[ previous ] [ next ] [ threads ]
 
 From:  Jim Thompson <jim at netgate dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] RE: [m0n0wall] The future
 Date:  Wed, 12 Oct 2005 15:29:10 -1000 
On Oct 12, 2005, at 2:42 PM, Chris Buechler wrote:
> first, I don't want anyone to take any of my comments as personal
> attacks.  I respect others' opinions, and am just offering my
> counter-opinion.
>
> On 10/12/05, Peter Allgeyer <allgeyer at web dot de> wrote:
>
>>
>> My vote goes to OpenBSD, too. Why?
>>
>> * due to its emphasis on security, as Manuel said it.
>>  It's not only build with security in mind, there are also a lot of
>>  security related protocols like openssh which were actively  
>> pushed by
>>  the OpenBSD team.
>>
>
> already debunked that as not really applicable in a firewalling  
> scenario.

In terms of wireless (already touched on), the OpenBSD story sucks.    
As some of you know, we ship m0n0wall (1.2b6) in some of our  
products, and linux in others.  We get asked about "openbsd support"  
from our customers, and I've managed to get the support people here  
to give a fairly 'flat' response when it comes to openbsd and  
wireless cards.

On the advice of <someone who understands the Atheros chipset better  
than I do>, last week I took an otherwise unused Soekris 4521,  
purchased a brand new 1 GB CF card, and installed an openbsd snapshot  
in order to check out the ath support.

I used the latest 3.8 snapshot release I could find, in order to test  
the code that the OpenBSD maintainers are preparing for release.

The results are not pretty.

Out of my selection of 4 cardbus cards and 6 minipci cards only 2  
worked, and these were marginal.  802.11g appears to not work at all  
and I could only get a 5211 card to work in 11a.

None of the 5212 cards worked.  This is bad because most of the cards  
you can buy today are 5212 or 5213 based.

My near-ancient, 802.11a-only, 5210 based cards (one CardBus, one  
miniPCI) failed, too.

And finally, those 5211-based cards that would associate had poor  
throughput.

The Prism2.5 based cards worked OK though.

I also tried a couple ralink 802.1111g miniPCI I have (we don't sell  
these, please don't ask.) At one point Theo was implying that these  
were going to be "the card of choice" to use. See, for example:  
http://www.m0n0.ch/wall/list/showmsg.php?id=147/83

On openbsd I can get one card to associate in 80.211g (station mode)  
but performance is pretty bad, and it seems to loose association  
under load.  The box panics with 2 ralink cards installed.

Using exactly the same hardware (subbing out only the CF card and  
rebooting), the same setup rocks under a 6.0-current
"nanoBSD" image that I've built.   I'll try pfSense soon, as Chris  
reports some issues with bridging and the ath driver.

So consider this a datapoint.  If wireless is important to the future  
of m0n0wall, then OpenBSD is not an appropriate platform in terms of  
whats commonly available for cards in the market today.   I probably  
know enough about wireless to have not made any huge errors in the  
experiment.  YMMV.

IM(nsh)O, OpenBSD throws off way more heat than light and pfSense/ 
m0n0wall will not be well-served by a move to OpenBSD as a base even  
without wireless.

jim