8 mo. ago • 97%

Another successful OpenBSD setup

I've been buying these little boxes from AliExpress for years to use as firewalls and routers. My oldest one is almost 9 years old now! OpenBSD installs just fine. Just a BIOS tweak to always boot up after power is restored.

@selfhosted #selfhosting #selfhosted #openbsd #runbsd

81 comments

Throw some hard drives on it and baby, you got a ~~stew~~ home media server goin!

34
- How?
  I've been thinking about setting up one of these cheap boxes as a NAS but I cannot ever find one with 4 Sata ports. Is there a solution for this?
  I could use external USB Hard drives but that just feels so janky...
  
  3
  
  Can't speak to cheap boxes, so usb might be the way, but I use a Zimaboard. Two built in SATA ports, and a pci-e daughter card gives me two more ports. Full disclosure, i don't do anything more than 1080p, bad eyesight...
  
  1
I personally never understood the desire for BSD. BSD was good back in the day but we now have Linux which is better supported and protected under the GPL.

19
- PfSense and OPNsense are both killer router "out of the box" distros built on BSD. I say this as a Linux user, with little interest in running BSD for my applications, but... Respect to BSD. ✊
  
  22
  
  I run OpenWRT and it works pretty well. The only potential issue is the updates but if you have a plan it isn't a problem.
  
  Maybe I'm missing out but from my perspective it is way cheaper to buy a off the shelf router with OpenWRT that can handle gigabit speeds than it is is to build/buy a entire computer that pulls way more power and is several times the cost.
  
  4
  
  I couldn't agree more. I've been running PFsense for about 5 years, great little toy, not 1 single issue. BSD has been paramount in my life for my firewall needs. And I only run Linux on everything else (desktops and servers), but there is not a single FOSS firewall distro out there that can match, much less surpass, a BSD based firewall.
  
  2
- A lot of people stick with what they know and are familiar with.
  
  1
- I one heard ast describe Linux's code quality as 'marginal' (presumably speaking of the kernel)
  
  Of course, it was ast talking at BSDCan but still, harsh words from a master.
  
  1
So these noname boxes are good for making a hardware firewall/network?

17
- Yeah, as long as it it's one with 2+ network ports. I use a little 4 port with pfsense loaded on it for my home network.
  
  12
- I use one with 6 LAN ports and a fanless 10th gen i5 running OPNsense, and it has worked well for years. It runs many services including Unbound DNS and Suricata with capacity to spare. It's much better than any consumer router, though I run WiFi separately with an Asus AI Mesh set to AP mode.
  
  The only concerns are that you don't get BIOS updates, and you don't know for sure that there's nothing nasty in the firmware. But then you don't really know that on consumer routers either.
  
  9
- I've been running one for the past 6+ months with no issues.
  
  7
- Mine died after 2 years after a power cut.
  I havent tried to debug it yet. At the time, it would power on but a monitor didnt see anything from the video port, and it didnt seem to actually boot.
  I presume it is toast.
  
  If you dont need compact, a rebfurbed SFF with a 4 port network card is gonna be cheaper
  
  4
- Sure as long as security isn't a concern
  
  2
  
  Ok, cool - do we have astroturfing on lemmy now?
  
  pfSense has a very good record, but OpenBSD's record and code quality are literally unparalleled.
  
  Conversely, I spend a fair bit of time working on devices made by SonicWall, Fortinet, etc. and it's all fucking garbage.
  
  Are you concerned about it being designed in China in addition to the conventional and thoroughly ubiquitous "manufactured in China"? Please explain your concerns in detail.
  
  3
Sorry for my ignorance I tried googling but what is this exactly? A server for files or? A media server?

17
- @madcaesar @otl It's a small server running OpenBSD, configured to operate as a router and/or firewall.
  
  Linux and the *BSDs can operate as very good routers and firewalls, usually being much more configurable and enabling you to do more complex than off-the-shelf consumer-level hardware routers. Using them on a small form factor computer with a cheap switch in front of them can give you a better performing and nicer to use alternative.
  
  12
- An operating system
  
  -3
I recognise that internet router on the right. That looks like the "smart router" Telstra gives their customers - we have one we used to use back when we had Telstra cable. It's currently playing the duty of an Ethernet switch for dad's office.

15
- Good eyes! Yes this is one we got from Telstra on a VDSL NBN connection. Now it’s just a modem in bridge mode with Aussie Broadband
  
  @selfhosted @Da_Boom
  
  5
- Smg2?
  
  2
Do any of those cheap Chinese computers ever get any firmware or bios updates?

15
- No and they don't provide the source either. Makes you wonder what's running in there.
  
  31
  
  While i agree, no one provides full source blobs for firmware and bios that i am aware of. Please correct me if I am wrong, however.
  
  21
- I'd be surprised if it wasn't just based off the UEFI sdk examples containing 30+ CVEs over the last couple of years. If anything, it won't get patched for logofail and all the others UEFI exploits we'll definitely see in the coming years.
  
  14
- None that I know of :(
  But @benjja tells me that on some of these you can install coreboot: https://ohnepunktundkomma.org/@benjja/111991771619601081
  
  Something I’m keen to look into.
  
  @cmnybo @selfhosted
  
  7
  
  @otl @cmnybo @selfhosted
  
  Protectli ported coreboot for their hardware, and with a little research you can find this hardware on aliexpress, of course under a different name.
  
