opensourcesecurity/spl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
6 commits 1 branch 0 tags 92 KiB
  • Shell 100%
Find a file
Exact
osssecurenet e7d5ffda2a
 Update README to reflect feature changes 
Removed DNS queries from the features list and updated the coming soon notice.
2026-01-25 18:26:57 +13:00
spl Revise upcoming release note in README 2026-01-25 18:25:52 +13:00
LICENSE Initial commit 2025-12-10 18:10:49 +13:00
README.md Update README to reflect feature changes 2026-01-25 18:26:57 +13:00

README.md

Security Performance Lab (SPL)

Test methodology, raw data, and scripts for validating SecureNet configurations.

License Download Data

What Is the Security Performance Lab?

The SPL validates every SecureNet configuration under realistic conditions before deployment. This repository contains our complete methodology, raw test data, and scripts—everything you need to reproduce our results or verify our claims.

Don't trust our numbers. Run the tests yourself.

Key Results

Validated Throughput

Hardware Throughput Security Stack
Protectli V1410 ~1.2 Gbps Full stack enabled
Protectli VP2430 ~1.7 Gbps Full stack enabled

Full security stack: Suricata IDS/IPS (165K+ signatures), DNS filtering (834K+ domains), FQ_CoDel traffic shaping

Real-World Context

Activity Bandwidth Required
4K Streaming 25 Mbps per stream
HD Video Call 3-5 Mbps per participant
Online Gaming 5-10 Mbps
Web Browsing 2-10 Mbps burst

Typical peak household: 150-200 Mbps (4x 4K streams + 2 video calls + gaming)

SecureNet headroom: 3-5x typical peak usage

Test Methodology

Lab Topology

┌─────────────────┐      ┌─────────────────┐     ┌─────────────────┐
│  Client Vault   │────▶│ Vault Under Test│────▶│  Server Vault   │
│  (Traffic Gen)  │      │   (OPNsense)    │     │  (Endpoints)    │
└─────────────────┘      └─────────────────┘     └─────────────────┘
                                │
                                ▼
                         ┌─────────────────┐
                         │ Management Vault│
                         │ (Data Collection)│
                         └─────────────────┘

Testing Modes

Mode Purpose Characteristics
Deterministic Precise measurement Controlled, repeatable, <5% variance
Dynamic Real-world simulation Varying patterns, multiple devices

Traffic Types

  • HTTP downloads
  • HTTPS browsing
  • FTP file transfers
  • UDP streaming

Repository Structure

spl/
├── README.md
├── LICENSE
├── methodology/
│   ├── test-overview.md        # Complete methodology documentation
│   ├── lab-topology.md         # Network diagram and hardware
│   └── traffic-profiles.md     # Test traffic patterns
├── data/
│   ├── v1410/
│   │   ├── throughput.csv      # Raw throughput measurements
│   │   ├── cpu.csv             # CPU utilization data
│   │   └── temperature.csv     # Thermal data
│   └── vp2430/
│       ├── throughput.csv
│       ├── cpu.csv
│       └── temperature.csv
├── scripts/
│   ├── traffic-generator.sh    # Traffic generation scripts
│   ├── data-collector.sh       # Metrics collection
│   └── analysis.py             # Data analysis tools
└── charts/
    └── performance-comparison.png

Independent Verification

Data Collection Principles

Aspect Method
Source FreeBSD kernel (not OPNsense GUI)
Validation Client-side and server-side cross-validated
Format CSV with JSON metadata
Data points Thousands of timestamped entries per test

Why this matters: Metrics are collected independently from the system being tested. No "trust our dashboard" problem.

Reproducibility

Element Status
Testing methodology Fully documented
Test scripts Available in this repo
Network topology Diagrammed
Configuration files Documented
Results variance <5% between identical runs

Quality Control

Pre-Deployment Validation

Every SecureNet configuration passes through SPL:

Checkpoint Verification
New configuration Full SPL validation required
OPNsense update Performance regression testing
New Suricata ruleset Impact measurement
Plugin evaluation Performance impact assessment

No configuration ships without SPL validation.

Hardware Tested

Device CPU RAM NICs Purpose
Protectli V1410 Intel N5105 8GB DDR4 4x i226-V 2.5G Entry-level
Protectli VP2430 Intel N150 16GB DDR5 4x i226-V 2.5G Performance

Version History

SPL Version SecureNet Version OPNsense Date
v1.0 v1.0 25.7.x October 2025

See Releases for all test data packages.

Related Repositories

Repository Description
securenet OPNsense configuration (what we're testing)
safenet VPN server configuration
aiw AI Whitepaper - complete technical documentation
oss-blocklist IP blocklist aggregation

License

This project is licensed under the BSD 2-Clause License.

About Open Source Security

Open Source Security, Inc. provides enterprise-grade home network security through professionally configured OPNsense firewalls on Protectli hardware.

🌐 opensourcesecurity.net

Transparency is our foundation. Every configuration, every test result, every claim is publicly verifiable.