PfSense server for small organisation

messerchmidt

@margen:

@_JT:

I want to build a small server for running pfSense with VPN. It's not that big of an organisation, I think the amount of users that will be using VPN (which I want to use 2048bit encryption) will be around 25 and they certainly won't be online all at the same time. Internetconnection 50/50, maybe 100/100 later on. I was thinking of:

• AMD Athlon 5350 AM1 CPU (same or better performance then J1900 + AES hardware support)
• ASRock AM1H-ITX
• 4GB
• Crucial M550 SSD
• Intel dual port NIC

As far as I've found this should work with pfSense. But I want to be sure. Anyone got anything to add to this?

Did you build it? How's it perform? What's the power consumption on it?

do the intel lan cards work on the am1 platform? I am liening towards this to, but the asus board for ecc and 8gb of ram

Escorpiom

Intel cards work just fine on the AM1 platform, no boycot here :-)

Cheers.

S-KGray

@margen:

@_JT:

I want to build a small server for running pfSense with VPN. It's not that big of an organisation, I think the amount of users that will be using VPN (which I want to use 2048bit encryption) will be around 25 and they certainly won't be online all at the same time. Internetconnection 50/50, maybe 100/100 later on. I was thinking of:

• AMD Athlon 5350 AM1 CPU (same or better performance then J1900 + AES hardware support)
• ASRock AM1H-ITX
• 4GB
• Crucial M550 SSD
• Intel dual port NIC

As far as I've found this should work with pfSense. But I want to be sure. Anyone got anything to add to this?

Did you build it? How's it perform? What's the power consumption on it?

Also interested in the power consumption and performance

italics

I was just curious, did you build it yet? It looks like it would be fine, but a lot of the newer ASRock Boards have hybrid USB3 and SATA controllers. I'm currently running one for the company I'm working with and it runs like a champ, but I had to manually load the usb3 module to get anything to work using my laptop as a temporary boot device.

shaqan

@messerchmidt:

@margen:

@_JT:

I want to build a small server for running pfSense with VPN. It's not that big of an organisation, I think the amount of users that will be using VPN (which I want to use 2048bit encryption) will be around 25 and they certainly won't be online all at the same time. Internetconnection 50/50, maybe 100/100 later on. I was thinking of:

• AMD Athlon 5350 AM1 CPU (same or better performance then J1900 + AES hardware support)
• ASRock AM1H-ITX
• 4GB
• Crucial M550 SSD
• Intel dual port NIC

As far as I've found this should work with pfSense. But I want to be sure. Anyone got anything to add to this?

Did you build it? How's it perform? What's the power consumption on it?

do the intel lan cards work on the am1 platform? I am liening towards this to, but the asus board for ecc and 8gb of ram

Is there any other ECC-supporting AM1 board in existence besides AM1M-A? It's quite fascinating little platform

_JT

Sorry all for not replying. In the end I bought an Asus AM1M-A and it works fine out of the box. Only hmac with OpenVPN doesn't work ( https://forum.pfsense.org/index.php?topic=83187.0 ). OpenVPN log shows no error before crashing so I have no idea where to start troubleshooting :( My Intel dual port card works fine! I will take a look at idle power consumption one of the coming days; I cannot yet supply any performance figures as I have not been in a situation that would produce any useable numbers. Anyone have an idea how to test this?

_JT

Already did a quick check: booted without UTP connected I saw an idle power use of 32w….higher than I anticipated. This could be due to two things:

• PSU. I have a full size ATX PSU which guarantees 80% efficiency (bronze). 0.8 * 32 = 24,5w consumption by other hardware
• Intel dual port NIC. It has a heatsink which suggests it uses some power. But I'm not sure about that. Might remove the card tonight and see what it does in idle.

Douglas Haber

@_JT:

Already did a quick check: booted without UTP connected I saw an idle power use of 32w….higher than I anticipated. This could be due to two things:

• PSU. I have a full size ATX PSU which guarantees 80% efficiency (bronze). 0.8 * 32 = 24,5w consumption by other hardware
• Intel dual port NIC. It has a heatsink which suggests it uses some power. But I'm not sure about that. Might remove the card tonight and see what it does in idle.

The NIC probably does draw a noticeable amount of power.

fragged

You might need to tweak some system settings to get PowerD/Throttling to work nicely on your system. I don't know about tweaks for AMD, but this are the changes I made for my Intel Pentium G630T:

In /boot/loader.conf.local add:

hint.p4tcc.0.disabled=1
hint.acpi_throttle.0.disabled=1

I set this up in system tunables via GUI:

dev.cpu.0.cx_lowest 	sysctl dev.cpu.0.cx_lowest=C3 	C3
dev.cpu.1.cx_lowest 	sysctl dev.cpu.1.cx_lowest=C3 	C3

Enable PowerD in Advanced/Misc.

_JT

@Douglas:

The NIC probably does draw a noticeable amount of power.

Yes I found that out. Disconnecting the SSD made no difference, which is not unexpected as modern SSD's draw <0,5w in idle. Removing the networkcard however decreased power consumption to 24,5w in idle. 24,5 * 0.8 = 19,6w. A lot better, even though I think it could have been lower. TDP of 12w + mobo + memory + SSD, all idle.

@fragged:

You might need to tweak some system settings to get PowerD/Throttling to work nicely on your system. I don't know about tweaks for AMD, but this are the changes I made for my Intel Pentium G630T:

In /boot/loader.conf.local add:

hint.p4tcc.0.disabled=1
hint.acpi_throttle.0.disabled=1

I set this up in system tunables via GUI:

dev.cpu.0.cx_lowest 	sysctl dev.cpu.0.cx_lowest=C3 	C3
dev.cpu.1.cx_lowest 	sysctl dev.cpu.1.cx_lowest=C3 	C3

Enable PowerD in Advanced/Misc.

PowerD kills my system unfortunately. One of 2 problems I found with my config. https://forum.pfsense.org/index.php?topic=83035.0
How can I find out at which clock frequency the CPU runs? Probably command line but I am not really known with the BSD command line.

fragged

@_JT:

How can I find out at which clock frequency the CPU runs? Probably command line but I am not really known with the BSD command line.

Should be:

sysctl dev.cpu.0.freq

Quick Google search suggest that PowerD with various AMD CPU's might work better with FreeBSD 10. pfSense 2.2 beta is currently based on FreeBSD 10.1 RELEASE.

_JT

CPU is running at 2050mhz in idle so that explains the power consumption. Now to find out how I can enable throttling…

messerchmidt

i would add more ram, and maybe go asus board + eec if you have not purchased same already

_JT

I already have the Asus board. And I can't keep purchasing all kinds of hardware to just see if it works ;)

shaqan

Got the same, Asus AM1M-A, Athlon 5350, SSD

Best/Least I've managed is about 24,5W draw from wall socket (also using dual slot Intel Pro1000MT NIC).

• ECC, haven't managed getting it to work. Tried two different brands, had Hynix and Kingston's unbuffered ECC sticks lying around.

• FreeBSD, enabling CPU throttling leads to system crash (unless I disable C6 state in BIOS)

• No such issues under Linux but haven't seen lesser energy expenditure there either.

• Disabling one/two/three "cores" does not make any difference at all in power draw. Only undervolting works to an extent.

I could probably shave couple of Watts off by making the cooling passive (remove fan) but I am not sure it's worth the trouble. None of the big custom heatsinks seems compatible to fittings used with AM1 socket.