OPNSense Hardware - best option in 2020?

[CyberEye]

I am currently using virgin media Superhub 2 which has its obvious limitation and would like to upgrade my home network with a better router.

I have added a pihole to my network and now want to improve both routing and firewall capabilities. Pfsense and OPNSense seem to be the way to go. If you have suggestions for alternatives, please let me know...

I have been looking at hardware options for running pfsense and wonder what would be the best solution and faciltate wifi connections around my home. Power consumption is a cocnern and it must handle 200Mbit internet speed. For future proofing, I would like it to handle up to 1GB internet speed and updates for the next 5 years. Probably I will keep it for 10 years...

Would something like this box available on aliexpress be a good option or can you suggest a better alternative?

https://www.aliexpress.com/item/400...earchweb0_0,searchweb201602_,searchweb201603_

 

[Caged]

I would separate the AP tasks from the router itself - the pfSense team are quite open about the wireless support in their platform being poor

https://docs.netgate.com/pfsense/en/latest/wireless/configuration-ap.html

 

[Si MPS]

Look at Ubiquiti stuff for wifi if you want to separate it out, the general APs are pretty cheap and if you're rolling something for your gateway, you could look at deploying the controller too (although controller is linux based, not *BSD based so won't work on opnsense / pfsense) or you can get a cloudkey setup / cloud controller setup.

I've used both distros as my edge and both were fine albeit a little overly complicated to setup (and I'm a network engineer).

I've also used Vyos which is good (you can only get the bleeding edge versions without support or you have to build your own) but 1.3 is pretty stable now with good featuresets, it has a firewall built in too albeit not gui-fied like OPN/PF.

 

[Avalon]

Distro wise the obvious omission is Untangle, paid version is worth it, but free version is decent.

Hardware wise an APU2 is low power, but higher cost upfront, an ODroid H2 or H2+ is pretty well supported for pfsense (the + has 2.5Gb NIC’s, but they’re RealTek). The device you link to is not one I would personally choose, but it fits your requirements. For £45-100 you can get something a lot more capable and easily upgradable with only slightly higher power usage.

 

[Mikey]

Agree re Untangle, but also take a look at Sophos XG

 

[The IPB]

I'm running untangle on a qotom mini pc from Ali express.

I tried out Sophos, Opnsense and pfsense before settling on untangle. It's just a much more refined experience to use than the other imo.

 

[Mikey]

I’m back on Sophos XG atm, prefer granular rules and grouping of services UI.

although I’ll prob fire up my Untangle over the weekend.

licensing changing on untangle anyway

 

[The IPB]

Yeah the change in the licensing has caused a bit of uproar in the forums.

I have the $50 HomePro license at the moment, or whatever it is called but that is not going to be available going forward. I may jump over to Sophos once this runs out.

 

[Mikey]

That’s why I dug my Sophos Xg out again and decided to familiarise myself again and tune it up.

considered looking for a Fortigate or Sonicwall.

 

[The IPB]

I'll fire up a VM and give it another look at, I just really don't want to start from scratch again lol I've got untangle to a point i'm happy with it.

Oh well, more tinkering

 

[Mikey]

I don’t mind untangle, but the rule creation in the firewall app where you can’t create service groups easily irritates me.

untangle’s response, why do you want to do that followed by I’d have to create a rule for UDP and another rule for TCP. Really

 

[lmfy2k]

I run pfsense on a hp t730 thin client with quad network card, works very well.

 

[Mikey]

I'm running untangle on a qotom mini pc from Ali express.

I tried out Sophos, Opnsense and pfsense before settling on untangle. It's just a much more refined experience to use than the other imo.

Hi,

What Qotom unit are you running, I'm looking at the Q350G4 i5-4200U or Q370G4 i7-4500U and I'll add my own RAM and SSD.

 

[Avalon]

We live in a world where an i3 6100 SFF inc RAM/HDD costs £60-70 and a 2-4T Intel NIC from under £10, unless you absolutely have to pay significantly more for the ultra small form factor or limited performance, it’s hard to logically justify a Qotom.

 

[Mikey]

Have one of those and a Dell PowerEdge R220 sat in loft lol

Running on a Atom E3845 atm

 

[Avalon]

R200 or R210-II? The former isn’t great, the latter is a decent short 1u box that’s quite civilised in terms of performance and heat/noise. The Dell/Lenovo stuff I’ve grabbed recently generally has 1 PCIe and runs whisper quiet on 25w or so of power with a low profile i350-4T in.

 

[Mikey]

R220 with a Xeon E3-1240L

 

[The IPB]

Hi,

What Qotom unit are you running, I'm looking at the Q350G4 i5-4200U or Q370G4 i7-4500U and I'll add my own RAM and SSD.

The Q350G4 is the one I have.

 

[Bluecube]

An alternative is the Odyssey Blue if you can find one. Dual NIC, WiFi and Bluetooth, 120gb SSD, 8Gb memory for about £210. Also has various connections for Arduino if that floats your boat.

 

[andy_mk3]

R200 or R210-II? The former isn’t great, the latter is a decent short 1u box that’s quite civilised in terms of performance and heat/noise. The Dell/Lenovo stuff I’ve grabbed recently generally has 1 PCIe and runs whisper quiet on 25w or so of power with a low profile i350-4T in.

I run an R210ii, it's running Windows Server 2019 and I have pfSense in a VM along with Unifi Video and Home Assistant on their own VM's. I keep that machine as my priority machine so that almost never gets touched.

If you don't want rackmount hardware then an old SFF Dell/HP system will be ideal. Low power, quiet, small, upgradeable and you can easily slot in a quad port NIC should you want to.