  3
- I was wondering... that tp-link probably negates anything remotely resembling security on its own. But yeah, you can update some of these noname boxes easily, others, not so much.
  
  I have dealt with (in a professional capacity) Chinese manufacturers that are under the impression they do not have to provide a working build tree for the kernel, let alone firmware, so its a gamble if you're not talking to a major Chinese name brand. Mind you, I was ordering hundreds of those boxes, so there was some leverage.
  
  7
  
  That TP-link is a dumb switch. Unless you're telling me that someone is going to find an opening in the firmware and hack their way into the ARP table or something (in which case the threat model here just became state actors and I don't think the OP is safe with this equipment), I don't think it affects much, if anything.
  
  Now, if I'm mistaken and that is actually a managed switch; god help them with network security.
  
  15
- Does any board ever get firmware updates? I don't understand your logic.
  
  3
Any cheap 2x 2.5gb n100 ones yet?

11
- There are a few 5x 2.5g N100 for $120-130 USD range on AliExpress. I grabbed one a while back for my own network.
  
  14
- https://cybergeekpc.com/products/cybergeek-mini-pc-nano-j1
  
  Only on port so you can't use it as a router unfortunately
  
  0

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
AP	WiFi Access Point
DNS	Domain Name Service/System
NAS	Network-Attached Storage
SATA	Serial AT Attachment interface for mass storage
SSL	Secure Sockets Layer, for transparent encryption
TLS	Transport Layer Security, supersedes SSL

5 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

[Thread #543 for this sub, first seen 25th Feb 2024, 15:45] [FAQ] [Full list] [Contact] [Source code]

Good bot 🤖

2

What bios tweak do you apply? That’s the one thing I still need to do.

These things are awesome!

7
- Restore power status after AC loss
  
  6
- Basically auto power on after restore power.
  
  Meaning if you get unplugged (or power outage) turn back on like any other networking gear.
  
  4
Why

6
- Why what?
  
  5
- Because blinking lights give me goo goo ga ga
  
  @Smc87 @selfhosted
  
  5
- I'm glad to see that we're not all addicts here
  
  3
I have one of these with PFSense on it. Works great, but when I had it in a hot room I had to zip tie a 120mm fan to it 😀

5
- I bought some half-inch silicone feet to separate mine from the shelf it sits on. The added airflow underneath seems to do just fine.
  
  3
  
  Yea mine was hung on the wall with an air gap, still needed the fan hah
  
  2
@otl What CPU does it have?

5
- This one has an old Intel N2830:
  https://www.aliexpress.com/item/1005003378019857.html
  With this particular model you can get a newer N100 chip
  
  @selfhosted @tk
  
  4
@otl@hachyderm.io @selfhosted@lemmy.world what machine is that?

5
- This one: https://www.aliexpress.com/item/1005003378019857.html
  
  Halfway through writing a follow-up blog post detailing set up, internals, etc. Should be available soon if you’re interested :)
  
  @alvaro @selfhosted
  
  4
  
  @otl@hachyderm.io @selfhosted@lemmy.world absolutely, thank you
  
  1
6 VLANs, 2 ISPs on load Balancing and FailOver, 6 switches, 7 APs.

The sky's the limit

3
- @jjlinux Hahaha no way that’s awesome
  
  @selfhosted
  
  2
  
  I'm bent on getting as many people as I know to self-host everything possible and to guard their home networks. The garbage out there today is too much.
  
  1
@otl @selfhosted

Got a simmilar one, and once a time i get an IO error.
Im sacred to leave my country and find out my router is dead

3
Ive wanted one of these for a while to replace my ISPs modem+router+switch+wifi-AP. But apparently these devices can be funky to get a good wifi going, and I don't feel like adding three (mini pc, switch, AP) new devices to my "we don't talk about it" corner where all the IT is stored. Do you know anything about wifi on these?

2
- It's usually considered a poor idea to use it also as an AP.
  
  The location usually isn't great for your WiFi and there are better tools for the job.
  
  1
  
  Is location the only reason to not use it as the AP? If I had a larger house I'd agree, but as I live in a small apartment, the current router location can easily serve the entire flat, so that is no concern right now.
  
  1
How would one go building a router? I was planning on getting wired networks for a NAS build but most providers seem to ship their own router which probably is a nightmare for privacy, can I just pay for internet and use whatever router I want?

1
- OpnSense would be the easiest way if you wanted to go. It's still not easy, but the articles online should help you out.
  
  First you'd need a machine. I've got an m920q I bought off eBay for $135 after shipping.
  
  The computer will likely only have one Ethernet port. And it's likely the port is Realtek which isn't supported well.
  
  So, you'll need to get yourself a NIC (a fancy term for a network card). There are good forum posts and articles online about the best NICs to buy for your needs. Intel is a must. However, you can find many of their NICs online labeled as another brand - usually HP, Lenovo, or Dell. Again, the forum posts will tell you what to look for.
  
  If you bought the same computer I mentioned above, you'll also need a riser and a bezel. Amazon and eBay will have a good selection.
  
  Now assemble it. Flash the computer with OpnSense. Don't plug it in as your router yet. Follow along with some basic setup guides online to figure out how you want it configured.
  
  Once you're happy, plug it in as your router and test that it works. If not, you'll need to put your old router back in place until you can figure out what you need to change.
  
  1

You've viewed 81 comments.