I like OPNsense. But if you need to land a PPPoE connection at the edge, then you'd better have a 2GHz or better CPU made in the last 5 years, or you're not going to get a gigablit out of it even before traffic shaping. All the same I'm tempted to use an mt7621-based OpenWRT device to just do the PPPoE decapsulation and NAT at the edge and use an OPNsense core router for everything else.
(Also, I have an allergy to PHP, thanks to several years of working in netsec, which taught me to regard it the way a doctor regards plague rats.)
Yes, i too understood that pppoe is heavily singlethreaded in bsd. It's a shame that this still isn't fixed.But i guess rewriting the pppoe client in a multithreaded form isn't something that is done overnight. I don't know if somebody is working on it; lots of people would benefit from a multithreaded optimized pppoe client for freebsd. I would if i could, but i can't
While OpenWrt runs on x86/x86_64/amd64 it's "tuned" towards the lower end platforms so you will need to do modification to the source if you want to utilize all hardware features and I'm not sure if you'll even be able to do so easily as OpenWrt targets footprint over performance (with some tradeoffs). Unless you're very limited in storage you're likely better off looking at a distro that targets "mainstream" x86/x64_64/amd64 hardware and not embedded devices.
RPi platforms are less than ideal for networking, Rockchip ones are usually much better and have a more suitable SoC (RK3399 is a good one in general) for networking and encryption (RPi4 lacks hw crypto). That doesn't necessarily mean that all devices using RK3399 are great however. Wireguard performance shouldn't differ much between BSD and Linux however OpenVPN greatly benefits from DCO however I'm not up to date on support besides "mainstream" PC distros/OS.
@fakemanhk
Not sure where you got the information from but eMMC is supported by upstream mainline uboot for RK3399 so it's likely due to what variant and configuration OpenWrt uses and possibly image generation. The controller is supported in both Linux mainline and FreeBSD.
@LilRedDog
To be honest, I've had one SD card die on me for the last 5 years or so using multiple devices and it didn't die in service. In many causes it's due to heat and possible getting the bottom of the barrel ones. Of course writes should be limited but you can always mount /tmp as tmpfs. I've been using both ext4, UFS2, zfs (with compression) with great success on multiple SoCs.
EXT4 has no trim, so you have been lucky, but so have I.
I used to have a program that would TRIM cards in Windows, but I cannot find it anymore. Could be useful to trim externally once in a while.
The only sd cards I've had fail were in android devices when they allowed sd memory to combine with system memory.
I have used those BSD based firewall distro for long, I start with m0n0wall, then pfSense (so it's more than a decade already), however in my country the IPv6 dual stack implementation is the trigger to pull me towards OpenWrt. When you need to deal with ISP that only gives you /64 prefix, no RA, and they use MAP-E/DS-LITE for dual stack, you'll find that's not possible on pfSense/OPNsense (Go and lookup ND Proxy/MAP-E/DS-LITE and you'll know)
WiFi all-in-one on OpenWrt (or other Linux based solution) is also a plus for general users, router + separate AP is of course the best (which is also something I did at home) but not many people want to manage separate device.
The GUI, though not the best, but at least OpenWrt provides a good enough way for people to build their router/firewall, distros like Debian is also multi platform but you have to manage everything by yourself, if you don't need it then yes you can just use normal Linux to build (I'm tired of doing this now, I remember in old days when I was using AMD K200 on kernel 2.4 building ipchains rules for my home)
BTW, what hardware features not usable on OpenWrt? Currently what I know is Intel QAT, but it's rarely seen in home use (I do have the C2000 series but due to Intel bug it's dead and I don't want to get the new one now)
OK probably I should put it in this way, R4S (1GB), R4S (4GB), R4SE looks very similar however they need to have different DTS (from what I know the 1GB model is really no upstream support), while from here I saw that R4SE also needs to use different DTS, well.....depends on who will be doing this on this board, but current status is, this device not in mainline so you'll be able to boot but no eMMC by default.
Under Linux PPPoE seems to be able to offload to hardware (don't know why this can't be done on BSD?), I know one very very tricky workaround, is using KVM to virtualize your pfSense/OPNsense, using bridged WAN interface so that when your BSD guest VM is doing PPPoE connection the driver on host will do the offload.
It's not on most hardware, there are a few NICs that supports it but it's not common occurence when it comes to OpenWrt and mpd5 will very likely perform just fine.
Maybe , but then again, general users wont be using opensource routers with custom linux distro's on it. The same goes for bsd. General users use their isp all in one modem and don't care for anything else.
