IpFire on Raspberry Pi 4

I would like to use PI4 with IPFire in a LAN with half a dozen PCs only to manage Intrusion Detect and two VPNs.
Do you think it holds the load?
Do you have any suggestions on this?

last I read a Raspberry Pi 4 will not work…
https://forum.ipfire.org/viewtopic.php?f=86&t=23022

I know a Raspberry Pi 3B+ works since I’m running (testing) one.
https://wiki.ipfire.org/hardware/arm/rpi/threeplus

But it may not be powerful enough for your needs.

White Tiger

Any meaningful answer to your question would need to factor in the Internet bandwidth being distributed to your PC.

RPi 3 still run their Ethernet through USB 2.0 bus and that will severely limit I/O.

I don’t have an RPi3. NanoPi-R1 don’t report CPU load and the latter would be a major factor in handling IPS workload.

But doesn’t it have an Ethernet port?
I thought of using an additional USB ethernet port to connect it to the Internet and the standard one on the LAN.
In any case there is a router, so the Pi would be downstream of this.

Internet
|
Router
I
Ipfire
|
Switch LAN

There is no native kernel support and boot firmware for the Pi 4 so you can’t boot from any Pi 4.

Yes there is and this time it’s connected via PCIe.

The Ethernet port on RPi 3 is effectively an inbuilt USB-Ethernet adaptor. A similar arrangement on earlier RPi and several other (but not all) ARM hardware.

Last month I ran some tests on an RPI3B+ set up as an IPFire box.

The Green network was the on-board LAN and the Red network was a USB port connected via a Trendnet TU3-ETG (AX88179 USB 3.0 to Gigabit Ethernet).

Local%20network%20for%20testing%20IPFire%20network%20v21357×604 51.5 KB

Edit: updated diagram

The fastest speed from Client #2 to Client #1 was about 105 Mbits/sec

iMac:~ me$ iperf3 -c 192.168.60.3
Connecting to host 192.168.60.3, port 5201
[  5] local 192.168.1.100 port 56094 connected to 192.168.60.3 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  13.3 MBytes   111 Mbits/sec                  
. . .
[  5]   9.00-10.00  sec  12.1 MBytes   102 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.00  sec   125 MBytes   105 Mbits/sec                  sender
[  5]   0.00-10.03  sec   124 MBytes   103 Mbits/sec                  receiver

iperf Done.

and with the -R (run in reverse mode - server sends, client receives) added:

iMac:~ me$ iperf3 -c 192.168.60.3 -R
Connecting to host 192.168.60.3, port 5201
Reverse mode, remote host 192.168.60.3 is sending
[  5] local 192.168.1.100 port 56102 connected to 192.168.60.3 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  18.0 MBytes   151 Mbits/sec                  
. . .
[  5]   9.00-10.00  sec  18.5 MBytes   156 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   185 MBytes   155 Mbits/sec    0             sender
[  5]   0.00-10.00  sec   185 MBytes   155 Mbits/sec                  receiver

iperf Done.

is client#1 on the .60 subnet or on the .10 subnet ? I suspect the .10 is a typo.

it is! thanks for noticing!

Edit: yes, client #1 is a typo. It is on subnet .60. I updated the diagram!

Why your NanoPi-R1 is not reporting the CPU load? This should work normal. Have you restored a backup from an other arch that has incompatible rrd’s?

Also one Interface has only 100mBit on the NanoPi R1.

You are correct. I was looking in the Hardware menu and CPU load is in the System menu.

CPU idle varies from 92% to 99%, averaging 98%, with IPS on RED & GREEN. I’m not downloading much lately.

To my knowledge, the highest plan that is permitted for households in AU is 100 Mb/s. My line is capable of only 30, so 100 Mb/s on the second interface is more than adequate.