26
Apr
2018

Should I upgrade to Ryzen 2700X?

I’ve written about Flammenwerfer – my AMD Ryzen 1700X build that I put together last year. As is apparent on every tech YouTube channel at the moment, the Ryzen 2000 series has now launched. The question is – is it worth it for me to sell the 1700X and get a 2700X?

There are some things I have to think about with this.

  • Is the 1700X enough?

Yeah, probably actually. The most I tend to do is transcoding on it – and it’s a beast when it comes to that. Gaming-wise, the online benches do show an improvement in the 2000 series, but it’s only minor.

  • Would I need a new motherboard?

No, actually. From what I can tell the only main difference is StoreMI which allows you to combine slower and faster storage into a single drive – but I prefer keeping control over my storage so I wouldn’t use it anyway. The performance difference between X370 and X470 is negligible.

  • Would memory support be better?

Definitely – I’ve only just got DDR4-2933 working on my system (for a long while I was stuck at 2666). Even now the system does fail memory training every so often and boot loops a couple of times so that would be an improvement for sure. I’m already close to the maximum rated memory speed of my DDR4-3000 kit though so I wouldn’t see any real benefit.

  • Overclocking?

With the newer BIOS versions I have got the system to 3.95GHz on safe voltages on the 1700X – from the looks of things the 2700X does that kind of all-core speed out of the box and can reach the 4.2-4.3GHz mark. Would dropping £299 on ~250-300MHz be worth it?

  • Selling the 1700X?

I can find the 1700X on eBay (at the moment) for £150 ish – and I did keep the box. So that could half the investment of the 2700X.

Ultimately though, I bought the 1700X (pre-ordered, even) for full price – at the time around the £400 mark. That’s quite a decent investment I made – and I probably wouldn’t make back half its value today. Personally in my experience there’s never been a lot of return to me made with selling CPUs though – they depreciate in value extremely quickly. I sold my Phenom II X4 965 for practically a tenth of what I paid for it, so maybe making just under half back wouldn’t be so bad.

I’ve thought about it for a while – I’m not going to bother this time. The socket is expected to be supported for a good while – it may make more sense to wait another year or more for the next Ryzen to be released (or whatever it’s called).

Then I’d be happy to just keep the 1700X as a spare and as a sentimental item – it marks a return to the game after a ten year gap for AMD. I mean, have you seen how much Intel has had to pull their socks up to compete? You can absolutely thank AMDs Ryzen for your 6-core (and rumoured) 8-core desktop consumer Intel chips that have recently come out. We need competition – no matter which side of the fence you sit on.

I’d go for a new CPU and motherboard combination next time – X570 might have some actual new features I might care about and a new CPU architecture means more than a modest performance increase that we got this time around (~3%). Plus, the 1700X isn’t exactly slow anyway! Bring on next year!

25
Apr
2018

IPv6 bogons – OPNsense errors?

I must admit I am still getting used to a more complex firewall setup, as detailed in earlier posts. I’m constantly finding new things in the settings panel which have absolutely no applicable use to me, but absolutely do to those in the larger enterprise space.

That’s all well and good, and I’ve been tootling along just fine leaving most of the more advanced settings alone. Until…

bogonsmessage

[ There were error(s) loading the rules: /tmp/rules.debug:15: cannot define table bogonsv6: Cannot allocate memory – The line in question reads [15]: table persist file /usr/local/etc/bogonsv6]

This was weird. As far as I’m aware, my ISP doesn’t have IPv6 support yet – but I can’t ignore it since it will come in the future. I was having problems getting ports forwarded – I would apply the settings but I still couldn’t get through, unless I rebooted the router. This didn’t make sense to me – this was all working before. One nice thing about OPNsense is the ability to live view packets being allowed or blocked by the firewall – this way I could still tell the default rule was blocking packets that should be allowed through.

That message appeared at the top of the screen each time I applied the firewall settings. Hmm… What actually does it mean? I did some digging and discovered that the IPv6 bogon list was recently expanded – and this has now tipped over the default maximum number of firewall entries.

Since IPv6 is still relatively new, the bogon list (which specifies things like loopback addresses to block on the incoming side of the WAN – those sorts of things should never be on the incoming side so they’re blocked for security purposes) is still being updated.

