I first stumbled on AstLinux in 2008. Sixteen years later I am still using it as my router, firewall and land-line phone system in my house. Who would have thought. I love that I have full control and can add features that improve how it works for me.
I'm writing this because I confess there are times when I think I should use something more mainstream... maybe I should separate the router/firewall from the phone system (which over the years has become less and less important). E.g. maybe I should just go with one of Unifi's gateways. Or use pfSense or OPNSense and a separate FreePBX or Asterisk. But every time I look at it, I land back at AstLinux. My home network is non-trivial. I have a mix of 1Gbps, 2.5Gbps and 10Gbps attached systems. I have a proliferation of IoT devices on multiple VLANs, I have Raspberry Pi's, A humongous NAS, and a Proxmox server on which I have dozen+ containers and multiple VMs... one of which is AstLinux at the center of it all. A few months ago fiber-based internet finally arrived, so multi-gig internet is now possible for me. I started looking for a system with 10Gbps NBase-T or SFP+ ports that could become my Proxmox server. I have not bought anything yet (because I don't *really* need it) but it got me looking again at pfSense/OPNSense and I've again discovered how good AstLinux is. The core issue for those is that they are based on FreeBSD, and it has very poor network support when running as a guest VM. The maximum throughput on a VirtIO network (to a Proxmox hosted Linux container or VM) is 2-3Gbps. Which may sound okay, but is in fact lousy... AstLinux can achieve 10x that, comfortably 25Gbps. AstLinux can route between two subnets (different VLANs) at >10Gbps... and may be able to do better if I separate the VLANs into different interfaces (rather than VLAN tags on the same interface). I could pass through the SFP+ PCI h/w to FreeBSD, but then the rest of my containers and VMs need to route through that to my network... and run into the VirtIO limitation. SFP+ devices support SR-IOV that virtualizes the network device at the h/w layer... but no one appears to have got that working with FreeBSD guests on Proxmox (whereas it works fine with Linux). Which left me looking for a Linux-based router/firewall of which only OpenWRT comes close to being mainstream, but again it isn't a good fit either... it's really intended to run directly on the h/w. Support for VM guest or even running in a container exists, but on investigation I concluded it may be okay for dev/test, but really not for production (main issue is how updates would be applied). So... AstLinux turns out to be (in my opinion) best-of-breed. It's a shame that it is not more widely known. Now it's not perfect... I would love it if my enhancements were merged into the mainline, but that aside there are a few things I would really like to see done... 1) Bring our build environment up-to-date with buildroot, so it is much easier to keep in sync with updates contributed from the wider user base that has. 2) Add a package manager (is that even possible with buildroot). 3) Modernize the user interface Of course, that is a very large project for which none of us have the time. But some of the design decisions / constraints that applied to AstLinux 16 years ago are really not relevant any more. So there you have it... sixteen years in and AstLinux still rules for me. David.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
