Built on N150" thread.

i3 is in every metric way better than the N150. You are comparing different classes of cpu though.
https://www.cpu-monkey.com/en/compare_cpu-intel_processor_n150-vs-intel_core_i3_1215u

i3, 32GB ram, 512G or 1T NVMe, makes for an OPNsense device that will last a long time.
Be sure to seek out hardware that has fastest mem controller.

And from what I can see, the better i3 will run near +$60-100(US) over N150 device.
In % though, getting i3 is approx 50% more money.
August 14, 2025, 08:19:26 PM #4
I end up buying a pentium 8505 with 16GB ram and 4 2.5GB network ports. I think running zenarmor will still not be enough and get the full 1GB speed of my ISP but the alternative options were too expensive anyway. Will try of course the setup and see how it goes when it arrives.
August 15, 2025, 08:36:18 PM #5
8505 is substantially better than N150. i3 is better, perhaps due to it's bigger cache in all levels.

8505 w/ 16GB RAM and some decent SSD, should be ok.
Print
Go Up Pages1
User actions