Pfsense hardware for home
-
What was the packet size in their test?
I found in https://www.lancom.de/fileadmin/download/documentation/Techpaper/TP-Routing-Performance-9.10-EN.pdf some tables (tcp and udp) with paket size, but I don't know which is a normal paket size.
http://www.ebay.com/itm/Rackable-Tyan-2U-Low-Noise-Home-VMWare-Server-2x-E5620-Quad-Core-48GB-8x-2-5-/131891130624?hash=item1eb552f100:g:H-MAAOSwx-9WxSXE
Unfortunately, this is no option, because of the power usage.
-
so I decided… for me pfSense is a really great firewall :)
back to hardware:thank you very much for answers.
I'm found https://geizhals.de/gigabyte-brix-gb-bsi3hal-6100-a1426577.html
Does this have enough power?needs dual nics, and this one does n ot have same.
it is a Intel I219-LM and a Intel I210-AT.
why is that a problem?The advantage of the Gigabyte Brix is that I don't have to assembly of parts (only ram and ssd).
https://www.amazon.de/GIGABYTE-N3150N-D3V-Intel-DDR3-16GB/dp/B01ALSQA2W
or is this the best option for me? are there problems with this mainboard and pfSense? (https://forum.pfsense.org/index.php?topic=115567.0 ??)
Are the Realtek Lans a disadvantages? -
Are the Realtek Lans a disadvantages?
For a 1Gbps WAN connection, probably. For that reason alone I would not consider a solution with Realtek NICs. If you can stomach a mini ITX system with at least a PCIe x4 slot your options become wide open since you can add a cheap (used) server class dual or quad Intel NIC. Otherwise you'll have to search for a board with integrated Intel NICs. And Intel is not the only option in server class NIC hardware, just the most common. I've had good luck with Broadcom as well but you're not likely to find those in a small form factor board.
-
my build below only ran me about 400 dollars and it runs extremely smooth on my internet with snort, pfBlocker and OpenVPN for my 150/150 mbit connection.
pfSense i7-4510U + 2x Intel 82574 + 2x Intel i350 (miniPCIE) Mini-ITX Build
https://forum.pfsense.org/index.php?topic=113610.0 -
would this a good configuration for pfsense?
- Case: SC101i (Supermicro)
- Intel
Pentium Processor N3700 - X11SBA-LN4F Supermicro
- 8 GB S0-DDR3
- Kingston SV300S37A/60G SSDNow V300 interne SSD-Festplatte 60GB
-
would this a good configuration for pfsense?
- Case: SC101i (Supermicro)
- Intel Pentium Processor N3700
- X11SBA-LN4F Supermicro
- 8 GB S0-DDR3
- Kingston SV300S37A/60G SSDNow V300 interne SSD-Festplatte 60GB
You will be able to push gigabit speeds with this setup, but you wont be able to get 100mbits over OpenVPN (most likely).
-
pfSense i7-4510U + 2x Intel 82574 + 2x Intel i350 (miniPCIE) Mini-ITX Build
did you test the power usage?
You will be able to push gigabit speeds with this setup, but you wont be able to get 100mbits over OpenVPN (most likely).
thanks! Is 50 Mbits OpenVPN possible?
Another configuration (which is available in Germany and without assemble):
- Intel Celeron N2930 4-Core 2,16 GHz 2MB
- 2x 1 GBit/s LAN (RJ-45) Intel 82583V
- 8 GB DDR3 1600 LV SO-DIMM ATP
- 80 GB SATA III Intel SSD MLC 2,5“ (DC S3510)
–> Unfortunately, no AES
Is that better?
-
pfSense i7-4510U + 2x Intel 82574 + 2x Intel i350 (miniPCIE) Mini-ITX Build
did you test the power usage?
You will be able to push gigabit speeds with this setup, but you wont be able to get 100mbits over OpenVPN (most likely).
thanks! Is 50 Mbits OpenVPN possible?
Another configuration (which is available in Germany and without assemble):
- Intel Celeron N2930 4-Core 2,16 GHz 2MB
- 2x 1 GBit/s LAN (RJ-45) Intel 82583V
- 8 GB DDR3 1600 LV SO-DIMM ATP
- 80 GB SATA III Intel SSD MLC 2,5“ (DC S3510)
–> Unfortunately, no AES
Is that better?
50mbps over openvpn should be possible.
OpenVPN does not support AES yet anyway - it should support it soon.
I built a similar machine with an i7 for less than 500 usd.
https://forum.pfsense.org/index.php?topic=113610.msg631641#msg631641
-
You might want to take a look at the current APU2:
http://pcengines.ch/apu2c4.htmIt doesn't reach wire speed when forwarding with rules, but around 650Mbit.
It easiely does 100Mbit openvpn. -
Maybe you'd consider sth like this:
Barebone:
http://geizhals.de/shuttle-xpc-slim-xh110v-pib-xh110v11-a1408110.htmlCPU (i3 Dual-Core with SMT):
http://geizhals.de/intel-core-i3-6100-bx80662i36100-a1329935.html?hloc=at&hloc=deRAM (dual rank 2x4GB):
2x http://geizhals.de/crucial-so-dimm-4gb-ct51264bf160b-a673173.html?hloc=at&hloc=deand f.i. a 120 GB MLC SSD (240GB+ would be even better looking at current GB-per-€ ratio…all depends on how much you are willing to spend):
http://geizhals.de/sandisk-plus-120gb-sdssda-120g-g25-a1218323.html?hloc=at&hloc=deTotal: ca. € 380,-
If you go for a 2-core CPU without SMT, like an Intel G3900 (supports AES-NI as well), you'd be at € 300,- total.
