It's time to investigate upgrading my OPNsense hardware

[Gary7]

I've been using an APU2D4 since OPNsense 19.1 and upgrading OPNsense along the way to 25.1 (current). Still working fine, but FreeBSD hardware support might be questionable in the relatively near future.

possible OPNsense hardware:
   maybe Intel N150 CPU - starting to be available and would be a huge improvement (maybe, "overkill" but the same CPU power usage)
   4 port i226 network
   serial port or USB for console access
   don't need (or want) WiFi
   no cooling fan

Does anybody have experience with the (inexpensive) Chinese mini PC manufacturers?  Topton, CWWK/Changwang, HUNSN, SJRC, HKUXZR, etc
Many of the models from different manufacturers appear to be identical, at least, the cases and specs look the same.

quality of hardware?   decent or the typical low-quality chinese stuff?
updating BIOS?   requirement to be able to update BIOS to either AMI or Coreboot (preferred)

I was thinking that I would buy a barebones box, purchase decent quality memory and SSD, flash BIOS to current AMI or Coreboot. I really don't trust software coming from China even though it's probably the generic AMI BIOS.

If anybody has better recommendations, I'm very interested.

[meyergru]

Have you tried using the forum search? There are plenty of threads covering your exact question, modulo the N150, which is a successor to the N100.

[Hochenna]

I run my home connection off a Topton n100 router box. Opnsense is virtualised in proxmox with 2 of the 4 nics pci-passed-through. It works really well and is certainly able to handle my 1gbps symmetric fibre connection with ease. Peaks at about 15% CPU usage when it's saturating the line and hovers the 4% mark during idle / regular home usage. I do not use any kind of IDS/IPS though.

[OPNenthu]

4 port i226 network
serial port or USB for console access
don't need (or want) WiFi
no cooling fan

Coreboot (preferred)

Protectli Vault V1410 ticks all those boxes and can optionally be upgraded with WiFi or 4G LTE, but has some some caveats:

- Slightly lesser N5105 cpu
- Memory not upgradeable
- Runs hot (can be solved with an external USB powered fan)

For a headless router box I think coreboot is perfectly fine and is what I use, but it's too bare bones if you plan to do any BIOS customizations.  Go for the AMI or full fat UEFI if you need to control all the things. 

Also, a workaround may be needed for OPNsense 25.1 in order to avoid getting a stuck serial console.  I've not completed the upgrade yet myself as I'm waiting to see if there are any updates from Protectli as mentioned on Page 2.

[senser]

I just got one of those Topton Intel N150 4 port fanless mini PCs from AliExpress to replace my APU2D4 (160 Euros inkl shipping).
I feel I've made a good choice. I've added 16GB DDR5 and a "low power" nvme SSD (WD Green SN350 250GB 2G0C).
I just renamed all occurences of igb to igc in the config.xml and imported it, resetted tunables and added some for RSS and Intel Speed Step or whatever (PowerD is disabled).
So far no issues and a blazing fast web interfcae :)

It doesn't have a BIOS to limit the CPU voltages. But the box is not running hot:

Code Select Expand

$ sysctl -a |grep temperature
hw.acpi.thermal.tz0.temperature: 27.9C
dev.cpu.3.temperature: 50.0C
dev.cpu.2.temperature: 49.0C
dev.cpu.1.temperature: 47.0C
dev.cpu.0.temperature: 48.0C
You cannot view this attachment.

[coffeecup25]

From amazon, find a i226-v pc with a J4125 processor. Unless you are running a good sized business with multiple hard users, this will do well. Add ddr4 memory and a ssd. Even an old 2.5 inch ssd will fit usually. Cheap and way more than enough. The n100 is also ok, but it is super powered, about $50 more in the box, and it runs hot by design. Intel says the heat is ok and not an issue.

[meyergru]

It only runs hot if you do net tweak the maximum TDP, which is often set way above the 6 watts that Intel specifies. This is true for most J4125 boxes, too. What matters most is that any Celeron before the N100 did not have AVX instructions. You will have problems running a Unifi controller or anything else that uses MongoDB >= 6.

[stanps]

I bought a HUNSN from Amazon and it's been rock solid.

This is the one I bought.  I might have went a little overboard with 16 GB RAM and 256 GB SSD...but I've got room to grow.

https://www.amazon.com/dp/B0CG1BVGDX

[EricPerl]

I'm using a N305 CWWK clone currently, and I have a no name N100 as a backup.
I bought both on Amazon with minimal config (barebones when available) and used decent RAM and M.2 drive, repurposed when possible.
No issues in 6+ months running Proxmox + OPN.
BIOS updates are sub-optimal at best IME. You might have to poke support to get an update if available.
Even getting detailed specs is not trivial...

I gave up on IDS/IPS so my HW is likely overkill.

[Greg_E]

I would not recommend j4125, that's getting a bit old. Even n5105 is getting on the old side. N100 should be getting cheap since it has been replaced with n150.

Don't discount AMD CPUs, there are some decent machines out there with AMD.