OPNSense & Intel AES-NI J3160 Yanling NUC

Started by Jhjacobs81, December 02, 2020, 10:26:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 02, 2020, 10:26:26 PM
so, i got me one of those to try, but it ends up with a kernel panic :(

Anyone any experience with one of those?
https://dutch.alibaba.com/product-detail/intel-celeron-j3160-quad-core-nuc-mini-pc-with-4-intel-gbe-lan-for-pfsense-firewall-and-network-server-60778936461.html?spm=a2700.md_nl_NL.deiletai6.1.595418c8dOmxan

Its supposed to work with pfsense, so i thought OPNSense shouldnt be a problem either, maybe my usb disk is broken.. or so i hope ;-)
December 20, 2020, 11:10:16 AM #1
Any updates on this topic?
I have also ordered such a device from Banggood.com. Manufacturer is a different brand but looks similar. Will arrive on monday and then I want to install OPNsense.
Have you tried to update the bios?
XSK NUC Intel Celeron J3160 aka Protectli FW4B, 8GB RAM
OPNsense 22.1
December 22, 2020, 11:47:29 AM #2 Last Edit: January 16, 2021, 03:56:42 PM by datenimperator
Oh oh... have also ordered one. Can anybody shed some light on the details? Regards

Christian

EDIT: Mine arrived yesterday. Came with pfSense installed, the USB installer of OpnSense 20.7 worked flawlessly. Replaced the config backup, and it runs nicely. No issues whatsoever yet.
December 28, 2020, 05:33:25 PM #3
I purchased a similar device in 2017 from Protectli, but likely also made by Yangling, with AES-NI, atom e3845.  It ran pfSense, and then opnsense, until it bricked yesterday while updating opnsense.  It ran opnsense in my easy SOHO environment very nicely with much room to spare, until the untimely hardware failure.  These devices are well-suited to opnsense, but I am now uncertain about the hardware reliability.
January 18, 2021, 01:25:38 AM #4
@datenimperator: as you had an APU2 and now have this J3160, can you compare the two? Speed, stability, heat, etc.

Thanks, Tom
System 1: PC Engines APU2C4
System 2: PC Engines APU2E4
System 3: Proxmox-VM on Intel NUC
January 21, 2021, 04:21:31 PM #5
my j3160 arrived a few days before christmas and had up to now no problems with the installation or operation, except the problem who sitting in front of the device ???
XSK NUC Intel Celeron J3160 aka Protectli FW4B, 8GB RAM
OPNsense 22.1
January 24, 2021, 02:34:17 PM #6
Quote from: thowe on January 18, 2021, 01:25:38 AM
@datenimperator: as you had an APU2 and now have this J3160, can you compare the two? Speed, stability, heat, etc.

Thanks, Tom

Can't say anything on stability yet apart from "works". As I said, installation was easy. I replaced a few tunables that explicitly targeted the AMD platform. No dropouts, no high CPU. Performance of the i210 ethernet ports seems to be better than those on the AMD SoC, but that was to be expected.

On the APU I disabled some services to save CPU: Netflow & insight, IDS. Re-enabled them without a noticeable effect on performance.

Overall, the J3160 feels a little warmer on the outside, but in the 45-48 degree celsius range (CPU temp). Given that this thing is passively cooled I think that's pretty good. I even replaced the BIOS with coreboot from the Protectli FW4B which is the same hardware.

The Yanling NUC comes with a 12V/3A power supply. I continued to use the 12V/2A supply that I had from the APU, no issues yet. So far I'm very happy with it. BTW I like the overall mechanical quality. A good, solid "weighty" feeling.

Regards

Christian
January 24, 2021, 10:36:07 PM #7
Quote from: datenimperator on January 24, 2021, 02:34:17 PM

As I said, installation was easy. I replaced a few tunables that explicitly targeted the AMD platform. No dropouts, no high CPU.

Can you please specify which tunables you mean. Would like to check mine, maybe I can improve my system a little bit.
Thanks.
XSK NUC Intel Celeron J3160 aka Protectli FW4B, 8GB RAM
OPNsense 22.1
January 26, 2021, 03:01:37 PM #8
Quote from: ChrisChros on January 24, 2021, 10:36:07 PM
Can you please specify which tunables you mean. Would like to check mine, maybe I can improve my system a little bit.

My setup on the J3160 NUC is currently like this (all others are at their defaults)

Code Select

# Increase VFS read-ahead
vfs.read_max=128

# No ICMP redirects
net.inet.ip.redirect = 0

# A speedup of 40 to 60% in packet forwarding performance!
net.inet.ip.fastforwarding = 1

# Disable hardware flow control, CPU is faster
dev.igb.0.fc = 0
dev.igb.1.fc = 0
dev.igb.2.fc = 0
dev.igb.3.fc = 0

# The OS buffer / backlog queue depth for accepting new TCP connections
kern.ipc.somaxconn = 1024

# Loopback interface tuning
net.inet.tcp.nolocaltimewait = 1

## IPv6 Security
# Disable Node info replies
net.inet6.icmp6.nodeinfo = 0
# Disable IP/ICMP redirect
net.inet6.icmp6.rediraccept = 0
net.inet6.ip6.redirect = 0



Credits go to https://gist.github.com/clemensg/8828061 and others. Cheers!
January 26, 2021, 05:56:37 PM #9
Thnaks.
Where have you insert the tunables, whitin the UI or in /etc/sysctl.conf?
XSK NUC Intel Celeron J3160 aka Protectli FW4B, 8GB RAM
OPNsense 22.1
January 26, 2021, 07:21:57 PM #10 Last Edit: January 26, 2021, 07:42:18 PM by thowe
In OPNsense you don't have to edit files at OS level in order to set tunables. Just add them in GUI. This is true even for the boot/loader.conf ones, as all entries are added there as well.
System 1: PC Engines APU2C4
System 2: PC Engines APU2E4
System 3: Proxmox-VM on Intel NUC
January 26, 2021, 07:33:41 PM #11
Quote from: thowe on January 26, 2021, 07:21:57 PM
In OPNsense you don't have to edit files at OS level in order to set tuneables. Just add them in GUI. This is true even for the boot/loader.conf ones, as all entries are added there as well.
Thanks for you answer.
XSK NUC Intel Celeron J3160 aka Protectli FW4B, 8GB RAM
OPNsense 22.1
Print
Go Up Pages1
User actions