Post A8m5NSToTidRGNRixk by sebseb01@tooting.ch
 (DIR) More posts by sebseb01@tooting.ch
 (DIR) Post #A8m1mjza6Zyr036boG by wolf480pl@mstdn.io
       2021-06-29T09:24:58Z
       
       0 likes, 2 repeats
       
       If you wanted a router which:- eats less than 50W- can NAT 1Gbit/s- can do stuff like policy routing, dual homing, OpenVPN, stateful firewall (conntrack), - doesn't have stupid restrictions like "the WAN port is for WAN and you can't have other WAN on other port"- its config can be stored in git (directly or indirectly, eg. terraform is ok)what would you use?
       
 (DIR) Post #A8m1wEzGEihJjcUAaG by benis@cawfee.club
       2021-06-29T09:27:27.143924Z
       
       0 likes, 0 repeats
       
       @wolf480pl uuuh pfsense on a NUC?
       
 (DIR) Post #A8m2aLbV3SQHq7UoKW by wolf480pl@mstdn.io
       2021-06-29T09:34:39Z
       
       0 likes, 0 repeats
       
       @benis i'd probably use Debian on a NUC, as I find Linux's iproute2 quite comfy...How good a NUC does one need?
       
 (DIR) Post #A8m3Al75gjlLNgdPQ8 by lord@pleroma.lord.re
       2021-06-29T09:37:49.550860Z
       
       0 likes, 0 repeats
       
       @wolf480pl @benis the smallest one should be more than enough.2GB of ram or more if you want to add some services.
       
 (DIR) Post #A8m3AlhxTfFlE1sqsy by wolf480pl@mstdn.io
       2021-06-29T09:41:14Z
       
       0 likes, 0 repeats
       
       @lord @benis are NUC-like machines from other vendors also good? i've seen some AsRock ones witb intel atom that were significantly cheaper than official Intel ones
       
 (DIR) Post #A8m3NCui9YZL4qmQIy by oynqr@gentoo.live
       2021-06-29T09:44:43.254563Z
       
       0 likes, 0 repeats
       
       @wolf480pl odroid h2+ with any os one is comfortable with
       
 (DIR) Post #A8m3ae6uLcHNBttQSu by wolf480pl@mstdn.io
       2021-06-29T09:45:54Z
       
       0 likes, 0 repeats
       
       @oynqr out of stock :(
       
 (DIR) Post #A8m40bjrmuTxMfUl4i by oynqr@gentoo.live
       2021-06-29T09:51:51.695080Z
       
       0 likes, 0 repeats
       
       @wolf480pl pc engines apu2? those may still be availablethis shortage is so bad
       
 (DIR) Post #A8m4BC4RYsj2wSASDw by wolf480pl@mstdn.io
       2021-06-29T09:52:32Z
       
       0 likes, 0 repeats
       
       Hmm... that Mediatek in  EdgeRouter-X and R6220 has hardware NAT offload tho, supported by OpenWRT... I wonder if it works with mainline linux and whether it appears as a netfilter flow table or sth more vendor-specific...I wknder how hard it'd be to hook it up to openflow...
       
 (DIR) Post #A8m4jMKztaRgd8Ca4u by benis@cawfee.club
       2021-06-29T09:58:44.301919Z
       
       0 likes, 0 repeats
       
       @wolf480pl @quad has a lot of experience with the ER-X
       
 (DIR) Post #A8m4xsqJq4GRUtmIqm by wolf480pl@mstdn.io
       2021-06-29T10:01:19Z
       
       0 likes, 0 repeats
       
       @benis @quad I know, but he hasn't tried hacking it AFAIK.Also, I have 3 Netgear R6220s that use the same SoC except half the cores.
       
 (DIR) Post #A8m52uBgGd8t7DAFpA by NHG@soc.nhg.moe
       2021-06-29T10:02:15.714695Z
       
       0 likes, 0 repeats
       
       @wolf480pl a generic hw platform running vyos. sadly can't help with the hw selection, i always run the router as a vm.vyos is a fork of vyatta, its a debian-based linux router with a cli interface and single config file.
       
 (DIR) Post #A8m5NSToTidRGNRixk by sebseb01@tooting.ch
       2021-06-29T10:05:53Z
       
       0 likes, 0 repeats
       
       @wolf480pl i dont't know for teraform … but i use a ubiquity edge router  X. for VPN the CPU it's a little bit too light 20mbs but an other model can work fine. It route at gigabit for other use case.
       
