nano image bigger than (standard) 4GB CF card?

Started by 8191, November 29, 2015, 07:52:02 PM

Previous topic - Next topic
The nano image (OPNsense-15.7.18-OpenSSL-nano-i386.img) is actullay 3999997952 bytes in size, while my 4GB Kingston CF card holds 3997163520 bytes. Interestingly I've a second 4GB CF from Transcend, which holds 4009549824 bytes.

I have no idea if there is a well defined definition for "4GB", but actually I guess I'm not the only one with a CF smaller than the nano image. What does the third slice of the image actually hold? Is there any important data in the last 50MB?

November 30, 2015, 07:47:50 AM #1 Last Edit: November 30, 2015, 07:49:57 AM by franco
We've already relaxed the size for nano images, hoping all generic storage would be ok now, but it does not seem so... :(

https://github.com/opnsense/tools/commit/5882708366e1a717f5984af125c60e01efe00660

This is the lowest that FreeBSD's NanoBSD script allows, we can lower this further, but not without ugly hacks and at some point the topic will come up again, because it's not low enough again.

The third slice is a twist of the NanoBSD script that needs to be enabled in order for the script not to crash and burn. It's not used.

The second slice of the Nano image is dormant for OPNsense, but flashed with the same initial version. We removed the original Nano scripting to make the code simpler and put targeted pieces back in that were really needed. Initially, this wasn't our focus but then m0n0wall EOL happened and we decided to incorporate this track as best as we could. It's also harder for us to provide a multitude of Nano images for all sizes, because we won't release images we haven't booted and configured.

That's the whole Nano story. It's not optimal, mostly failing due to size constraints in CF cards and RAM, then squid or suricata on slower hardware. It feels like being on opposing ends with the requirements.

November 30, 2015, 03:58:39 PM #2 Last Edit: November 30, 2015, 07:59:14 PM by mf
Thanks for the detailed explanation.

Quote from: franco on November 30, 2015, 07:47:50 AM
The third slice is a twist of the NanoBSD script that needs to be enabled in order for the script not to crash and burn. It's not used.
So that means that nobody minds if the last slice ends in the middle?

Are there any hardware recommendations from the projects side? The PC Engines' ALIX (one of the most commonly used hardware for pfsense) is for your mentioned reasons not the best choice for OPNsense. The hardware is also already quite "old" and weak, compared to state of the art micro appliances.

Anyone tried OPNsense on PC Engines' newer micro appliance APU?

QuoteAre there any hardware recommendations from the projects side?

I'm just a user of the OPNsense project, so I can't give an "official" recommendation, but I'm running OPNsense on the following boards:


The C2558 does provide AES hardware encryption while the J1900 does not, but it has a lower price point. Besides that I'm also running FreeBSD on the http://www.asrockrack.com/general/productdetail.asp?Model=C2550D4I#Specifications and this works quite well.

I don't have experience with ALIX, though. On the other hand, Decision, the company behind the OPNsense project, does offer ready-to-use appliances through their shop at https://www.applianceshop.eu/.


Regards
- Frank

Thanks for you recommendation, Frank!

What kind of storage do you use in your boards?

Quote from: fraenki on December 01, 2015, 04:13:46 PM
...
I'm just a user of the OPNsense project, so I can't give an "official" recommendation, but I'm running OPNsense on the following boards:


The C2558 does provide AES hardware encryption while the J1900 does not, but it has a lower price point.
...

Regards
- Frank

Hi!

Thanks for your recommendations, you don't happen to have any throughput numbers for the A1SRi-2558F with OPNsense?
I need to decide what fiber connection to choose and there is no point in getting faster access than what my FW can handle.

   /Jonas...

I doubt the C2558 will have any problems with 1Gbit/s speeds.
Of course it depends on what you want to do with it.

In my experience, I run a C2758F SuperMicro server at home with a 200/20Mbit cable connection.
This is OPNsense in a Hyper-V 2012 R2 Virtual Machine, which also allows hardware offloading of AES.
My ISP is relaxed, so I can reach a bit above the 200Mbit download continuous.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.