The reason I installed OpenBSD on this device rather than a ready-made firewall solution is that I had some ideas for a router that would protect networks with a lot of untrusted IoT devices. Some of them required changes to the network stack, and OpenBSD's proved to be very elegant and clean for this purpose. Not to mention the proactively-security approach etc.
FreeBSD has done a lot of work to enable SMP for their pf so that gives it the edge on modern multicore systems. This work wasn't able to be used in OpenBSD so that was unique to FreeBSD for a long time. Right now OpenBSD is in the middle of doing the same for pf and their network stack. So the performance difference shrinks on every release. The newer pf syntax and features make writing rulesets easier, like replacing ALTQ with prio for traffic shaping.
But to me I think OpenBSD PF is just so simple to use that there is no need for pfsense. It's a simple firewall, has no services except opensmtpd relay and pf. All other services are inside the DMZ.
It's literally, install and forget. But that's not to say you shouldn't have proper patch management.
One bit of feedback: It is a bit unclear what combinations of storage devices are needed for installation. I ended up with an unused SD card, since I just bought the whole list. Not a big deal, but it was kinda wasteful.
I have a few original APU's running OpenBSD and they've been rock solid, save for one that got knackered hard enough to pop the mSATA SSD out of it's socket.
It'll be really nice when the BIOS bits to turn on the 4GB APU2's ECC RAM support end up in coreboot.
* High quality Intel NICs (3x i210AT)
* AES-NI instructions
* SIM socket (for 3G cellular modem in PCIe slot)
Kind of wondering what "real world" measurements indicate. :)
Both without WLAN (enabled).
But I'm running my personal website on it* 24/7 for 6 months and I can hardly notice the change on the electricity bill. It's awesome!
* exactly the same config
As a data point, bought one of these 6 months ago (£20.00) for doing power draw measurement from the wall socket:
http://www.p3international.com/products/p4400.html (US equivalent)
It's been extremely useful for finding out how much power various equipment draws. For example, several of the "powered off" systems here - not sleep mode, just shut down via OS - still draw 4.5W+ continuously. Now I turn things off via the switch at the back of the power supply too. ;)
Mentioning this as you don't need to fork out heaps of money for (say) a Fluke meter. It's possible to get reasonably accurate consumer type.
(But, read the reviews first. There were probably 10+ other meters out there better priced... but most of them with reviews about their poor accuracy.)
It also has accelerated crypto, so ipsec/openvpn shouldn't be much slower than routing.
It's pricier, but it does support pfSense directly when you buy one, which I do think is nice.
I always thought my ISP had poor equipment but it could be the APU.
Edit: And this is with a few rules, for home use.
Edit2: eh, my comment was actually for the other poster that had measured 70MB/s. Sorry to confuse you.