As a serial console cable? You would need to re-wire one end to a serial port adapter of some sort…. and it might be the wrong pairs twisted in the cable, but will probably work at serial speeds. You may not need a serial console at all if you use 2.3.5 Nano at least as an initial test. If the interface types are something standard it should boot fully (and play the start-up tune) and you'll be able to hit the webgui via whichever port was assigned as LAN. Steve

700+ isn't really gig ;) hehehe  If you were seeing 900's then you would be talking gig - heheeh Whats your upload? You symmetrical? While the cpu not going to be an issue - keep in mind with some of these sorts of boxes.. Your not going to want to plug your nic into old pci slot.. There is a recent thread around here were someone wasn't getting the speed they thought they should get and seems their dual port nic was on pci vs pcie and that is going to be a bottleneck..

@Mickjones75: Now my question is this-if open vpn is “monolithic” or runs on runs on one thread. If I install PF Sense onto a machine that is a core i5 / 3.1 GHZ / 8GB / 1TB will that machine achieve close to gig speed-assuming I install a gig capable NIC. My two cents. i5, 3.5 Ghz would be a driver for speed and not 8GB and 1TB. You can get away with half the RAM and a way smaller Hard Drive. As Open VPN is monolithic, multi threads are useless atleast for OpenVPN connection. They best way is put together a machine or use another computer temporarily to test this out.

The choice of how much ram etc is yours. pfSense will run happily in 2Gb of RAM but I would go for a minimum of 4Gb. A small SSD or mSata is fine, a 30Gb mSata is sufficient for pfSense and say running pfBlocker, you'll need more if you run lots of other things. My setup, and I bought mine barebones, so I used some RAM and mSata I already had is 8Gb RAM and 60Gb mSata, The options for putting your own pfSense hardware together are endless. Basically, the main things to watch for are: 1 . CPU supports AES-NI 2.  NIC ports are Intel - There can be problems when they are not, or at least there are fewer problems with Intel NICs 3. Choose something that has been on the market for a while that has been proven to work. Some of the latest boards do not yet play nicely with FreeBSD, they will eventually but there may be driver/bios issues, so take care on some new MBs. So, existing hardware that works out the box, and don't forget to look at Netgate Hardware, it is built for the job. I can only give you advice on the hardware I have and use, there is other hardware mentioned in this section of the forum, others will chime in I'm sure. Here is what I use. Qotom i5- 4 Intel Nics, The i3 would do to, the i5 is a bit of an overkill for my system but it is very quick, noticeably so when using the pfSense GUI. PCEngines APU2 - I would stick with the 4Gb version, takes a single MSata - 3 Intel Nics - very compact and energy efficient.

This is what you need: Memory Capacity: 4x 204-pin DDR3 SO-DIMM socket (Supports up to 64GB DDR3 ECC Un-Buffered memory) Memory Type: 1600/1333MHz ECC DDR3 SDRAM, 204-pin gold-plated DIMMs DIMM Sizes: 16GB, 8GB, 4GB, 2GB Memory Voltage: 1.5 V, 1.35 V So basically: ECC laptop RAM, standard stuff but with ECC. As posted by NogBadtheBad, even crucial has this stuff: http://eu.crucial.com/eur/en/compatible-upgrade-for/Supermicro/a1sri-2558f Others have them too, i.e.: Transcend TS256MSK72W6N Kingston ValueRAM KVR13LSE9S8/4 SuperMicro also has a list of tested memory: (use tabs at the top for other module sizes) http://www.supermicro.nl/support/resources/memory/display.cfm?mspd=1.6&mtyp=65&id=19062770653AAC69ECAB308B0C1ED17C&prid=83767&type=DDR3%201.35V%20SODIMM&ecc=1=0&fbd=0

ATM OpenVPN (but only 30/40Mb u/d) , so it would not be a prob. in sw. But was actually thinking of switching my OVPN (PKI/TLS)  Site-to-Site (L2L)  (summerhouse) tunnel to - IPSEC (PKI) IPSEC for L2L seems like a performancewise advantage , if/when i get a 100/100Mb And the i'll just use OVPN for roadwarriors (family remote in) , and VPN remote exit-nodes But this was just an Academic question about why to be able to load both ? If i have AES-NI that would perform best in all situations (i suppose) ?? Is the possibility there for supporting (SW encr for some kind of conns - why ?) , and HW for others ? Ahh … Are some of the ciphers only supported in SW , due to HW crypto limitations ? From the Front page (pfsense) : Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM These might be the only ones w. HW support for my cpu ? /Bingo

Thank you. That answers it. In case someone runs across this thread later - it connects up with an internal m.2 B slot and netgate is working on a LTE /GSM kit option. As of Dec 2017 it doesn't look like its out yet though.

