I got a CryptoStick v2 all the way back in 2012 and have been happy with your efforts since. I just wanted to say thank you for taking a step into filling this niche too. I'm an extensive user of OPNsense having switched all my gateway/routing/edge appliance activities to it for both myself and a number of clients over the last few years, but I've run it primarily on SuperMicro 1U boxes. I've wanted a better option to fill the role in smaller scale/managed home solutions, and while using a NUC or other embedded options is of course doable it's nice to see you take a step towards making it more turnkey. Deciso, the company behind OPNsense Business Edition, does offer a number of options too but they neuter important hardware functionality and many of them are very long in the tooth and mediocre value. A few comments though:
1. A 16GB flash card just shouldn't even be something you offer IMO. At RPi price points sure, but at $500+ you should really try to have the 120 be the basic default. CPU ceiling can't be helped, but people should be able to play around with IDS/IPS, web proxying, plenty of log space (circular logs are dead now) etc. A decent basic 250GB NVMe SSD like the PNY CS1030 is about $34-40 retail. I just don't think it's a place to penny pinch vs user experience personally.2. Having said that at the $500 level you should be a bit more generous, I'm going to turn right around and hope you can pull off a $100-200 Arm (probably not x86) version down the road too! Obviously at that point there would need to be some more feature cuts, just two ports etc.3. If this does well enough for you, I hope you can fund some focused improvements in OPNsense itself. In particular given your original business, it'd be nice to have webauthn support for the OPNsense web gui as well as easy native key support for ssh and logging into the console.4. I can't tell, but I hope you're installing this as ZFS native particularly on the 120+ drives. Even with one drive being able to detect (and repair with copies=2+) corruption is useful, as is snapshots and boot environment rollbacks if something goes pear shaped.
Anyway, best of luck with this! I'm delighted to see a slow but growing appreciation for how important open source is for network edges after ages of people getting burned by crappy appliances (happening again right now! Ars Technica just had a piece on yet another massively widespread flaw, "Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw"). OPNsense remains too technical/clunky for a lot of users for now, but the foundations are good and if you do want to put some time in it's so nice to have normal open PC management/recovery for such a critical piece of infrastructure. I hope it does well enough in its niche for you.
I got a CryptoStick v2 all the way back in 2012 and have been happy with your efforts since. I just wanted to say thank you for taking a step into filling this niche too. I'm an extensive user of OPNsense having switched all my gateway/routing/edge appliance activities to it for both myself and a number of clients over the last few years, but I've run it primarily on SuperMicro 1U boxes. I've wanted a better option to fill the role in smaller scale/managed home solutions, and while using a NUC or other embedded options is of course doable it's nice to see you take a step towards making it more turnkey. Deciso, the company behind OPNsense Business Edition, does offer a number of options too but they neuter important hardware functionality and many of them are very long in the tooth and mediocre value. A few comments though:
1. A 16GB flash card just shouldn't even be something you offer IMO. At RPi price points sure, but at $500+ you should really try to have the 120 be the basic default. CPU ceiling can't be helped, but people should be able to play around with IDS/IPS, web proxying, plenty of log space (circular logs are dead now) etc. A decent basic 250GB NVMe SSD like the PNY CS1030 is about $34-40 retail. I just don't think it's a place to penny pinch vs user experience personally.
2. Having said that at the $500 level you should be a bit more generous, I'm going to turn right around and hope you can pull off a $100-200 Arm (probably not x86) version down the road too! Obviously at that point there would need to be some more feature cuts, just two ports etc.
3. If this does well enough for you, I hope you can fund some focused improvements in OPNsense itself. In particular given your original business, it'd be nice to have webauthn support for the OPNsense web gui as well as easy native key support for ssh and logging into the console.
4. I can't tell, but I hope you're installing this as ZFS native particularly on the 120+ drives. Even with one drive being able to detect (and repair with copies=2+) corruption is useful, as is snapshots and boot environment rollbacks if something goes pear shaped.
Anyway, best of luck with this! I'm delighted to see a slow but growing appreciation for how important open source is for network edges after ages of people getting burned by crappy appliances (happening again right now! Ars Technica just had a piece on yet another massively widespread flaw, "Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw"). OPNsense remains too technical/clunky for a lot of users for now, but the foundations are good and if you do want to put some time in it's so nice to have normal open PC management/recovery for such a critical piece of infrastructure. I hope it does well enough in its niche for you.