 (DIR) Post #A8m5Rq6qZ9sjhunDvc by quad@weeaboo.space
       2021-06-29T10:06:43.475309Z
       
       0 likes, 0 repeats
       
       @wolf480pl @benis That depends on what you define as hacking. Plenty of scripts and stuff on that thing.But I didn't put OpenWRT on it no
       
 (DIR) Post #A8m5dcmZwP15qjvrKC by quad@weeaboo.space
       2021-06-29T10:08:51.919680Z
       
       0 likes, 0 repeats
       
       @wolf480pl @benis And yes, it does all the stuff you listed, though I'm sure you already know. Including the fact that OVPN would probably perform like hot garbage on such a mips chip
       
 (DIR) Post #A8m6SJJs40ZKFrfoR6 by wolf480pl@mstdn.io
       2021-06-29T10:18:02Z
       
       0 likes, 0 repeats
       
       @quad @benis yeah I'd probably want OVPN (or wg) to ssh into things so that should be ok-ish.And by hacking I mean, like, measing with the kernel.Looks like upstream kernel only supports hardware flowtables on mellanox, so OpenWRT probably rolls their own as usual... I'll look into their code
       
 (DIR) Post #A8m6WjEheFEznBMYQC by wolf480pl@mstdn.io
       2021-06-29T10:18:49Z
       
       0 likes, 0 repeats
       
       @quad @benis btw. What was the thing that didn't work.witb hardware offload for you? IPSec or QoS?
       
 (DIR) Post #A8nCBS6AxoFHRWZWoS by alarig@icedtux.no
       2021-06-29T22:56:52Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lord How many ports do you want?
       
 (DIR) Post #A8nE1OUBjyl5Fc8RyC by wolf480pl@mstdn.io
       2021-06-29T23:17:31Z
       
       0 likes, 0 repeats
       
       @alarig @lord two (2)
       
 (DIR) Post #A8nGufq97Tf2uQtQqO by alarig@icedtux.no
       2021-06-29T23:49:52Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lord Then you should look at NUC/brix. I don't why you need dual-wan if you only have two ports, though.
       
 (DIR) Post #A8noBHmx5oLvj0vbKy by wolf480pl@mstdn.io
       2021-06-30T06:02:41Z
       
       0 likes, 0 repeats
       
       @alarig @lord i can turn 2 ports into as many ports as I want using a managed switch, but the total bandwidth is limited to 2x1Gbit/s in each direction
       
 (DIR) Post #A8ntUWmO53wrUWeszY by alarig@icedtux.no
       2021-06-30T07:02:09Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lord Ah, yes. I don’t like on-a-swith setups, but it’s not my network :D
       
 (DIR) Post #A8nuH4nssndQuoVaDY by wolf480pl@mstdn.io
       2021-06-30T07:10:57Z
       
       0 likes, 0 repeats
       
       @alarig @lord I mean, if I can get a 4-port one that's even better, but the dual WAN thing is more of a future expansion than an immediate necessity
       
 (DIR) Post #A8nuns7L4SAb7sFKIC by alarig@icedtux.no
       2021-06-30T07:16:50Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lord I always like to have spare ports, because who knows what we will eventually want to plug
       
 (DIR) Post #A8o0zVFYW6NDP61Emm by AntoineVe@pleroma.antoineve.me
       2021-06-30T08:12:05.555462Z
       
       0 likes, 0 repeats
       
       @wolf480plI use this kind of thing : https://aliexpress.com/item/33053789470.htmlI use to run OpenBSD but you can  OpenWRT's it.
       
 (DIR) Post #A8o0zVjgi4TauY7Iki by wolf480pl@mstdn.io
       2021-06-30T08:26:11Z
       
       0 likes, 0 repeats
       
       @AntoineVe I'd rather VyOS it, but if it's a PC-compatible, that should just work...How are the 4 LAN ports connected? Is there an internal switch? Does the WAN port get a separate NIC, or is it on the switch too?
       
 (DIR) Post #A8o4aWng10QcmzKE8e by wolf480pl@mstdn.io
       2021-06-30T09:06:24Z
       
       0 likes, 0 repeats
       
       @AntoineVe ok but can I send 1Gbit/s through all of them simultaneously?
       
 (DIR) Post #A8o4cad8kK3VFNNcUC by wolf480pl@mstdn.io
       2021-06-30T09:06:54Z
       
       0 likes, 0 repeats
       
       @AntoineVe does freebsd have lspci?
       
 (DIR) Post #A8tQCdNZ4b1B1bvHP6 by wolf480pl@mstdn.io
       2021-07-02T23:01:44Z
       
       0 likes, 0 repeats
       
       @AntoineVe thanks for the details, looks good indeed