For my network, speed is not crucial (unusually) Seems to be quite a few opinions on APU2 throughput out there - eg: https://forum.opnsense.org/index.php?topic=2139.0 Config dependent; I would think it should easily do what you are asking…

It's 32bit ARM however it is supported by the latest 2.4 and future pfSense versions. The 32bit limitation only applies to i386 Intel / AMD platforms and not ARM based devices.

@Rockjansky: Hi, I have the same issue on 2.4 and above with an 8540p laptop. I did a minimal amount of research, but it looks like maybe this is a phantom task that BSD uses when the processor is overloaded and it sets this to steal some cycles to prevent overheating? Anyway, interested if anyone figures it out. Thanks Mmm. I am still to experience this on any other platform. I've sent in the whole chassis for RMA. Waiting on our local Supermicro dealership to check on the server. When I enable some PCI-E features(above 4G decoding) the server also refuses to pass POST. I also had a hard time convincing it to work properly in UEFI mode. I'll update the thread if they come up with some resolution to the problem other than replacing the chassis with some other model.

much easier. I reinstalled pfsense and started the ifconfig command ones to get started and configure pfsense. Then I went back to the WAN setting and if found this setting " Speed and Duplex" where I could set the necessary media type. Rebooted and the WAN address got the ip address ;-) Everything looks good

@johnkeates: I have no idea what the virt-manager GUI does, I either use bare config files or managed configuration. I probably missed the boat on the GUI part before it came out, and when it did come out, I already moved on to configuration management  :-\ Anyway, I pretty much left the KVM bandwagon and only run Xen, and a bit of vmware, and they all just take the host CPU and all it's features by default and give it to the VM. Maybe removing the fallback option is what you need? Also, did you enable hardware assisted virtualisation? I've been quite happy with KVM, but I think I should give Xen a try. Anyway, I've managed to get it to work using "Westmere" CPU. I've not tryied removing "fallback" option yet,but will try that. Also, what I think is strange is that my real CPU is an AMD FX-8350 but the "emulated" one is an "Intel Westmere"…. I though that you can only "emulate" AMD CPUs on AMD CPUs and Intel CPUs on Intel CPUs but obviously I was wrong!.

@Spencer1990: @Spencer1990: Hi there just wanted to update you guys on this build. First thing after an hour or so of frustration I found out that you have to use pfsense 2.4 because it has uefi bios support. After that everything installs easily. I setup openvpn using aes256cbc and sha256 and I'm able to hit my max line speeds 150/150 using around 45% cpu. The form factor is great too and very easy to open and install your ssd and ram of choice. I would definitely recommend this mini pc. Thanks Spencer Hi there a little update on the cpu usage I had my info wrong. The max I have seen is 15% cpu usage and load average of 0.7 while maxing my 150Mbps connection on openvpn using aes256cbc and sha256. I was only maxing the download so I imagine if I maxed the upload too at the same time it would max out at 30% cpu usage. Thanks How do you think this would do with a gigabit connection? If you were running multiple VPN connections over a 150up/down connection, would this box be able to handle it? Thanks.

@sparkman123: @johnkeates: That is because those pretty much are laptop CPU's. You won't find them on standard motherboards, pretty much only on embedded and industrial stuff, or the Qotom and MiniSys boxes we already mentioned. There is a small number of ITX board that have them as well, but I have no idea if Intel even allows people to buy they SoCs to put on motherboards with PCIe slots for example. What about the LAN NIC types on these mini-pcs? For example, I've seen quite a few threads discussing how bad RealTek LAN adapters are for pfsense. This thread is a good case in point: https://forum.pfsense.org/index.php?topic=128098.0 There is no mention of what kind of LAN NICs these boxes have in the tech specs, so it's hard to know if they use stock Intel, RealTek or something worse. The boxes in the Qotom thread all use Intel cards. Mostly the I2xx series.

No. But you could configure some packages manually to store their logs on external devices. Best solution is to not write the logs at all and just send them to a logging server.

@stephenw10: Yeah pretty sure those are just re-badged Supermicro boxes. As such they are usually waaaaaay overpriced secondhand. Especially if you aren't even going to to use the software that is really what you're paying for. IMO  ;) Steve These XCS 370 and XCS 570 are not always to find on Ebay, but the past year they  popup on regulary time and have fair prices. But indeed, it's a Supermicro in Red  :P Grtz DeLorean

@kejianshi: My experience with design temperatures…. CPUs with design temperatures of 100c start throttling at 70c. People can say they do not, but I've never had a chip with a t-junction of 100c make it beyond 80c before my computer turned into a snail. well, since I haven't seen an APU2 get that hot I'm not sure it's relevant. they tend to run hotter than a regular desktop at idle, but they don't get all that much hotter under load. (assuming the heatsink isn't installed wrong.)