You choosing OPNsense or PFsense?
Also if you chose OPNsense it will likely be installed from the factory
Novasty would be the pf expert
I would be the one to ask about opnsense.
There guide is good on installing OSes. follow it to the tee… and you will have no issue
Ok, I’m good with OPNsense I believe. I’ll read up on both while I wait.
I can follow tech docs no problem as long as they are detailed. It takes some time, but I can figure it out and just look up things I have questions on or terms I have problems with.
They are pretty solid. I dont think you will have an issue. I didnt. The only issue I had was ordering hardware separately and coreboot being pickier than I liked
Yeah seemed good, I only saw a few reviews that touted the ram and SSD they use are shite… I think its a grumpy person multiple times. People are way more likely to review negatively than positively…
So, time will tell, but I’m fairly good hardware wise so any issues I’m sure I can diagnose and overcome or re-engineer to suit my needs.
Honestly I need to find more to do with my hardware as well… I know I can do more I just need to figure out what…besides plex and pi-hole lol
Its a firewall
If your complaining about your CAS latency and SSD on a home firewall. You got problems m8 
Oh for sure, no they were saying only certain models were compatible and the ones that came with it from factory were “used” and the ram and SSD failed on him… I’m guessing there was something else wrong such as poor power supply or regulation possibly to take out both…or he stuck it in a small box stuffed with papers and exspected it to cool properly…you never know…
Actually I dont doubt that their model SSD and ram is white label to save cost. I didn’t do that
I bought my own msata (Kingston)
My own ram (crucial)
So I was able to kit out to 120 GB and 8 GB ram cheaper at the time. (Half price)
Excellent. Honestly shouldn’t matter as long as it boots and works.
Cheap China flash. It will do lol
Its just a firewall
dumb question…coreboot then OPNsense?
Yes. Which version did you buy. it should have come with coreboot
There was zip on it besides bios lol
Well, I thought I followed the directions to a T… I had this happen…
coreboot@2d3cbb582ec1:~/coreboot$ make
Skipping submodule '3rdparty/amd_blobs'
Skipping submodule '3rdparty/blobs'
Skipping submodule '3rdparty/cmocka'
Skipping submodule '3rdparty/fsp'
Skipping submodule '3rdparty/intel-microcode'
Skipping submodule '3rdparty/qc_blobs'
remote: Counting objects: 300, done
remote: Finding sources: 100% (7/7)
remote: Total 7 (delta 3), reused 7 (delta 3)
Unpacking objects: 100% (7/7), done.
From https://review.coreboot.org/9esec-security-tooling
+ 6a9b00a...4b22200 feature/BootGuard -> origin/feature/BootGuard (forced update)
error: Server does not allow request for unadvertised object 6682883ba2dffb6a08ff4589590320e60ddf1f18
Fetched in submodule path '3rdparty/intel-sec-tools', but it did not contain 6682883ba2dffb6a08ff4589590320e60ddf1f18. Direct fetching of that commit failed.
Cloning into '/home/coreboot/coreboot/3rdparty/cmocka'...
fatal: destination path '/home/coreboot/coreboot/3rdparty/blobs' already exists and is not an empty directory.
fatal: clone of 'https://review.coreboot.org/blobs.git' into submodule path '/home/coreboot/coreboot/3rdparty/blobs' failed
Failed to clone '3rdparty/blobs'. Retry scheduled
fatal: destination path '/home/coreboot/coreboot/3rdparty/blobs' already exists and is not an empty directory.
fatal: clone of 'https://review.coreboot.org/blobs.git' into submodule path '/home/coreboot/coreboot/3rdparty/blobs' failed
Failed to clone '3rdparty/blobs' a second time, aborting
Cloning into '/home/coreboot/coreboot/3rdparty/intel-microcode'...
Cloning into '/home/coreboot/coreboot/3rdparty/fsp'...
#
# configuration written to /home/coreboot/coreboot/.config
#
HOSTCC util/sconfig/lex.yy.o
HOSTCC util/sconfig/sconfig.tab.o
HOSTCC util/sconfig/main.o
HOSTCC util/sconfig/sconfig (link)
SCONFIG mainboard/protectli/vault_bsw/devicetree.cb
CC bootblock/mainboard/protectli/vault_bsw/static.o
In file included from src/include/program_loading.h:6,
from src/drivers/intel/fsp1_1/include/fsp/util.h:10,
from src/soc/intel/braswell/chip.h:13,
from build/mainboard/protectli/vault_bsw/static.c:5:
src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h:7:10: fatal error: vb2_sha.h: No such file or directory
#include <vb2_sha.h>
^~~~~~~~~~~
compilation terminated.
make: *** [Makefile:379: build/bootblock/mainboard/protectli/vault_bsw/static.o] Error 1
coreboot@2d3cbb582ec1:~/coreboot$
Help…lol
It looks like it failed because there was a '/home/coreboot/coreboot/3rdparty/blobs'
… but I had to have that directory to put the VGA drivers in like the manual said so I created those directories…
Oh and I’m following https://protectli.com/wp-content/uploads/2020/11/coreboot-building-guide.pdf
Wait…can I just use the fw4b_v4.12.0.3.rom file at the bottom of the guide source website below and skip having to build the coreboot myself???
Not much luck here with this today… I retraced my steps triple checked everything down the line of directions and still no dice.
Hoping maybe we had the same issue and ya can give me a hand with this one. Otherwise I may just do the firewall sans coreboot.
I got mine off Amazon so didn’t have same options as website to have coreboot installed sadly. What I get for trying to save a buck. Lol
Give me the model name and number. Only certain revisions of hardware bought from them can do coreboot
It was a busy AF day at work. I’m gonna sit down for some pizza. I’m available for a bit this afternoon
Yeah dont build coreboot. they built it for their devices already
@Dynamic_Gravity so single points of failure
I have two internet connections. I dont want to round robins but rather fall back… With the T-Mobile (solid 5G signal)
Uhm so should I be worried more about SPOF in house or SPOF external? Because I was thinking multiple linode cheap droplets for load balancing? Also all in different locations. I figure I’ve got a 25 dollar a month budget for VPS lol that’s 5 locations.
I was thinking a couple in north america… 1 in Europe… 1 Asia. 1 Australia given my travels?
I would say internally. Any service you buy typically has an SLA for some kind of uptime at will already have some internal redundancy.
Digital Ocean uses droplets, lmao. Linode just calls them nodes. 
Or you could just buy an LBaaS and point it at your house. That’s more or less what I do.
sorry ive used every service… I just literally interchange now
tell me more…
Got ya so invest in UPS and stuff and starlink when it comes around 