On Oct 12, 2005, at 2:42 PM, Chris Buechler wrote:
> first, I don't want anyone to take any of my comments as personal
> attacks. I respect others' opinions, and am just offering my
> On 10/12/05, Peter Allgeyer <allgeyer at web dot de> wrote:
>> My vote goes to OpenBSD, too. Why?
>> * due to its emphasis on security, as Manuel said it.
>> It's not only build with security in mind, there are also a lot of
>> security related protocols like openssh which were actively
>> pushed by
>> the OpenBSD team.
> already debunked that as not really applicable in a firewalling
In terms of wireless (already touched on), the OpenBSD story sucks.
As some of you know, we ship m0n0wall (1.2b6) in some of our
products, and linux in others. We get asked about "openbsd support"
from our customers, and I've managed to get the support people here
to give a fairly 'flat' response when it comes to openbsd and
On the advice of <someone who understands the Atheros chipset better
than I do>, last week I took an otherwise unused Soekris 4521,
purchased a brand new 1 GB CF card, and installed an openbsd snapshot
in order to check out the ath support.
I used the latest 3.8 snapshot release I could find, in order to test
the code that the OpenBSD maintainers are preparing for release.
The results are not pretty.
Out of my selection of 4 cardbus cards and 6 minipci cards only 2
worked, and these were marginal. 802.11g appears to not work at all
and I could only get a 5211 card to work in 11a.
None of the 5212 cards worked. This is bad because most of the cards
you can buy today are 5212 or 5213 based.
My near-ancient, 802.11a-only, 5210 based cards (one CardBus, one
miniPCI) failed, too.
And finally, those 5211-based cards that would associate had poor
The Prism2.5 based cards worked OK though.
I also tried a couple ralink 802.1111g miniPCI I have (we don't sell
these, please don't ask.) At one point Theo was implying that these
were going to be "the card of choice" to use. See, for example:
On openbsd I can get one card to associate in 80.211g (station mode)
but performance is pretty bad, and it seems to loose association
under load. The box panics with 2 ralink cards installed.
Using exactly the same hardware (subbing out only the CF card and
rebooting), the same setup rocks under a 6.0-current
"nanoBSD" image that I've built. I'll try pfSense soon, as Chris
reports some issues with bridging and the ath driver.
So consider this a datapoint. If wireless is important to the future
of m0n0wall, then OpenBSD is not an appropriate platform in terms of
whats commonly available for cards in the market today. I probably
know enough about wireless to have not made any huge errors in the
IM(nsh)O, OpenBSD throws off way more heat than light and pfSense/
m0n0wall will not be well-served by a move to OpenBSD as a base even