The solution to this is to bump up the maximum size from the default.

firewallentries

I’ve set mine to 1 million since I have plenty of memory and CPU and didn’t want to have another bogon update trip the limit again. 200,000 is the default limit for versions around the time of writing this (though I’ve read that 400,000 is a decent setting to use). Maybe a million is too many but I’ll see!

Another option is to disable IPv6 bogon filtering in the Interfaces settings page – though IPv6 support may drop at any time I’m going to leave it enabled and just increase the firewall entry table size instead.

blockbogons

I wouldn’t recommend turning off bogon filtering since they are actually quite important, especially with IPv6 covering a much larger set.

Anyway – now that’s been dealt with I can move onto DNS-over-TLS (since it’s all over the web at the moment). Stay tuned!

10
Apr
2018

OPNsense/pfSense: What it brings to the table

I’ve just finished my 2018 router and am enjoying the experience so far. I’ve been wondering… what does it give me over a standard ISP-issued router, and what am I sacrificing? Well – I thought I’d list a few things I have come to appreciate over the last little while…

20180330_171401

I am running OPNsense – and so far it has been great. As for a routing platform it seems quite similar to pfSense – though I do prefer the look of the OPNsense UI (subjectively, mind). But this post isn’t about the software running – it’s about why I did this project at all. I mean, I could have just used the standard router the ISP issued me – and that was working very well before this project.

The first reason: fun! There’s something about setting up your own stuff to work the way you want it to – having ultimate control over everything to the point where you mess everything up and spend hours and hours troubleshooting. That, for me at least, is fun! It’s why I like Linux, it’s why I build my own PCs, its why I built my network from scratch. I believe it’s fine to break stuff by fiddling, as long as you can work out how to put it right again and learning along the way!

The second reason: security. OPNsense is updated on a regular basis with bug fixes and security patches:

alltheupdates.png

I bet there isn’t a single router anywhere on the planet that gets updated 4-5 times a month! You even get a full description of what goes into each update, rather than a generic “security fixes” reason that you would get from the likes of, for instance, Netgear.

The third reason: configuration. There are lots and lots of settings in this thing… many of which I don’t know what they do. That adds to the fun aspect of reason #1, but also gives you the ability to fine tune how you want things to behave. There is a very steep learning curve, and it took me a good while to figure out how to forward ports even! It gives you a level of control you won’t get from any off-the-shelf router.

The fourth reason: privacy. This seems to be getting more and more important as time goes on, and VPN’s are becoming more and more ubiquitous. You can use this to tunnel everything on your network through a VPN provider transparently, or only certain parts of your network. One big privacy-centred feature for me is being able to use DNS-over-TLS – where DNS requests that are typically unencrypted become unreadable by, for instance, your ISP or government. Future privacy-related content to come soon!

The fifth reason: reliability. I’ve had this setup running for over two months and not once have I had a problem with connectivity (except for ones I caused!). I’ve had many different routers in the past from ISPs and third-party companies in the past – not one hasn’t required me to reboot it every-so-often. Virgin Media routers especially are notorious for being unstable (in my own experience). Instead of having one box with a combined router, switch and WiFi access point, I have separated everything.

20180331_015340(0)

This separation means that if one bit stops working (often the WiFi bit, for instance) then that part can be rebooted without affecting other parts of the network.

Those are the top five reasons I did this – and the reward is so worth the effort and headache. Let’s go through what disadvantages I can think of:

  • Cost. The ISP-router was free. All in, this cost me just shy of £200 (though I did have a fair few bits lying around that I could use).
  • Power consumption (more detail here). It’s low – but not as low as a normal router.
  • Not being something that “just works”. This took a lot of setting up, and didn’t “Just work” for me.
  • The steep learning curve. I’m not a newbie when it comes to networking, and even for me this was a challenge. If you’re new to networks and all you’ve ever done is forward a port through a Belkin router, then this is not for you (unless you like a challenge and want to learn something – then it is definitely for you).

Would I do this again? Absolutely. I don’t think I’ll need to for a long while – this thing is so overkill its hilarious. I’ve yet to properly benchmark it but just based on the CPU and RAM usage – it’s barely even lifting a finger.

To conclude – I am very happy with this router. It’s far exceeded my expectations with what it is capable of, and I am slowly learning about what it can do. It feels like I discover something new each time I go into the admin panel and poke around – there’s a reason there are courses people go on to learn all this stuff. I mentioned before there will be future content on stuff it can do – so stay tuned!

09
Apr
2018

The 2016 NAS: two years in!

Time really does fly… Its been two years now since I set up the 2016 NAS.

