this post was submitted on 26 Feb 2024
275 points (97.9% liked)

Selfhosted

40132 readers
643 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Follow-up: OpenBSD routers on AliExpress mini PCs

I got lots of replies to the last post showing the little OpenBSD internet gateway setup (super interesting; thanks!). Here's more info and pictures:
https://www.srcbeat.com/2024/02/aliexpress-openbsd-router/

Something I've been meaning to share for years now.

@selfhosted #openbsd #selfhosted #selfhosting

top 31 comments
sorted by: hot top controversial new old
[–] [email protected] 27 points 8 months ago

"EVALUATION COPY BIOS" was the best bit

[–] [email protected] 20 points 8 months ago (3 children)

Is this a qotom? When I bought mine the description on Amazon said it could be turned on via power restore from bios but I have 0 power settings in bios. No wake on lan, nothing.

I've searched for how to update the bios (or if this would even help) but it's hard to find clear information.

[–] [email protected] 25 points 8 months ago* (last edited 8 months ago) (1 children)

It might be a jumper on the board. Mine (Q770G4) boots on power, if I can organise some downtime with the family I'll take a look at it (set it up ages ago so can't remember).

Edit: CAB approval was easier than I expected! Mine is in the BIOS, under Chipset > PCH-IO Configuration, set State After G3 to Power On.

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

Yeah I also tried moving the jumper for the power pins on the mobo but all that accomplished was a long press, which caused it to turn on and then off again.

I'll scroll through the bios again but I'm pretty sure I looked at every menu and submenu. 🤷‍♂️

[–] [email protected] 1 points 8 months ago (1 children)

Is it an APTIO BIOS? My setting was hidden in IT813 Super IO Configuration —> Advanced —> Restore AC Power Loss. Took me ages to find it.

[–] [email protected] 1 points 8 months ago

I guess I'll have to take another look whenever I can get the family to agree to turn off the internet for a bit.

[–] [email protected] 10 points 8 months ago (1 children)

Well written article. Could you point to the instructions you followed to set up OpenBSD as your router + Firewall?

[–] [email protected] 10 points 8 months ago (1 children)
[–] [email protected] 2 points 8 months ago (1 children)

Thanks, I've read the guide. Would like to know what you've added on top

[–] [email protected] 3 points 8 months ago (1 children)

I’m sorry if I seem obtuse but isn’t it easier to just set up OPNsense, which is a fully configured router/firewall on top of BSD?

[–] [email protected] 3 points 8 months ago (1 children)

It is easier, but it can be considered as feature-bloat if you don't really need the breadth of capabilities that it offers. Aside from that, OpenBSD has made specific choices to make it more secure than FreeBSD by default, though the configuration will depend upon the user.

It's also more fun to DIY it and you no longer need to rely on a specialist version of BSD. You are closer to the source, so to speak.

Some reasons might just be philosophical, others can be technical if you have specific configuration that you'd want to achieve.

[–] [email protected] 2 points 8 months ago

Yup all makes sense. Thank you for explaining it to me.

[–] [email protected] 10 points 8 months ago (2 children)

This is really cool. I've been interested in running something like this. Does it make sense to have this as a dedicated firewall in front of my Unifi lan?

[–] [email protected] 7 points 8 months ago

That's how I've got mine set up, with OPNsense.

I've been using it a few years and I only know about half the stuff that pfSense/OPNsense can do. So I would advise newbies to just make small changes at a time because there's a whole lot of stuff you can change. It's worth learning, though. I wouldn't use anything else for my main firewall/router nowadays.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

yes, thats the purpose of this device. works very well for me so far.

[–] [email protected] 1 points 8 months ago (2 children)

What I meant was, I have a Unifi router and was thinking of putting a dedicated firewall in front of it. Does that make any sense or would the firewall on the unify be just as capable? Before the Dream Machine that is my current router I was running an opnsense router with my Unifi switches behind it so I'm not super unfamiliar with it I guess.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago)

I think opnsense is way more capable than unifi devices, even better if you are familiar. You could try Proxmox too, makes the box more flexible.

[–] [email protected] 1 points 8 months ago

If you already have a Unifi router/firewall that'll work fine, you don't need this.

[–] [email protected] 9 points 8 months ago (1 children)

Do you know what it's idle power usage is? I'm guessing below 10W?

[–] [email protected] 14 points 8 months ago

@czardestructo For the CPU Intel says 7.5W: https://ark.intel.com/content/www/us/en/ark/products/81071/intel-celeron-processor-n2830-1m-cache-up-to-2-41-ghz.html
So all up I’m guessing under 10W. I don’t know how much other components affect the power usage, though. And I’m about 200km away from where it is installed! Hoping someone more expert in hardware could chime in here :)

@selfhosted

[–] [email protected] 9 points 8 months ago

Been thinking about buying a similar setup, and you just pushed me into buying a "Chinabox"

Let's see how this goes, if It explodes you owe me a beer, and a pair of hands, and another chinabox (I'm not a quitter)

[–] [email protected] 3 points 8 months ago (2 children)

What would be the difference of running this as opposed to pf/opnsense? I know they use FreeBSD but I am not that versed in BSD based networking

[–] [email protected] 4 points 8 months ago (1 children)

I personally would stick to *sense. I personally used OPNSense there's a huge community backing, well documented, and actively maintained. I like to use the CLI, but using the Web GUI was a breeze and I mainly wanted to set it and forget it.

[–] [email protected] 3 points 8 months ago

Same, hopped from PF to opn last year and really haven't had to do too much besides updates. For somethings E

[–] [email protected] 2 points 8 months ago

pf/opnsense essentially provide web interfaces to the underlying
FreeBSD OS tooling. In this case I'm running plain OpenBSD. That means
configuring the system is mainly done by reading and writing text
files and doing stuff at the command line. There's a whole bunch of
reasons why some people prefer one way or the other or even mix things
up a bit. My recommendation is, if you're interested, have a go
administering a system without a web interface and see how you feel!
@Edgarallenpwn @selfhosted

[–] [email protected] 2 points 8 months ago (1 children)

Really cool! I never touched *BSD, I have a mini PC/NAS home that ended with a minimal Arch install. This is something I can do at some point.

And what about Wireless networks?

[–] [email protected] 1 points 8 months ago

Normally you use a separate AP to do that. BSDs don't normally have good support for WiFi cards. Consumer WiFi cards aren't really meant for use as APs anyway.

[–] [email protected] 1 points 8 months ago

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
AP WiFi Access Point
NAS Network-Attached Storage
Unifi Ubiquiti WiFi hardware brand

[Thread #572 for this sub, first seen 4th Mar 2024, 20:25] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 0 points 8 months ago (1 children)

@otl @selfhosted would you talk about it at ripe88.ripe.net ? Or post it to [email protected] ?

[–] [email protected] 0 points 8 months ago

@becha @selfhosted Sure I’d be happy to talk about it there!