Router recommendation need.

[zMaliz]

If nothing on your network requires UPnP - double NAT your appliance and test again. It will split the workload between the two devices you already have and you may not need to replace anything. PPPoE is single threaded. N100 is much faster CPU and won’t have issues with this speed, but may not be needed.

I do have UPnP enabled for my son's PS5 and XBox.
I also run multiple SIP / VoIP servers and devices on the LAN connecting to remote sites, double NAT may upset that.

 

[Digilog]

Free BSD network stack isn't the greatest and all of these OS on routers does require a little bit of tuning from the typical desktop setting, and yes it does not multi thread by default. However you should be able to set in /boot/loader.conf.

net.isr.maxthreads="-1"

But you should disable hyperthreading because BSD doesn't use it and it will slow things down.

PPPoe requires encapsulation and that is why it takes up system resources.

I don't run this software because they didn't tweak the OS and at the time I submitted what they needed to change, and some of the other devs didn't want to step in and apply it because there was drama they didn't want to deal with. But anyways, getting around character defects of others, I will post the BSD profile for networking >1Gb here if you need it.

 

[Rainmaker]

Free BSD network stack isn't the greatest and all of these OS on routers does require a little bit of tuning from the typical desktop setting, and yes it does not multi thread by default. However you should be able to set in /boot/loader.conf.

net.isr.maxthreads="-1"

But you should disable hyperthreading because BSD doesn't use it and it will slow things down.

PPPoe requires encapsulation and that is why it takes up system resources.

I don't run this software because they didn't tweak the OS and at the time I submitted what they needed to change, and some of the other devs didn't want to step in and apply it because there was drama they didn't want to deal with. But anyways, getting around character defects of others, I will post the BSD profile for networking >1Gb here if you need it.

I've run x86 routers on everything from vanilla OpenBSD and FreeBSD, various Linux distros, and almost every software router project out there. I'm currently running an N100 box with OPNsense on a symmetric 2Gbps FTTP connection without issues, but it's DHCP not PPPoE. The issue with PPPoE on *BSD is the fact it's single-threaded, whereas Linux will happily spread the load across available cores. OP you'd probably be better served with OpenWRT or similar.

I'd be interested in your profile for multi-gig connections. I run the net.isr.maxthreads="-1" tweak myself, plus several others including net.isr.dispatch="deferred" and some socket buffer tweaks. That said, out of the box OPNsense handled 2Gbps no problems, with low CPU usage (even running Sensei, NetFlow and AdGuard DNS at the same time).

 

[Digilog]

I've run x86 routers on everything from vanilla OpenBSD and FreeBSD, various Linux distros, and almost every software router project out there. I'm currently running an N100 box with OPNsense on a symmetric 2Gbps FTTP connection without issues, but it's DHCP not PPPoE. The issue with PPPoE on *BSD is the fact it's single-threaded, whereas Linux will happily spread the load across available cores. OP you'd probably be better served with OpenWRT or similar.

I'd be interested in your profile for multi-gig connections. I run the net.isr.maxthreads="-1" tweak myself, plus several others including net.isr.dispatch="deferred" and some socket buffer tweaks. That said, out of the box OPNsense handled 2Gbps no problems, with low CPU usage (even running Sensei, NetFlow and AdGuard DNS at the same time).

pppoe will basically tie up a core so I wouldn't recommend any less than a quad core as a router.

Only issue with maxthreads -1 is that threads can get orphaned. Especially if hyperthreading is enabled. Which can cause intermittent functionality. Bindthreads should be set to 1 to avoid this.

dispath has to be either deferred or hybrid or else it uses the parameters at compiling. Hybrid loads the compiled parameters, then overrides those parameters with the declarations in the config file. If you want to know the real functionality to that which I don't think they have that documented.

Bsd is ok, it just that it has suffered along with Linux in these last evolution of kernel development. But all of them including windows have been experiencing this too. Because its hardware related.

Not all of these router os seem to be the same while most work the same. Some focus more on wifi functionality like OpenWRT, while others like OpenSense and PFSense try to provide everything while IPFire is focused on high security SOHO and enterprise networking.

As for me, I'm finished with the things I wanted accomplished in Linux Core. So my next set of projects to contribute will be in IPFire as I am going to team up with someone that began writing the secure Upnp module that some want on that system. Yes, they could theoretically use miniupnp Linux module if it was compiled for that OS, however, it goes against the design intentions of having everything administrated in a high security environment.

The differences in Network Profiles in BSD vs Linux is one of the things that really stand out as BSD you set one value while in Linux you set three parameters that it scales from depending on the remote networking connection. Linux is a little bit more complicated and in both of them you balance the setting from big packets with high latency vs. smaller packets at lower latency.

 

[Tech9]

A possible workaround:

How to get multi-core PPPoE on your x86 router

One commonly-stated problem with PPPoE, especially done on x86-based routers like pfSense and OPNsense is they’re “single-threaded”. The reason why they’re single-threaded is because of how NICs are designed. These NICs know how to sort IPv4 and IPv6 traffic, but not PPP traffic. combined with...

www.neelc.org

 

[Rainmaker]

pppoe will basically tie up a core so I wouldn't recommend any less than a quad core as a router.

Only issue with maxthreads -1 is that threads can get orphaned. Especially if hyperthreading is enabled. Which can cause intermittent functionality. Bindthreads should be set to 1 to avoid this.

dispath has to be either deferred or hybrid or else it uses the parameters at compiling. Hybrid loads the compiled parameters, then overrides those parameters with the declarations in the config file. If you want to know the real functionality to that which I don't think they have that documented.

Bsd is ok, it just that it has suffered along with Linux in these last evolution of kernel development. But all of them including windows have been experiencing this too. Because its hardware related.

Not all of these router os seem to be the same while most work the same. Some focus more on wifi functionality like OpenWRT, while others like OpenSense and PFSense try to provide everything while IPFire is focused on high security SOHO and enterprise networking.

As for me, I'm finished with the things I wanted accomplished in Linux Core. So my next set of projects to contribute will be in IPFire as I am going to team up with someone that began writing the secure Upnp module that some want on that system. Yes, they could theoretically use miniupnp Linux module if it was compiled for that OS, however, it goes against the design intentions of having everything administrated in a high security environment.

I used IPFire for some years, but my needs outgrew it. It's a fantastic little system and in theory could be wondrous, but the abject refusal by Michael to support things like IPv6 and WireGuard in 2025 is just too much for me. The rationale behind his WireGuard decision I can dislike or disagree with, but I can respect. The IPv6 issue not so much!

 

[Digilog]

Michael to support things like IPv6 and WireGuard in 2025 is just too much for me. The rationale behind his WireGuard decision I can dislike or disagree with, but I can respect. The IPv6 issue not so much!

We added that functionality, its just the website is behind keeping up with the DEvs including the non-core ipfire devs like me that bounce around different open source distros. The only thing is you really don't need ipv6 inside a network like this because of the way ipv4 is managed spanning tree. So there is no advantages to it that are observed in non managed ipv4 network tree. IPv6 connectivity on red has been there for the past year.
Version 193 has ipv6 inside networking even though its a useless item. Wireguard has been there since 190.

The only difference I see is some people not understanding the color network vs. just using a network that has no rules applied to the ports directly.

Wireguard , you add it to the system with pakfire, but yes, things like that should be installed afterwards. like OpenVPN. Which I haven't talked them into taking that off the base install and putting it as an installable program in pakfire. I consider openvpn installed on it by default as extra clutter if they don't use it.