OPNsense build

OPNsense build

It took a while to find an affordable, powerful router that can handle 500Mbit with a somewhat up to date BIOS so I thought I’d share. The router will connect two homelabs using VPN.

Hardware

Component Name Price
CPU Intel Core i3 9100F 76,0€
Memory Crucial DDR4 2x8GB 2400 68,95€
Motherboard Intel Gigabyte B360N WIFI 107,95€
Storage Crucial SSD P1 500GB M.2 59,90€
Case Antec ISK110 VESA-U3 Desktop 90W 102,95€
Cooling Intel Stock cooler 0,0€
Total 419,70€

The I3 9100F lacks an integrated GPU, thus if you want to configure the device, you’re forced to use an external graphics card. I had one laying around and decided it was worth saving 30€.

The motherboard is interesting because it has two Intel NICS. One Intel I211 and a I219-V. Here is the hw probe output (not from my machine):

BUS ID / Class Vendor Device Type Driver Status
PCI	8086:3e91: 1458:d000 » / 03-00	Intel Corporation	8th Gen Core Processor Gaussian Mixture Model	graphics card	i915	works
PCI	8086:a348: 1458:a182 » / 04-03	Intel Corporation	Cannon Lake PCH cAVS	sound	snd_hda_intel	detected
PCI	8086:1539: 1458:e000 » / 02-00	Intel Corporation	I211 Gigabit Network Connection	network	igb	works
PCI	8086:15bc: 1458:e000 » / 02-00	Intel Corporation	Ethernet Connection (7) I219-V	network	e1000e	works
PCI	8086:a370: 8086:0034 » / 02-80	Intel Corporation	Wireless-AC 9560 [Jefferson Peak]	network	iwlwifi	works
PCI	8086:a352: 1458:b005 » / 01-06-01	Intel Corporation	Cannon Lake PCH SATA AHCI Controller	storage	ahci	detected
PCI	8086:3e1f: 1458:5000 » / 06-00	Intel Corporation	8th Gen Core Processor Host Bridge/DRAM Registers	bridge		detected
PCI	8086:a308: 1458:5001 » / 06-01	Intel Corporation	ISA bridge	bridge		detected
PCI	8086:a330: 1458:5001 » / 06-04	Intel Corporation	Cannon Lake PCH PCI Express Root Port #9	bridge	pcieport	detected
PCI	8086:a33d: 1458:5001 » / 06-04	Intel Corporation	Cannon Lake PCH PCI Express Root Port #6	bridge	pcieport	works
PCI	8086:a360: 1458:1c3a » / 07-80	Intel Corporation	Cannon Lake PCH HECI Controller	communication controller	mei_me	detected
PCI	8086:a36f: 8086:7270 » / 05-00	Intel Corporation	Cannon Lake PCH Shared SRAM	ram memory		detected
PCI	8086:a324: 8086:7270 » / 0c-80	Intel Corporation	Cannon Lake PCH SPI Controller	serial bus controller		detected
PCI	8086:a379: 1458:8888 » / 11-80	Intel Corporation	Cannon Lake PCH Thermal Controller	signal processing controller	intel_pch_thermal	detected
PCI	8086:a323: 1458:5001 » / 0c-05	Intel Corporation	Cannon Lake PCH SMBus Controller	smbus		detected
PCI	8086:a36d: 1458:5007 » / 0c-03-30	Intel Corporation	Cannon Lake PCH USB 3.1 xHCI Host Controller	usb controller	xhci_hcd	detected
USB	8087:0aaa » / e0-01-01	Intel Corp.	Bluetooth Device	bluetooth	btusb	detected
USB	1d6b:0002 » / 09-00-00	Linux Foundation	2.0 root hub	hub	hub	detected
USB	1d6b:0003 » / 09-00-00	Linux Foundation	3.0 root hub	hub	hub	detected
USB	046d:c52e » / 03-01-01	Logitech, Inc.	MK260 Wireless Combo Receiver	keyboard	usbhid	detected
EISA	sky-sky0104 »	SKY	TV-monitor SKY0104 1920x1080 885x498mm 40.0-inch	monitor		works
SYS	american-megatrends-f1-03-06-2018 »	American Megatrends Inc.	BIOS F1 03/06/2018	bios		works
SYS	intel-6-158-11-core-i3-8100 »	Intel	4x Core i3-8100 CPU @ 3.60GHz	cpu		works
SYS	gigabyte-b360n-wifi-cf-x-x »	Gigabyte Technology Co., Ltd.	Motherboard B360N WIFI-CF x.x	motherboard		works
IDE	wdc-wd10ears-00mvwb0 [A45] »	WDC	WD10EARS-00MVWB0 1TB	disk	ahci, sd	detected

The M.2 slot is on the back of the board.

Once everything is configured this motherboard will boot headless just fine (some motherboards require a GPU to be present!).

Build

Download the amd64 serial image from https://opnsense.org/download/, using Rufus you can write the image to a USB drive. I’ve installed all necessary components outside the case, that way I can also use a graphics card for the initial setup.


The only odd thing I found Is you cannot update the BIOS from the default menu, during startup you need to press the END key to enter the BIOS flash utility. Once there you can select the unzipped BIOS from a NTFS formatted drive.

In addition, I’m happy to report that the following hardware offloading capabilities work:

  • Hardware CRC (checksum offload)
  • Hardware TSO (TCP segmentation offloading)

Hardware LRO (large receive offloading) seems to be missing from the Intel NICS.

You can’t use these features when enabling IPS!

Power Usage

I’m still waiting for my power meter… the brick is cold to the touch but I want to make sure it doesn’t catch fire under load. I’ll post the results once they’re in.

Update, the average wall power draw for the system is around 15 watts.

Benchmarks

Here are the preliminary results taken from my desktop:
Single stream (not sure yet where the bottleneck is, might be my desktop):
ResultSingle

Multiple streams

Previous candidates

  • Protectli Vault 6 (Wasn’t able to find BIOS update and lacks single threaded performance compared to this setup)
  • AsRock 4X4 BOX-V1000M (Dual Realtek NIC, might not play well with pfSense. Still an awesome little box)

In conclusion, I’m pretty happy with this little box and I hope you enjoy builds like this.

3 Likes

Great build log! Nice build! (Me kinda jealously looking at my ASRock J3355 together with an HP 4 Port gigabit-card sitting on top of a jerry rigged piece of metal :joy:)

This topic was automatically closed 273 days after the last reply. New replies are no longer allowed.