The NAS is in its new home in the equipment rack (TV stand edition) – and fortunately for me and perhaps unfortunately for you I don’t have much to report.

The hard drives have been absolutely fantastic. They haven’t even batted an eyelid – still serving files just as well as the day I got them. The underlying OS, Rockstor, has been okay. I’ve had to redo some configs with regards to scheduled tasks but other than that its been grand!

I’ve been scrubbing the volume once a month and so far there hasn’t been any corruption. Maybe the usage of ECC RAM has helped – but there are no signs of any of the drives dying just yet.

The volume itself is getting a bit full now so I am tempted to expand the storage to 12TB by throwing in another 4TB drive and balancing the array. The prices of hard drives have come down slightly in price for 4TB drives but now 8TB drives are better value.

Its tempting to replace them all with 8TB drives to double the space but there isn’t anything wrong with the 4TBs. I’ve decided I don’t need so much on the NAS, so I have been removing/compressing old data and recovering space that way.

The snapshot functionality of btrfs has been a lifesaver too – I was running a Minecraft server and the save file got corrupted. Usually you’re stuffed, but I was able to roll back a snapshot from a few hours before and it was recovered!

Just a short one – I’m looking out for 4TB Seagate NAS drives on sale… Maybe there will be an upgrade post coming!

08
Apr
2018

FreeBSD: pfSense and OPNSense on Apollo Lake – Issues

Time to dig into some of the gremlins I came across when setting up my shiny new router and ultimately why I settled with OPNSense (and not pfSense).

20180330_170235

I intended to install pfSense since it was the one I had heard about the most as being the “bread-and-butter” of routing platforms. I was aware of other softwares such as m0n0wall or even going through and using a VM running the Unify controller software from Ubiquity on it – but ultimately I wanted to run pfSense as a starting point.

The system I am using is as follows:

  • Gigabyte GA-J3455N-D3H motherboard
  • Intel Celeron J3455 1.5-2.3GHz (Apollo Lake)
  • A SanDisk 32GB USB3 drive that I had lying around for the OS
  • 4GB DDR3L-1600

20180330_170435

I’ve read that you should only use Intel network interface cards (NICs) when setting up any FreeBSD-based box – I had a lot of issues finding reasonably priced boards featuring AES-NI, Intel NICs and a low power SoC – it’s like I had to pick two out of the three. I ended up taking a punt and trying out the J3455N to see if it’s Realtek-based NICs would at least handle my 80/20 connection.

I remember seeing somewhere that AES-NI was going to become mandatory for new versions of pfSense – so this was a feature I really wanted. Older boards (a lot based on the J1900) don’t support it – so I needed to go with something new. The low cost was also quite important since I had RAM and a USB install drive on hand. The main downside of this board is for some inexplicable reason, the one expansion slot is PCI. Not PCI-E – meaning I can’t use it for a dual gigabit Intel NIC in case the Realtek ones don’t work.

As with Ryzen, new hardware typically has “growing pains” – and this is exactly what I had with FreeBSD. pfSense and OPNsense both were very sensitive to BIOS settings – in a way I had not quite seen before. For starters, the board would not boot either pfSense or OPNsense with its default BIOS settings. This is a problem – meaning when (not if) the BIOS battery goes flat it’ll render my box unbootable and I’ll have to put it right again.

Okay, so I found that I still couldn’t boot pfSense – the system would freeze and the last line would always be:

Timecounter “HPET” frequency 19200000 Hz

This was weird – I had to select option 3 on the pfSense/OPNsense boot menu and enter the following commands:

set hint.hpet.0.clock=0
boot

And then it would boot normally. Except then I had a lot of other problems trying to shoehorn pfSense onto the install USB drive – the system would randomly hang.

I tried both the ISO and USB installer images of pfSense – I could not get it to install. I even tried an older version of pfSense to see if that would be any better – it wasn’t. I ended up stumbling across OPNsense as being a viable alternative (since a lot of other people also encounter issues installing pfSense from the looks of things).

So then I used the ISO version of OPNSense and “burned” it to a USB drive for booting – which worked just fine except I still encountered the HPET error and enter the same commands as before into the boot screen to get it to boot. I was finally able to install the base system to the boot USB and actually have the router booting the install. Except for the fact that each time the system was booted it would hang on the same HPET error – then I would have to reboot and go through the whole sequence of pressing 3, and entering the commands as above.

