After the recent ongoing bad experrience with Turris [Turris OS 6.0 aftermath - Community office - Turris forum] , I’ve decided too build a custom ‘PC’ that will be my next OpenWrt. I was looking into PfSense/OPNSense as well but it wouldnt be a good choice for me, as I need to use PPPoE. This is the partlist for what I’m considering currently:
Intel Core i3-12100F
ASUS PRIME Z690-P
Kingston KF548C38BBK2-16
Apacer AS2280P4 256 GB
Seasonic Core GC 500W Gold
Fractal Design Pop Air Black Solid
Noctua NH-P1
QNAP QXG-2G4T-I225
Total price is currently 853,20 €, preffer to shop at Alza [https://www.alza.sk/EN/].
Is this stupid? Should make some changes for something like this? I have experience with building PC but as far as networking, I’ve been always buying purpose built in past.
It still needs a GPU, won’t boot otherwise. So either you get a non-F CPU, put in a GPU, or get a server board like the Gigabyte MW34-SP0 Wendell did a video about.
Personally, I’d go with quite fans like one of the Scythe models, instead of a passive one. Below some airflow it will be virtually silent anyway, and I’m not a fan of hanging huge blocks of metal off the motherboard. You can always tune the fan speeds, worst case the CPU will throttle but still be silent.
Also, why the Z690 motherboard? H610 is trash, but B660 should more than sufficient, and you can either save some money or have a higher-tier board for the same price.
As for the SSD, I refuse to buy ones with three year warranties. Five or bust.
This mainly boils down to how OpenWrt works and is designed rather than the unfortunate outcome of TurrisOS.
But to answer your question,
Is this stupid? A bit harsly phrased but the answer leans a lot more towards yes than no. It’s a waste in pretty much every single way given its targeted workload.
Both pfsense and opnsense does PPPoE but there may be more efficient ways depending on your use case which may involve switch to FreeBSD (which both are based on).
Well, then I would probably just get the non-F SKU, as I’d rather avoid using GPU with a fan. And for the price of something like GT1030, I might as well get the non-F SKU.
I was considering a motherboard like that, specifically Supermicro MBD-X13SAE-F but thats a 600€ board.
If I’ll need a fan, I can always add it to the NH-P1 but if possible, I’d like to avoid them.
I didn’t choose that motherboard because it’s Z690 but because it has most PCIe slots I could use for network cards, as I need them. Not saying it’s necesaruly a smart way of choosing the motherboard but it was a coincidence it being also Z690. Yes, B660 as such would be sufficient for this.
I haven’t noticed SSD having 5 year warranty here, at least not by default. This why I’d rather take as much as I can from Alza, as I had some nasty warranties that were always pleasently resolved by them.
This was very much the fault of TurrisOS. Despite having auto-install and auto-reboot disabled, even with fresh install of TurrisOS 5.4.4, they forcefully install TOS6 without users approval.
I’ve already disabled updates completely but now any package installation is not possible. That can be done only if updates are enabled in some capacity.
Even when rolling back to 5.4.4, the bug from 6 persists, with SDIO WIFI 2.4 not working. At least internet is now working. I do wish I could put just OpenWrt itself on it but thats available only for Omnia, not for my Mox.
I’ve asked Deciso about their DEC675 - DEC850 and what kind of performance I might expect when using PPPoE. The response I’ve recieved was “My expectation is that it will be extremely difficult to reach over 600Mbps, but I don’t have real numbers unfortunately.”
I would like to dabble with OPNSense or PfSense, as it looks very intriguing to me but the PPPoE performance, or at least what I’ve heard about it, is the dealbreaker for me.
I really don’t know much about FreeBSD networking so I’m all ears for any suggestions and tips. I would rather avoid making a bad decision.
I specifically mention that Gigabyte, as it’s cheaper and DDR4 - ECC DDR5 UDIMMs are unobtainium right now.
All coolers need airflow. NH-P1 being passive is somewhat of a lie, as without case fans it’s cooling performance will drop. They even say so themselves:
Please also note that the NH-P1 strictly requires either a fanless PC case with good natural convection, an open benchtable-type setup or a PC case with fans in order to achieve its full performance.
Hey, you legitimately need those slots, period.
Nah, this SSD is three year. I’d go for a different cheap model which still has a five year warranty.
