OpenWrt-based pihole alternative + more

stangri · March 31, 2020, 12:43am

Some of my friends/family are stuck with the ISP-provided modem/router combos and I'm exploring the option of adding a small and inexpensive OpenWrt-based device with adblock/simple-adblock and stubby/https-dns-proxy to their network to provide adblocking, secure/filtered DNS resolution and maybe even a WG server for remote support.

NanoPi devices look promising (sadly no OpenWrt support yet for neither NanoPi Zero nor NanoPi R2S) with supported devices starting as low as US $9.99.

I'm wondering if anyone has already used a single-ethernet port devices for such purposes and what your experience is so far? Which device did you use with which options (microSD/emmc, heatsync, extra RAM, etc)?

keiser1080 · March 31, 2020, 3:01am

Many openwrt users hope that openwrt support nanopi r2s.

I come to the same conclusion, it will be a killer device for the price.

I have posted to the developer forum, to ask if a developer is busy or plane to add openwrt support.

I have already order a nanopi r2s, I will try frindlywrt (frindlyarm openwrt fork)
Other on the forum have ordered the nanopi r1, openwrt work already on it. Check here Add OpenWrt support for NanoPi R1

emhzs5 · March 31, 2020, 7:14am

The NanoPi Neo2 Black seem to be the best deal if you want a single-port PiHole device, and the older variant of this board (NEO2) is supported in openwrt. I have one and it runs much cooler than a RPi3 with the optional aluminum case (even under full load), but since I haven't tried using openwrt on this particular board (I prefer Armbian for this kind of SBC), I can't guarantee 100% compatibility.

I also have an R2S but the thing runs like a hot potato even on idle, so I don't plan to use it in my network anytime soon. I'd recommend nanopi neo2 black if you just want a single-port DNS-filtering device.

keiser1080 · March 31, 2020, 2:52pm

could run this benchmark on the r2s preferably on friendlywrt

The nanopi r1s is also available with a H5 variant.

emhzs5 · April 1, 2020, 11:12pm

Here you go, running on stock rk3328-sd-friendlywrt-5.4-20200312.img:

OpenSSL 1.1.1d  10 Sep 2019
built on: Wed Jan 29 16:05:35 2020 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: aarch64-openwrt-linux-musl-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -Wno-error=unused-but-set-variable -Wno-error=unused-result -O3 -ffunction-sections -fdata-sections -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md5              24242.29k    62094.10k   115924.59k   147355.65k   161023.49k   161404.25k
sha1             39890.92k   128469.00k   313655.89k   488730.62k   590621.28k   597316.95k
des cbc          17481.45k    18159.02k    18389.67k    18511.11k    18464.77k    18459.31k
des ede3          6376.74k     6498.50k     6505.98k     6515.03k     6537.16k     6515.37k
aes-128 cbc      42294.77k    45653.38k    46788.86k    47117.31k    47205.03k    47349.21k
aes-192 cbc      36992.44k    39407.77k    40510.42k    40632.32k    40692.39k    40681.47k
aes-256 cbc      32977.09k    34774.38k    35636.91k    35710.29k    35752.62k    35869.45k
sha256           42699.54k   135971.13k   317166.25k   474762.58k   560058.82k   565400.92k
sha512           11729.32k    46715.22k    77386.33k   113153.71k   130304.68k   131732.82k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.008446s 0.000227s    118.4   4402.9
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.003080s 0.002902s    324.6    344.5

Do not add this to the wiki as this is not running on stock openwrt.

Edit:
Did the benchmark on Allwinner H5 as well, on NanoPi NEO2 Black running nanopi-neo2-black_sd_friendlywrt_4.14_arm64_20191230.img:

OpenSSL 1.1.1d  10 Sep 2019
built on: Fri Dec 13 09:53:13 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: aarch64-openwrt-linux-musl-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -Os -pipe -mcpu=cortex-a53 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -fpic -ffunction-sections -fdata-sections -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DOPENSSL_SMALL_FOOTPRINT
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md5              22386.44k    55942.49k   105124.99k   133912.92k   145943.21k   147039.55k
sha1             37007.43k   118795.39k   296567.38k   469698.90k   567989.59k   578574.38k
des cbc          15320.55k    16026.07k    16173.91k    16221.53k    16228.35k    16225.62k
des ede3          5473.17k     5590.45k     5597.10k     5604.01k     5606.06k     5603.33k
aes-128 cbc      30048.38k    32459.20k    33280.17k    33502.89k    33674.87k    33565.35k
aes-192 cbc      26722.81k    28708.22k    29445.74k    29496.32k    29584.04k    29556.74k
aes-256 cbc      24159.27k    25724.14k    26266.88k    26396.33k    26540.44k    26438.31k
sha256           36398.38k   118383.19k   288408.58k   448578.22k   537493.50k   545155.75k
sha512           11711.53k    46556.33k    76207.53k   109891.93k   126287.87k   127604.05k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.008873s 0.000239s    112.7   4175.6
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.003241s 0.002978s    308.5    335.8