Small, easy to install, PSU included, 2x Intel NIC included...I would have bought sth like that, if I'd build it from scratch. Or at least sth in the same size.
-
You might want to take a look at the current APU2:
…
It easiely does 100Mbit openvpn.is the "AMD Embedded G series GX-412TC, 1 GHz quad" for openvpn better than as an Intel Pentium Processor N3700?
CPU (i3 Dual-Core with SMT):
http://geizhals.de/intel-core-i3-6100-bx80662i36100-a1329935.html?hloc=at&hloc=deUnfortunately, the TDP is very high (TDP: 51W)
I've found the Supermicro A1SRi-2358F and X11SBA-LN4F Mainboard:
Supermicro A1SRi-2358F ( Intel Atom processor C2358):
- 1,7 - 2 Ghz
- 2 Core
- Intel QuickAssist
- AES-NI
- ECC Ram possible
Supermicro X11SBA-LN4F (Intel Pentium Processor N3700)
- 1.6 GHz - 2.4 GHz
- 4 Core
- no Intel QuickAssist
- no ECC RAM
so which Mainboard should I use for my configuration?
-
is the "AMD Embedded G series GX-412TC, 1 GHz quad" for openvpn better than as an Intel Pentium Processor N3700?
I have a hard time believing that the AMD would be faster. Even at the same clock speed, the Intel chip will beat the AMD in pretty much any task. Both CPUs support AES-NI.
For reference I'm running an AMD CPU with 2 Jaguar (same architecture as the GX-412TC) cores at 1.45GHz. I'm still tweaking, but currently getting about 80Mbps over OpenVPN. That's with AES-NI enabled. I think it should do better, but that's the best I've achieved so far. OpenVPN is single threaded, so the core count doesn't matter in this case.
-
I've found the Supermicro A1SRi-2358F and X11SBA-LN4F Mainboard:
Supermicro A1SRi-2358F ( Intel Atom processor C2358):
- 1,7 - 2 Ghz
- 2 Core
- Intel QuickAssist
- AES-NI
- ECC Ram possible
Supermicro X11SBA-LN4F (Intel Pentium Processor N3700)
- 1.6 GHz - 2.4 GHz
- 4 Core
- no Intel QuickAssist
- no ECC RAM
so which Mainboard should I use for my configuration?
Between those two I'd choose the X11SBA-LN4F. ECC isn't really necessary for an application like pfsense. QuickAssist support is on the radar but won't help you now. I'd choose the N3700 for the higher turbo clock speed and additional cores.
-
Between those two I'd choose the X11SBA-LN4F. ECC isn't really necessary for an application like pfsense. QuickAssist support is on the radar but won't help you now. I'd choose the N3700 for the higher turbo clock speed and additional cores.
thank you very much! Did you test the openvpn performance?
-
Is a SG-4860 enough for 250 Mbit openvpn throughput ?
-
Between those two I'd choose the X11SBA-LN4F. ECC isn't really necessary for an application like pfsense. QuickAssist support is on the radar but won't help you now. I'd choose the N3700 for the higher turbo clock speed and additional cores.
thank you very much! Did you test the openvpn performance?
I don't own the N3700, so no. I'm just going on what I know about OpenVPN. The N3700 is a faster CPU than the C2358 and thus will provide better OpenVPN performance. I can't say in absolute terms how well it will perform, though.
-
Is a SG-4860 enough for 250 Mbit openvpn throughput ?
take a look here: https://forum.pfsense.org/index.php?topic=115673.0
I dont think it will safely push that much bandwidth. Based on the PassMark benchmark, its about half the capacity of the i7-4510U - I can push about 300mbps OpenVPN theoretically when my CPU is set to CMax (turbo at 3.0ghz)
i7-4510U PassMark: https://www.cpubenchmark.net/cpu.php?cpu=Intel+Core+i7-4510U+%40+2.00GHz
C2558 Atom CPU PassMark: http://www.cpubenchmark.net/cpu.php?cpu=Intel+Atom+C2558+%40+2.40GHz -
- Intel Pentium Processor N3700
- X11SBA-LN4F Supermicro
- 8 GB S0-DDR3
- Kingston SV300S37A/60G SSDNow V300 interne SSD-Festplatte 60GB
is it possible to use Snort with this config?
- Intel
-
- Intel Pentium Processor N3700
- X11SBA-LN4F Supermicro
- 8 GB S0-DDR3
- Kingston SV300S37A/60G SSDNow V300 interne SSD-Festplatte 60GB
is it possible to use Snort with this config?
Yes, snort and pfblockerng will work and love the 8gb of ram
- Intel
-
- Intel Pentium Processor N3700
- X11SBA-LN4F Supermicro
- 8 GB S0-DDR3
- Kingston SV300S37A/60G SSDNow V300 interne SSD-Festplatte 60GB
is it possible to use Snort with this config?
I got a miniPC with the Celeron N3150 as home router with a fiber connection 100/100
I've added 8GB RAM and a 120GB SSD (not easy to find less). Total cost was about $220.
It has two Realtek NICs, maybe I'm lucky but I've never seen lost packets in four months.
I'm really satisfied, it's capable to run snort, pfBlocker and the OpenVpn client to PIA smooth as silk.
No problem to reach the full line speed in OpenVPN.
Intel N3700 it's a little more performant than N3150 so I think you should easily reach 130Mbs in OpenVPN. - Intel
