Well, this has been a roller coaster ride for me. I have an older
N5100-based mini PC running OPNsense reliably for a couple of years now. I desired an upgrade, and TopTon was selling N150 boxes for the same price -- amazing! So I bought
one... actually
two. They came with H30W-N150-226 motherboard and AMI Aptio 2.22.1293 UEFI/BIOS (BK-1264NP-N150 Ver: 41.5 from 12/15/2024). They work, they boot into OPNsense, and they have not seen any driver support issues. But I could only get their idle power consumption down to 9-11 W.
Key lessons learned:
- The latest and greatest CPU might be marginally more efficient, but you might end up paying the difference (or more) for other components.
- Your router probably doesn't need PCIe Gen 4 x4 storage. Heck, this one wouldn't go faster than Gen 3 x1. Even SATA (or USB stick, microSD card, etc) would work just fine as a boot disk.
- Your router probably doesn't need DDR5. If you're asking if you should get the 5600 MHz RAM instead of the 4800 MHz RAM, be careful what you ask for. Alas, I can't just put some DDR4 into this one.
- If you're using this as a high-performance server, you're going to want a good cooling solution.
- If you just have a burning desire to upgrade your heating system, a little space heater or dutch oven would do the job for a fraction of the cost.
- Consult the STH forums before buying, not after. Yes, I did speed-read the 2854 posts in these 143 pages... thank you for all your input

The problem with these fanless N150 boxes from TopTon is they run hot. I thought the N5100 boxes were hot, but these new units broke the record for me. And yes, I get that the case is supposed to get hot, because that's its job, but I consider it a symptom of excessive power draw. Anyway, the BIOS is very limited. I was able to set
`ASPM=auto`, but there were no power limit settings. In OPNsense, I set tunables
`hw.acpi.cpu.cx_lowest=Cmax` for C-states and
`dev.hwpstate_intel.[0-4].epp=100` for P-states as usual. Doing nothing, it burns 11-13 W and radiates 52-56 °C from the CPU. With 2 NICs active, it burns >13 W. In comparison, my older N5100 box pulls 9-10 W in production with CPU temperatures of 48-50 °C, on a workload that includes IDS monitoring of other network gear. And...
the famous $88 Acer with the J4125 is still going strong on only 8-9 W.
Back in the very limited BIOS, I disabled SATA, serial ports, TPM, and 3 of 4 CPU cores... without making a dent in the power draw. The TopTon representative suggested putting a fan on it (LOL). They then shared that the CPU could be operated in 10W mode, 15W mode, or 25W mode with different performance characteristics, but did not offer any suggestions for actually making it happen. Finally, they admitted their BIOS is not actually able to set power limits. So I did the next best thing... which is to increase the
"Tcc Activation Offset" to force thermal throttling. That actually locked all cores to 200 MHz and slowed the machine down to a crawl. CPU temperatures finally dipped below 50 °C, but there was only a ~0.1 W reduction of power draw. Not worth the hassle.
At this point, I realized that I'd done as much as I could to the CPU. Maybe the motherboard (or components) or PSU was the culprit. Well, I'd installed 16 GB of Mushkin Enhanced Redline DDR5-4800 40-40-40 and 256 GB of SK hynix BC901 PCIe Gen 4 x4 NVMe. Having run out of other options, I appropriated 128 GB of (cheap!) Patriot P320 PCIe Gen 3 x4 NVMe out of another server and put it into this thing. Just like that, the idle power draw decreased to 9-11 W and CPU temperatures decreased to 48-52 °C. A 2 W difference might not sound like much, but it's a significant improvement when the target is 9-10 W.
I have the same concerns as
@phil-2024. There's something wrong about these purported low-power devices idling at >10 W, and it probably comes down to motherboard design and user choices such as RAM and SSD. My units also draw ~2 W when they're "off," and I chalked it up to the network ports and some USB ports being powered at all times. The cheap PSU by itself wastes 0.25 W plugged into nothing. As for longevity... my N5100 boxes have been simmering at close to 50 °C continuously for years now, so apparently it's fine. I might redo the thermal paste or add a shim, but the heat sink case does get rather toasty as is, so it's conducting
reasonably well.
I see that
@slybunda prefers Windows... and I did try Windows 10 & 11 on these things, but I haven't seen any better idle efficiency. Others have all sorts of elaborate setups involving Proxmox/virtualization to take advantage of Linux hardware support and PowerTOP magic, but I personally prefer to keep the configuration simple, so I have not yet worked up the courage to use a forbidden router.
Many of us except these types of kit from China are cheap for a reason and if they break after a year, we just buy another one, they are almost disposable, and we take a gamble when we buy them. That gamble for me hasn't paid off as this N100 appliance I don't feel confident in using, so I have to write off that expense and look for something else, so it doesn't always work out cheaper chancing what we get direct from China.
I mean... that's exactly why I have 2 of them, and they still cost less than Protectli. I also have the 2x N5100/i225 routers that are still functional, and the OPNsense config file appears to be compatible with all 4 devices without modification. They might not be suitable for mission-critical applications where downtime is unacceptable. But for home use, if you don't mind manually swapping in a spare, this might be fine
Wondering what people use all the ports for, One for WAN, one for LAN I guess, but if the LAN is going to a switch why the need of the other ports?
Not sure why you'd ever want to use more than 2 ports. If this is a router/firewall, you'd have 1 WAN and 1 LAN port. Leave switching to a real switch which has an ASIC designed for that.
For those wondering why we'd want more than 2 ports on a firewall/router, I have 2 words:
management interface
Basically as per experts recommendations, you should run Suricata (intrusion protection) on WAN and Zenarmor on LAN (virus/malware protection), Zenarmor supposed to stop security risks spreading on Your LAN between devices...
i can see big businesses having a need for this, but the average home user.. im not convinced. not heard of anyone with stock isp router getting hacked. usually its something dodgy they downloaded that gets them got.
Okay, picture this: You're an average home user who just purchased a sketchy mini PC from AliExpress. You want to let it loose on your network (or even control your network), but you're not sure if you should trust it yet. You've installed a trusted OS, but there might be malware baked into the firmware or hardware. What do you do? Why, of course you'd plug it into
your other pfSense/OPNsense box (which you also got from AliExpress), on a quarantined VLAN, with all the IDS bells and whistles, so you could keep an eye on it for a while!