Clearly not a viable way of moving forwards with this – I hadn’t even got to setting up the network yet! I finally discovered that in order for FreeBSD-based OS’s to boot on Apollo Lake, you need to edit /boot/loader.conf.local and add hint.hpet.0.clock=0 into the config file. Once that was done, the system could then boot without intervention and I could then setup my network.

Opensense

It turns out that the Realtek 8111G NICs work fine – at least with my internet connection. I don’t see very much CPU usage (averages 0.2% over a period of months).

20180204_172404

Then I noticed something odd. The throughput readings were always through the roof on the router – for instance, I would be downloading a game through Steam at say, 7MB/s (55-60 Megabits) and the router would report it as being way over 200 megabits! This was very weird – but maybe it was adding up the values of multiple interfaces. I didn’t think too much of it – then I noticed that the clock was running really really fast on the router. It would boot and be almost correct, but after ten minutes it would be minutes fast.

This was clearly an issue with the “HPET” so to speak – from what I can tell it seems to influence the clock in certain systems. Something was clearly out of whack and I couldn’t work it out. The network worked fine – I was getting good performance and low ping times so I really wasn’t sure what was going on.

I did some more digging, and found a post online about Legacy Mode in the BIOS. I hadn’t touched this yet, and thought it was worth a shot. And then, bingo. Clock works properly, and now the BIOS buzzer actually beeps when OPNsense is booted! It’s like all the weird issues I was noticing had disappeared, and I wished I had spotted it sooner. The throughput readings also reported correctly too! Maybe pfSense would have worked now, but I was getting quite impressed with OPNSense at this point and I couldn’t be bothered going back to trying to install pfSense again.

So now it seems to be rock solid! There still lies the issue of the BIOS battery going flat and rendering it unbootable, but at least now I know (and I can refer to this blog post in the future) how to fix it and get it working again. The system keeps up well with my 80/20 connection, and I may have to find a way of benchmarking it to see how it could handle way faster speeds.

WhatsApp Image 2018-03-30 at 16.32.39

CPU temperatures are kept well in check – never exceeding 50 degrees even! You can tell it’s passively cooled since you can see the cycling of the central heating and when I left the heating off when I went on holiday.

WhatsApp Image 2018-03-30 at 16.28.35

And from the looks of it, the average CPU usage seems to be below 0.2% – even when I’m hammering the internet it doesn’t seem to even reach 0.5%! So yeah – a quad core is total overkill for routing jobs. 4GB RAM is also ridiculous… only 15% of it is actually used. I have enabled the tmpfs options in OPNSense for things like log files to keep the USB drive from being constantly pummelled.

This took me about two weeks to get going properly – with many late nights of googling and trying many different things. The main things to do for Apollo Lake are:

  • Enable Legacy Mode in the BIOS
  • Press 3, and type “set hint.hpet.0.clock=0” into the console for installation
  • add “hint.hpet.0.clock=0” into /boot/loader.conf.local

And then it works great! It’s time to delve into how to actually set up the bloody thing…

04
Apr
2018

An Overview of my Home Network

I must admit that it is nice to have ultimate control over your network. I was not happy with the limited control that comes with ISP routers – it was time to step things up with a reliable setup.

So behold! Below is my slightly over-complicated network setup:

Network Map

So let’s start at the Internet jack in the living room. I have a phone table on which there is a Netgear DM200 modem:

51EJ-xOdVCL._SL500_AC_SS350_

This is a cheap and simple modem that takes a VDSL/2 signal and chucks it down a 15m ethernet cable that snakes around to the study. Once I’ve disabled the routing mode of the modem and setup the internet connection, it can be plugged into one of the ports on the OPNSense router.

From there it gets, well, routed and sent over to my TP-Link SG108E Gigabit Smart Switch:

2511728-l-a

This is an 8-port switch that has some additional capabilities – such as being able to set up VLANs or do things like link aggregation (the NAS now has a 2Gbit link). This switch connects the NAS, printer, PC and WiFI access point, which is a Netgear AC750 Access Point that plugs into the wall. It provides plenty of WiFi around the flat at pretty decent 802.11ac speeds.

For the smart TV and Steam Link I am passing the local network over to the living room via TP-Link 1200Mbps PowerLine. The wiring in this flat is quite new so the PowerLine link is very good – meaning I can use the Steam Link to stream games to the TV from the PC as if I was playing them directly on the PC.

