OPNsense build
It took a while to find an affordable, powerful router that can handle 500Mbit with a somewhat up to date BIOS so I thought I’d share. The router will connect two homelabs using VPN.
Hardware
Component | Name | Price |
---|---|---|
CPU | Intel Core i3 9100F | 76,0€ |
Memory | Crucial DDR4 2x8GB 2400 | 68,95€ |
Motherboard | Intel Gigabyte B360N WIFI | 107,95€ |
Storage | Crucial SSD P1 500GB M.2 | 59,90€ |
Case | Antec ISK110 VESA-U3 Desktop 90W | 102,95€ |
Cooling | Intel Stock cooler | 0,0€ |
Total | 419,70€ |
The I3 9100F lacks an integrated GPU, thus if you want to configure the device, you’re forced to use an external graphics card. I had one laying around and decided it was worth saving 30€.
The motherboard is interesting because it has two Intel NICS. One Intel I211 and a I219-V. Here is the hw probe output (not from my machine):
BUS ID / Class Vendor Device Type Driver Status
PCI 8086:3e91: 1458:d000 » / 03-00 Intel Corporation 8th Gen Core Processor Gaussian Mixture Model graphics card i915 works
PCI 8086:a348: 1458:a182 » / 04-03 Intel Corporation Cannon Lake PCH cAVS sound snd_hda_intel detected
PCI 8086:1539: 1458:e000 » / 02-00 Intel Corporation I211 Gigabit Network Connection network igb works
PCI 8086:15bc: 1458:e000 » / 02-00 Intel Corporation Ethernet Connection (7) I219-V network e1000e works
PCI 8086:a370: 8086:0034 » / 02-80 Intel Corporation Wireless-AC 9560 [Jefferson Peak] network iwlwifi works
PCI 8086:a352: 1458:b005 » / 01-06-01 Intel Corporation Cannon Lake PCH SATA AHCI Controller storage ahci detected
PCI 8086:3e1f: 1458:5000 » / 06-00 Intel Corporation 8th Gen Core Processor Host Bridge/DRAM Registers bridge detected
PCI 8086:a308: 1458:5001 » / 06-01 Intel Corporation ISA bridge bridge detected
PCI 8086:a330: 1458:5001 » / 06-04 Intel Corporation Cannon Lake PCH PCI Express Root Port #9 bridge pcieport detected
PCI 8086:a33d: 1458:5001 » / 06-04 Intel Corporation Cannon Lake PCH PCI Express Root Port #6 bridge pcieport works
PCI 8086:a360: 1458:1c3a » / 07-80 Intel Corporation Cannon Lake PCH HECI Controller communication controller mei_me detected
PCI 8086:a36f: 8086:7270 » / 05-00 Intel Corporation Cannon Lake PCH Shared SRAM ram memory detected
PCI 8086:a324: 8086:7270 » / 0c-80 Intel Corporation Cannon Lake PCH SPI Controller serial bus controller detected
PCI 8086:a379: 1458:8888 » / 11-80 Intel Corporation Cannon Lake PCH Thermal Controller signal processing controller intel_pch_thermal detected
PCI 8086:a323: 1458:5001 » / 0c-05 Intel Corporation Cannon Lake PCH SMBus Controller smbus detected
PCI 8086:a36d: 1458:5007 » / 0c-03-30 Intel Corporation Cannon Lake PCH USB 3.1 xHCI Host Controller usb controller xhci_hcd detected
USB 8087:0aaa » / e0-01-01 Intel Corp. Bluetooth Device bluetooth btusb detected
USB 1d6b:0002 » / 09-00-00 Linux Foundation 2.0 root hub hub hub detected
USB 1d6b:0003 » / 09-00-00 Linux Foundation 3.0 root hub hub hub detected
USB 046d:c52e » / 03-01-01 Logitech, Inc. MK260 Wireless Combo Receiver keyboard usbhid detected
EISA sky-sky0104 » SKY TV-monitor SKY0104 1920x1080 885x498mm 40.0-inch monitor works
SYS american-megatrends-f1-03-06-2018 » American Megatrends Inc. BIOS F1 03/06/2018 bios works
SYS intel-6-158-11-core-i3-8100 » Intel 4x Core i3-8100 CPU @ 3.60GHz cpu works
SYS gigabyte-b360n-wifi-cf-x-x » Gigabyte Technology Co., Ltd. Motherboard B360N WIFI-CF x.x motherboard works
IDE wdc-wd10ears-00mvwb0 [A45] » WDC WD10EARS-00MVWB0 1TB disk ahci, sd detected
The M.2 slot is on the back of the board.
Once everything is configured this motherboard will boot headless just fine (some motherboards require a GPU to be present!).
Build
Download the amd64 serial image from https://opnsense.org/download/, using Rufus you can write the image to a USB drive. I’ve installed all necessary components outside the case, that way I can also use a graphics card for the initial setup.
The only odd thing I found Is you cannot update the BIOS from the default menu, during startup you need to press the END key to enter the BIOS flash utility. Once there you can select the unzipped BIOS from a NTFS formatted drive.
In addition, I’m happy to report that the following hardware offloading capabilities work:
- Hardware CRC (checksum offload)
- Hardware TSO (TCP segmentation offloading)
Hardware LRO (large receive offloading) seems to be missing from the Intel NICS.
You can’t use these features when enabling IPS!
Power Usage
I’m still waiting for my power meter… the brick is cold to the touch but I want to make sure it doesn’t catch fire under load. I’ll post the results once they’re in.
Update, the average wall power draw for the system is around 15 watts.
Benchmarks
Here are the preliminary results taken from my desktop:
Single stream (not sure yet where the bottleneck is, might be my desktop):
Multiple streams
Previous candidates
- Protectli Vault 6 (Wasn’t able to find BIOS update and lacks single threaded performance compared to this setup)
- AsRock 4X4 BOX-V1000M (Dual Realtek NIC, might not play well with pfSense. Still an awesome little box)
In conclusion, I’m pretty happy with this little box and I hope you enjoy builds like this.