Hardware sizing & setup¶
The harware setup requires a careful preparation and selection of the standard PC hardware components for the intended installation of OPNsense.
⚠ Computer hardware with the open source security software OPNsense® pre-installed can be purchased directly from various (online) stores.
Tip
The OPNsense development team encourage everyone looking for a turn-key solution to buy from Deciso or one of the other partners listed at our partner page. Listed partners make significant contributions back to the project
Supported hardware architectures¶
OPNsense® is available for x86-32 (i386) and x86-64 (amd64) bit microprocessor architectures. Full installs on SD memory cards, solid-state disks (SSD) or hard disk drives (HDD) are intended for OPNsense.
While the range of supported devices are from embedded systems to rack mounted servers, we recommend to use a 64-bit versions of OPNsense, if the hardware is capable of running 64-bit operating systems. It is possible to install and run 32-bit (x86-32, i386) versions of OPNsense® on 64-bit (x86-64, amd64) PC hardware, but we do not recommend it, especially not for new deployments.
Hardware requirements¶
For substantially narrowed OPNsense® functionality there is the basic specification. For full functionality there are minimum, reasonable and recommended specifications.
Minimum
The minimum specification to run all OPNsense standard features that do not need disk writes, means you can run all standard features, expect for the ones that require disk writes, e.g. a caching proxy (cache) or intrusion detection and prevention (alert database).
Processor | 500MHz single core cpu |
RAM | 512 MB |
Install method | Serial console or video (vga) |
Install target | SD or CF card with a minimum of 4GB, use nano images for installation. |
Table: Minimum hardware requirements
Reasonable
The reasonable specification to run all OPNsense standard features, means every feature is functional, but perhaps not with a lot of users or high loads.
Processor | 1 GHz dual core cpu |
RAM | 1 GB |
Install method | Serial console or video (vga) |
Install target | 40 GB SSD, a minimum of 1GB memory is needed for the installer to run. |
Table: Reasonable hardware requirements
Recommended
The recommended specification to run all OPNsense standard features, means every feature is functional and fits most use cases.
Processor | 1.5 GHz multi core cpu |
RAM | 4 GB |
Install method | Serial console or video (vga) |
Install target | 120 GB SSD |
Table: Recommended hardware requirements
Hardware guide
The hardware required for your local OPNsense, will be determined by the intended minimum throughput and the feature set.
Impact of Feature set¶
While most features do not effect hardware dimensioning, a few features have massive impact on it. The candidates are:
- Squid
- a caching web proxy which can be used for web-content control, respectively. These packages rely strongly on CPU load and disk-cache writes.
- Captive portal
- settings with hundreds of simultaneously served captive portal users will require more CPU power in all the hardware specifications displayed below.
- State transition tables
- it is a known fact, that each state table entry requires about 1KB (kilo bytes) of RAM. The average state table, filled with 1000 entries will occupy about ~10MB (mega bytes) of RAM. OPNsense usage settings with hundred of thousands of connections will require memory accordingly.
Throughput¶
The main hardware-factors of the OPNsense setup involved are CPU, RAM, mass storage (disc), the number and quality of network interfaces.
Throughput (Mbps) | Hardware requirements | Feature set | Users / Networks |
---|---|---|---|
1-10 | Basic spec. | narrowed | few (1-10) |
11-150 | Minimum spec. | reduced | adjusted (10-30) |
151-350 | Reasonable spec. | all | substantial (30-50) |
350-750+ | Recommended spec. | all | substantial+ (50-150+) |
Mbps (Mbit/s or Mb/s) - Megabit per second - 1,000,000 bits per second |
- Network interface cards
- As the FreeBSD hardware-lists and -recommendations say, Intel® network interface cards (NIC) for LAN connections are reliable, fast and not error-prone. Intel chipset NICs deliver higher throughput at a reduced CPU load.
Supported hardware
The FreeBSD 10.2-RELEASE is the base of OPNsense. All FreeBSD drivers are included in the OPNsense kernel, and the hardware compatibility is the same.
Tip
If you are looking to buy new hardware then take a look at our partner page as these partners contribute back to OPNsense and sell hardware that is know to work well.
For further help and support, see
List of references
- Schellevis, Jos; Hardware requirements; OPNsense > Get started (2015)
- McKusick, Marshall; Neville-Neil, George V; Warson, Robert NM; The Design and Implementation of the FreeBSD Operating System (2015); Addison-Wesley, New Jersey; ISBN 978-0321968975