20180331_015340(0)

This is a shot of the wall sockets in use – the equipment “rack” is connected to the power meter on the left, and the 1200MB Mbit PowerLine with the AC750 WiFi access point on the right.

I like this setup since its compact and still provides easy access to power buttons. The other end of the PowerLine link comes out behind the TV, which then plugs into a very basic 10/100 Mbit switch that supplies the TV and Steam Link (which are both 100 Mbit devices anyway).

IMG-20180211-WA0003

Above you can see the equipment “rack” (an old TV stand) with the gear all set up. This was taken when I was using a different WiFi access point that proved to be too flaky, so I moved to the Netgear AC750. The printer is a Brother MFC-J5910DW I got from a friend – totally overkill for me but it works and is networked in!

The bottom shelf has the router and switch, the middle holds the 2016 NAS and on top is the massive printer.

This has been a very fun project to put together – and it works very nicely. Aside from my own blunders, this has been rock-solid. If I had to improve something – I should have got a 16-port switch instead of the 8. I have used up every port so if I want to host a LAN party then I have to unplug things… not ideal!

Fortunately I can just use the ethernet cable running to the PC (which is fairly long) and use yet another switch!

Though… thinking about it… I could also jump on the 10 Gbit bandwagon at some point! NICs still need to come down in price a little bit before I go down that road! Maybe in the future – but for now regular 1 gigabit is fine.

That’s all for now! Let me know what you would add/improve in the comments!

03
Apr
2018

Ryzen: DDR4-2933 Finally Working

Finally! This has taken way too long – a recent BIOS update has finally fixed a long-term issue I have had with Flammenwerfer, my Ryzen 1700X rig: I was stuck running at DDR4-2666.

I updated to v4.50 from the ASRock site and I now can run DDR4-2933 with no issues!

2933

Since 2666 was already quite fast, I haven’t noticed much performance difference from day-to-day tasks – except in one application: HandBrake.

Before, I would get, for instance, 50-60 FPS when converting to H265. Now I’m easily getting 80-100 FPS for similar videos. Not going to complain!

It is pretty much exactly one year since Ryzen was released and from when I built this Ryzen 7 1700X I am writing this on – it is good to see how far the development of the Ryzen architecture has come over the past while.

It is rumoured that the 2000 series of Ryzen chips will have way better memory performance and higher clock speeds – maybe I will need to upgrade if the difference is large enough!

02
Apr
2018

The 2018 Router – Power Consumption

So then – the build is done. There are a few questions that need to be answered though, and today we will go into the power consumption of this router.

Of course, this is a custom build based on a PC architecture – it’s not going to be at the levels of a typical router that you would get from your ISP. But… just how low is it?

Firstly, let’s address what tames the 230VAC to a much more manageable 12VDC:

Now, I’ve got to admit I went a bit over the top with this bit. This is a 150W adapter that will output 12.5A of 12V DC. I can safely be assured that my new router won’t even approach a tenth of that… but it is an FSP unit with solid build quality and efficiency. I had some ideas for the future to build a 12V UPS using a battery and some circuit modules – things like the router and modem could run off the 12V battery for a decent length of time, and this chunky 12V power brick would be good for charging up the battery.

So this get’s 12V into the system. Obviously PC’s don’t just use 12V – there are all these pesky other voltages like 5V and 3.3V. Some motherboards have onboard power conversion but mine doesn’t – so I need something to convert it to all the voltages I need.

Step in the picoPSU-150-XT. This is a very small adapter that plugs into the 24-pin ATX connector and supplies all the other voltages the system needs. A main 12V DC feed comes in and 12V, 5V, 3.3V etc come out, with extra connectors for things like the CPU header, Molex and SATA drives.

I figured I had a 150W power brick, so why not get a 150W picoPSU as well? The nice thing is, that if it manages to last a decent amount of time – I would consider getting these parts again for the 2016 NAS if the PSU in that decided to pack it in. It’s got plenty of capacity to run my entire NAS 24/7 with decent efficiency. For now though, it’s going in the router.

Something to be careful of – eBay is a great source for these items (I got this kit) but there are a lot of knockoff items floating about that may ruin your day. I spent a bit extra getting the “good stuff” since this router is the most critical part of my network – nothing works without this working at 100%.

The picoPSU is installed in the case as shown above – the kit I got came with an adapter for the FSP PSU that also fits the case perfectly. The extra connector with Molex and SATA attached is not needed so I have detached it and stored it away.

