The security router software is based on OpenBSD 5.9. It runs on effectively any x86 computers/servers and virtualization hosts, and makes a great choice both for affordable Mini-ITX appliances (with Intel Atom or AMD Geode CPUs) as well as high-end servers (preferably with AES-NI for high VPN throughput).
OpenBSD has its own hardware compatibility list for i386 (x86) and amd64 (x86-64). Since most components in a x86 computer are standardized, hardware support usually boils down to network interface driver support. For high performance, the Intel PRO/1000 or 10GE devices are recommended.
Below is a list of computers/servers/hypervisors that we, or our users, are successfully running the security router software on. However, any x86 machine is likely to work.
|PC Engines ALIX2D3||≈ $100||Fast boot, AES acceleration, use i386|
|PC Engines APU||≈ $125||Fast boot|
|Intel D2500CC||≈ $220||Use amd64|
|Intel DH77EB||Intel i3-3220, use amd64|
|Dell PowerEdge R200||Tested with Intel NICs, use amd64|
|Dell PowerEdge R320||≈ $1000||Slow boot, Intel NICs are preferred, use internal USB for boot, use amd64|
|Dell PowerEdge R720||Tested with Xeon X5650 and Broadcom NICs|
|Dell PowerEdge 2850||Tested with Intel NICs|
|HP DL120 G7||≈ $800||Tested with Xeon E31220, AES acceleration, slow boot, use amd64|
|Supermicro X7SPA-HF||≈ $350||End-of-sale, replaced|
|Supermicro X8STi||Tested with Xeon W3565 and Intel 82576 NICs|
|Axiomtek NA-100||AES acceleration, use i386|
|Soekris net4801||≈ $250||Slow CPU, use i386|
Any virtualization platform able of performing full hardware virtualization should be supported. The table below contains the ones we've tested.
|VMware ESXi (vSphere)||vmware-amd64-xxx.ova||Use "Deploy OVF template", both E1000 and VMNET2 NICs offers good performance|
|VMware Workstation/Fusion||vmware-xxx-xxx.zip||Simply launch the VMX file|
|KVM||any||You need to convert the image yourself, use VirtIO networks drivers|
|Parallels Desktop||vmware-xxx-xxx.zip||Simply launch the VMX file, add E1000 NICs|
These platforms are able to run the software, but with limitations.
There is a VHD release for Hyper-V, which comes with a few limitations. Hyper-V seems to be designed only for operating systems that are "aware" of, and optimized for, Hyper-V as host. Both general computations (CPU) and devices (disk, network) are slow when running OpenBSD inside of Hyper-V. Therefore, Hyper-V is only recommended for smaller sites, with a requirement of less than 50 Mbps plain-text and 5 Mbps AES (depending on hardware).
Simply put, Hyper-V is obviously not designed for generic x86 virtualization (probably focused on Windows and Linux).
- Only storage update is supported; streaming update doesn't work because of incompatibilities with the recovery partition (bsd.rd) and Hyper-V
- i386 (32-bit) only
- The system becomes unstable when running a 64-bit OpenBSD (the entire Hyper-V server has crashed at a few occasions during tests)
- AES-NI (VPN acceleration) is disabled, because it's only available in amd64
- No para-virtualized drivers
- Legacy networking is required
- They are quite slow (100 Mbps)
- Hyper-V is limited to 4 legacy NICs
- Hyper-V doesn't support VLANs on legacy NICs
- Legacy networking is required
- The virtualization is slow; even CPU computations are surprisingly slow
Network performance can be slightly improved by disabling ACPI. It limits the software to one CPU, and has to be performed after each update. Enable root access and run
# config -e -o /bsd /bsd > disable acpi > disable mpbios > disable ioapic > quit # reboot