Due to what OpenWrt mainly targets there are some design decisions that doesn’t make migration easy or possible at all in some cases. There have been numerous occasions where you’ve more or less been forced to drop setups and install fresh. While I admire nic.cz’s commitment to make it as transparent as possible there are so many factors to consider that it makes it very hard to carry over existing configuration. The outcome isn’t surprising (to me) but unfortunate, I’m personally very reluctant to keep configurations between major releases irregardless of OS/firmware because of issues. That being said, this does also happen with enterprise hardware so I think you should cut them some slack. Give nic.cz another shot, they’ve been doing great so far given their promises about their products.
SDIO based Wifi is troublesome and on Marvell hardware it’s been considered “experimental” as far as OpenWrt goes. I would guess that they thought driver would improve by upstream and/or Marvell but it kinda went in the opposite direction instead. :-/
Ok, where? It’s not available anywhere I know of in Slovakia. Even doing quick search on German Amazon didn’t come up with anything. Also, why go for ECC RAM? I don’t think it’s needed in this scenario, is it?
Yes, thats why 1. I’ve chosen a case thats at least mesh on top and 2. chosen a ‘low’ power CPU ~55W peak. I dont expect any turbo boosting or anything like that, as is Noctua themselves disclosing it for this CPU.
If non-compatible configuration was the only issue, I would be fine. I would just install fresh. But the same issues are still there even with fresh install. Even that wouldn’t be that bad but forcing this update, on anything other than ‘Disable update’ is unacceptable. Even when I have done a fresh install of 5.4.4, set the update to manual approval and reboot delay to 3 days, it installed the broken 6.0.1 update and rebooted within 30 minutes on its own.
If you rely on your phone alarm, they push an update, install it and reboot your phone, without your prior consent, and now you alarm doesn’t work, you would never trust it again with alarm duty[or probably any critical duty].
Mistakes happen, fine, sure. But this is were the trust is gone now.
What is your workload? 2.5 Gbps routing? I see that QXD i225, which I’m also eyeing. Well, I’m using Linux on RockPro64, although OpenBSD and FreeBSD are preferred for router setups (the only reason I stuck with Linux is my WiFi USB adapter has no drivers in FreeBSD, let alone OpenBSD).
I have been running for many years now a pfSense box on an Asrock J3455M motherboard. There should be newer revisions with a Gemini Lake Celeron, but even the older Bay Trail Celeron will run 2.5 Gbps very well (I’ve ran quad gigabit and it can do much more, at some point I used all 4, the integrated NIC and another 1Gbps NIC, for a total of 6 ports).
I initially had 8GB of RAM on it, but used them on another build (using the same CPU and motherboard, lmao, was my main PC for about a year) and put in only 4GB dual-channel sticks. In all honesty, pfSense with all the modules I had to monitor traffic (like vnstat, which doesn’t work anymore, node_exporter etc.) never jumped over 512MB usage (currently sits around 300MB), I only put those because I got them for free, I would have gone 2GB of RAM (my current RockPro64 router sits at 108MB usage, since it’s headless and runs no web server, like pfSense does).
i3-12100+ is way too overkill for a router, unless you plan on doing a 10G build, or you plan to run snort or suricata on it full time (only on the WAN side). Go with something lower, save a buck (and some electricity). A 10W CPU is more than capable of handing 2.5Gbps routing.
As for the OS, I’m biased, I’d say people should get used to OpenBSD for routing, but you can run FreeBSD, OpenWRT, Alpine Linux or even Ubuntu if you’re so inclined to. I tend to avoid pfsense / opnsense nowadays, because of exaggerated hand-holding, but nothing wrong in-themselves with them.
Since I don’t have a Turris device myself I can’t test but I assume you have your MoX device connected to the Internet while downgrading? Given their forum post I suspect it might check for updates as soon as it boots and if its connected it’ll pull down updates before you’ve logged in and disabled (make sure the device is disconnected until you’ve disabled automatic updates). If that’s not that case I would encourage you to ping the dev team. Going from 19.X is a huge jump in more than one ways so there may be regressions in some scenarios espeically when it comes to wifi.
fwiw, there have been software updates on phones where the alarm have been non working …
Either way, OpenWrt’s upgrade path in general is rough compared to OSes not targeting low power embedded hardware so it’s up to you. Using a generic OS may suit you well but it does require network (firewall knowledge) and ability to manually configure software.
