Want small form pc for pfSense … recommendations

Guest

Hello,

My main need is an OpenVPN server so I can pass through it for secure internet

Please read an answer from @gonzopancho here in the forum related to exactly this point, Link

Also, I want to explore snort and other features without worrying about processing power.

Snort, Squid, + SquidGuard, AV Scanning, VPN,…....
Better to know all first really all about your needs and wishes, not to run in a trap

I want overcapacity, but not something too expensive.

Likes all others, 100 MBit/s Internet, VPN and all other on top for $50,
but as I see it right this will not even really work.

Also, low power requirements are wanted.

There are some of them out know, really enough power but
power saving also. Intel´s C2xxx series could do this job.

Is there a Zotac model that would work? What about other brands? What processor, how much ram, anything else is suggested?

• VK-T40E pfSense Security Gateway Appliance from the pfSense Shop based on an
  Alix APU Board really enough for 50 - 100 MBit/s
  But without AES-NI and Intel´s QA!
• Supermicro Mainboard with a C2358 CPU
  Not a power saving firewall, but powerful
• SG-2440 pfSense Security Gateway Appliance from the pfSense Shop
  Really wicked firewall that matches all your needs and power saving, but not cheap
• Supermicro Mainboard with C2358 and 8 GB ECC RAM would be also matching
  But a case and some other things are also needed on top

So as I see it right a CPU with AES-NI and/or Intel´s QA or a Atom C2xxx CPU
with 2 -8 GB RAM and Intel NICs or LAN Ports would be great for you.

In my eyes it is better for to save some money for over some month and then buy
a SG-2440 pfSense Security Gateway Appliance, this will be running for years for
you well and saving power on top also.

Guest

Thanks. Lots to think about.

NOYB

Take a look at the Intel NUC.  Think there is one with dual Ethernet.

Wolf666

@NOYB:

Take a look at the Intel NUC.  Think there is one with dual Ethernet.

Intel NUC5ix series, latest with 5th gen i3/i5/i7 is single ethernet only. You can mod using a different case and using pci slot to fit the second ethernet adapter.
I own NUC5i3RYH.

NOYB

Maybe this is what I saw.  Not sure if this is considered a NUC, but it does have to RJ45 connections.
http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007

Or I may have been thinking Thunderbolt NIC adapter.

Personally though I'd settle for single NIC and VLAN unless there is specific requirement for no VLAN or bandwidth constraints.

Supermule

Better to go with 2 seperate NIC's than VLAN's. You can always VLAN the LAN part to get things seperated…

I prefer the WAN and LAN on 2 seperate physical interfaces. Even if its running virtualized....

Guest

The suggestions here have been helpful. I think I'm going to have to spend a few bucks but less than $400 if I'm careful. I will either build one using the suggestions here about the motherboard that has the new Intel Rangeley chip and Intel nics or explore a Jetway small form PC that will need memory and a drive. I read about them elsewhere and they appear to have some capabilities … but not all models have Intel nics so care is needed in the selection.

It's been a long time since I built a PC so it might be fun to build a router.

Is a small form case just a case or are there specs to look for?

Regarding ram, 4GB or 8GB? The cost is negligible. With a router is there any advantage to having a reserve of ram?

I have a spare 2.5" 500GB drive, but a small SSD is cheap. Any pros or cons to either? 32GB ok?

jahonix

snort and Suricata are memory hogs. Point to 8GB for that, otherwise 4GB is completely sufficient.
Personally, I don't like running HDDs in my routers as they have moving parts. A small SSD is fine even though there won't be much of a speed improvement.

Wolf666

I suggest Supermicro MB with C2558 or 2758, 8GB to run Snort and pfBlockerNG. A small SSD is fine. On the market there are a lot of cases available, both fan and fanless. Such a setup will secure your future bandwidth upgrades, up to 1000Mbps. With upcoming OpenVPN supporting in full AES-NI it will be the standard.

Guest

Umm, I used some left over computer parts from a PC upgrade to build mine. It is a larger build but then again, it is rack mounted with my server. I used a Asrock z77 board, i5 CPU, 2x2 gig ram, an old 1TB HD, 2 x Intel EXPI9400PTBLK network cards and 2 Emulex 4GB LPE 1150-E fiber cards. I am running pfsense and snort with NO memory lag as mentioned by a previous poster. Overall system performance will be determined by the quality of the hardware. If you looking for a low power system then maybe 8 gig is necessary. If not concerning with physical size then 8 gig may be overkill. Just as with an SSD which again is overkill

Supermule

Use Innodisk DOM for the drive instead of a normal HD.

Evad

You could seek out the local electronics recyclers. 3 to 5 year old PC's can be had cheap. For me my first pfSense box was a $50 Dell 760 small form factor core2, 4gb ram. I added a 2.5 40gb hd. I scored a NC360T dual nic cheap.
Then you can decide later how much power you need and what you want to spend on low power vs hp. You may even run into a stack of old firewalls you could revive with pfSense.

Unfortunately, visiting a place like that can be habit forming. I need special permission from my significant other just to drive by the place..