That’s the power delivery – now let’s see how well it works!

43.5W is our baseline reading on the power meter. This is just the NAS, switch and printer connected – lets plug in and boot the router to see what it uses:

43.5W to 53.6W – that’s 10.1W of power usage. For the average electricity price in the UK, that’s around £10-£11 per year. Not quite as low as a router you would get from your ISP, but then again it’s not bad! I wouldn’t be surprised actually if routers do exist with similar or higher power consumption.

For the control and performance you get, 10W is very respectable when you consider that it’s a quad core router! My internet connection is a 80/20 VDSL link – it handles it with ease and could probably manage much, much larger connections.

Speaking of performance – stay tuned!

01
Apr
2018

The 2018 Router – The Motherboard

Now we’re getting into the meat of this project – the single, absolutely most important part of any router: The Motherboard!

This is the Gigabyte GA-J3455N-D3H – a Mini-ITX board with a soldered Intel Celeron J3455 which runs up to 2.3GHz at maximum turbo. This is a quad core part using the Apollo Lake architecture. It is considerably more powerful than the Bay-Trail based N2830 chip that was in my Intel NUC.

This board is by no means a server-oriented board, but it is the only one I could find at a reasonable price that had:

  • A passively cooled CPU that supported AES-NI
  • Two gigabit LAN ports
  • Support for DDR3L SODIMMs – I had old RAM lying around I wanted to use
  • Reasonably good build quality (eg solid capacitors).
  • Low power consumption
  • A low-end soldered CPU. Routers really don’t need much horsepower.

That first bullet point is critical for the latest versions of pfSense and OPNSense. A lot of other boards I considered all ran J1900 parts which don’t support AES-NI. I wanted this system to run the latest versions of software for security purposes – and being stuck at an old version was not an option for me.

On the rear you get a decent selection of IO – PS2 ports, 2x Serial ports, VGA and HDMI, two gigabit LAN ports, two USB 2.0 and two USB 3.1 Gen 1 ports alongside basic audio outputs. The video output ports are perfect for the initial setup of the box.

You get two 1.35V DDR3L slots (good for power consumption), four SATA 6 Gbit/s ports, a USB 3.1 Gen 1 header and two USB 2.0 headers. There are also things like TPM headers and naturally the front panel headers. Present there is also a 24-pin ATX header along the right hand edge and a 4-pin CPU power header (though I’m not sure why this is needed – some other low-power boards don’t seem to bother with this).

The onboard buzzer is quite loud – which is annoying when the board starts up. It is very useful, however, for pfSense and OPNSense to notify you when the system is booted, and when the system is powering down.

There was one, glaring issue with this board that really made me worried about using it… the two gigabit ethernet ports run off Realtek controllers. For FreeBSD-based things like pfSense and OPNSense you really want Intel based NICS.

Fortunately, for this board, the NICs work perfectly with OPNSense. They show up and work just fine – and the performance is very good (more on this in future articles). I must admit I was relived to see them working without manually shoehorning in drivers – otherwise the board would have been returned to sender!

What’s it like whilst its running – I hear you ask? Does that puny heatsink and case ventilation mentioned yesterday do enough to cool that 10W monster of a CPU? Well, yes actually. During normal routing duties I don’t see anything above 47-48 degrees C, and so far after two months not once has it let me down. It’s been absolutely rock solid running OPNSense – though I had a lot of challenges getting the install completed… that’s a saga meaty enough for it’s own post! I could not for the life of me get pfSense installed – so I moved to OPNSense (which is basically the same thing).

So finally, time to conclude my experience using this board as my routing platform over the last couple of months:

The good:

  • It meets my requirements as discussed earlier
  • Considering it includes a CPU, it is well priced (~£80)
  • Excellent build quality
  • Silent operation
  • Sips power

And the not-so-good:

  • Realtek NICs – not the best for pfSense and OPNSense.
  • No ECC support… not the end of the world though
  • BIOS buzzer really goes wild at boot with no keyboard, mouse or screen attached
  • Not server-grade – something you want with critical 24/7 equipment.
  • pfSense wouldn’t play ball at all
  • OPNSense was a bit tricky to get installed and needed some crowbar-ing

So yeah – it’s worked out to be a good board for OPNSense once the install is done. That’s the most headachey part of this project – getting the OS installed. After that – it’s been smooth sailing. More to come on performance, power and the software!