@ThatGuyB
Using the RockPro64 in that scenario would be interesting using something like mpd5 for PPPoE
I don’t have a heavy workload, at least not currently. I would be fine with only a gigabit but this 2.5G 4 port NIC was cheaper than any 1G 4 port NIC I’ve found here. It was cheaper and it does fit my needs and then some. I guess it counts as ‘futureproofing’.
What hardware would recommend? I’ve checked the RockPro64 and it looks very interesting but I wish it had at least 2x PCIe x4. But for the price, I suppose I could just get another one. And then another one, depending on my needs in the future.
As for the OS, I’ll bite. Why OpenBSD? I have no experience with it at all. Where would recommend to begin, for this purpose? And would it actually be viable with 1G/0.5G on WAN with PPPoE?
I’ve been using the recovery mode 4, use the image on USB or MicroSD and re-image the MicroSD with it. Even after it boots, it needs to first be authenticated, after which comes the update settings. When it’s off, everything works fine on 5.4.4[except the SDIO WIFI, even after downgrade]. I can live with spotty SDIO WIFI but non-functional WAN is a dealbreaker.
I know there have been software updates like that for the phones but not the specific scenario I’m describing here, which is my point.
Hmm… I somewhat excepted that setup but it was worth a shot.
Cabled wan sould defintely work but are you sure it’s the cabled part causing issues? If you temporarily disable wifi does it still reboot using 6.X?
Why would you need 2x PCIe x4? 1x PCIe 1.0 doesn’t bottleneck 1G/1G
I haven’t tried disabling wifi, didn’t see how or why would that help with wan. I did try my regular PPPoE and also DHCP on my tether phone, neither of it worked. On 5.4.4, both DHCP on tether phone and regular PPPoE work just fine.
Not for bandwidth, just for using 2 seperate NIC when I’ll need it[either as replacement or expansion]. Hence for my initial choice for that ASUS PRIME Z690-P. Among others, I plan a flash-based NAS next year[hopefully]
I suspect that you might experience driver crash(es) which can cause issues that you’re seeing despite not directly handling ethernet. You should see PPPoE issues by looking at the system log, you might also be able to catch crashing in kernel log (or whatever TurrisOS calls it) but it’s a matter of timing if it affects ethernet unless you have console access since there’s no video output.
You can get dual port or even quad port NICs so no need for another port (check compatibility first before getting a NIC) if you’re getting the RockPro64.
Because of its secure-by-default approach mostly, it serves as a good blank canvas with very little things to screw. Also has very good documentation and good examples in the man pages.
But anyway, this is just my bias. It’s not beginner friendly and involves reading the manual a lot, with not easy examples online to guide you (well, mostly because the man pages are better than the ones for Linux, so most users don’t have to ask questions).
Look for second hand HPE Intel quad gigabit port, those things are really abundant in Eastern Europe, should be easy to find around you too. I bought one for 28 euros a few years ago and worked flawlessly until today (and still keeps on working). I believe it was a HPE i340-T4 or something like that (at least I see i340 in dmesg in pfsense).
I have a RockPro64 2GB version as my router and another 4GB version running FreeBSD (for native, no-hassle ZFS) that will soon be a NAS (after I finish with the wiring, I went the route to do my own cabling for the drives, as I didn’t feel like trusting the 12v to 5v converters provided by Pine64 with the official case, which btw, ain’t that great, I can expand if anyone wants to hear).
Again, you can’t go wrong if you go with something akin to the Asrock J3455M.
The official parts list isn’t full, those were just the things that were tested on it. Besides, the list is mostly for Linux, if you check the FreeBSD driver list, you will know if things will work on not. And just because they don’t out of the box, a fix should be pretty easy to get (I had to add a driver from github on my router for the Realtek 88x2bu WiFi 5 USB dongle (I bought it because it was supposed to be the only one compatible with Android, so I thought it should run on Linux OOTB, but it wasn’t that hard to make it work, just too bad I couldn’t use a BSD because of it).
For me, I just yolo’ed it and went with a rando 6-port SATA card from StarTech, which worked ok (I forgot the chipset, but SATA usually just works - except the official RockPro64’s SATA card, which, at least back when I looked at it, used to not work with the RockPro64 at all, no matter what Linux distro you used, not sure about it now). I’m planning to test that i225 from qnap (the 2-port one) when I get the chance. For now, 1 Gbps was more than enough for me (and I have the built-in realtek on the rkpr64 split in 5 vlans, although right now, there’s not a lot of activity on the other 4).
