Need some opinions about what I should use for pfSense

tirsojrp

Since all options involves money you should consider an APU2C4 kit. That's a nice board too, plenty of options for future upgrades and can be used for any other purpose.

shawly

Oh wow, that's almost cheaper than buying a 16port switch or a new mobo!

I can get it on ebay with a case for 160€, since it has a SATA port, would a 2.5" SSD fit into that case?
http://www.ebay.de/itm/OPNsense-Komplettsystem-mit-AMD-APU2C4-4GB-RAM-rot-10-05-16-/182303833257?hash=item2a7227bca9:g:aKcAAOSw8w1X9Uy8

It comes with OPNsense but it should be no problem install pfSense I guess.
I probably also need an adapter to supply power to the SSD if it fits, right?

Edit: Alright after further digging there is no german site where I could buy this cable for the 2.5" drive so I guess I have to get an mSATA SSD or use a USB stick.

Edit2: I'm kinda hesitating a little, how would the APU2 compare to the ASRock Rack J1900D2Y in terms of speed? Because I've come to a point where 50-100€ more or less wouldn't really matter to me anymore, I just want a router that I can pretty much keep until the internet reaches 10Gbps, which will probably take a long time..

tirsojrp

10gbps??? not even with US$500

If you want speed go with the Asrock board.

jahonix

@shawly:

… keep until the internet reaches 10Gbps, ...

Nope, currently not realistic.
IIRC we're maxing out at approx. 4Gb/s with pretty much any hardware you run a software stack on top for routing & filtering. And that's more like server grade hardware than an HTPC or other low power devices.
1Gb/s would be a fair value - but not with an APU2. Have a look at the SG-2xyz devices in the pfSense store for that.

shawly

That pretty much means I can keep this router for the rest of my life, even better.

If I get more speed with the ASrock then I'll go with the ASRock I think.

jahonix

@shawly:

If I get more speed with the ASrock then …

As compared to what, an APU? Probably, but totally different approach.

Starrbuck

I like that ASRock board, but that's a lot of money.

I got an Asus H110M-E and an Intel Skylake Pentium G4400 for $121 (US) and added in a gigabit quad-port Ethernet server card for $32 on eBay.

whosmatt

@shawly:

So as far as I've read, Realtek NICs are pretty wonky and people recommend using Intel NICs so I guess all my solutions are somewhat unreliable because I'd have Realtek NICs with every setup. I know that some people don't have any problems with their Realtek NICs, but it's the same thing like using ZFS without ECC RAM, it can work but it's like riding a bike without a helmet.

It's not like that at all.  Using ZFS without ECC RAM is indeed like riding a bike without a helmet;  eventually you're going to crash but the helmet provides protection.  Using pfSense with Realtek NICs is more like riding a mountain bike on the road vs a road bike;  one of two things will happen:  Either you'll work harder to go the same speed, or you'll simply be limited in your top speed, but usually a combination of both.  But the mountain bike will get you there; just as Realtek NICs will work.  If your WAN speed is less than a few hundred Mbps I bet you won't be able to tell the difference.

shawly

Wonderful comparison haha, thanks for clearing this up for me. ;D
My current connection is indeed below 100Mbps, but I want to move out of my current apartment and I also want a router that I can pretty much keep for the rest of its or my own lifespan. And even though 1Gbps is not pretty common in most areas in my country, I still want to be able to achieve that speed if I ever get my hands on such a connection.

I've configured myself some builds ranging from 230€ to 330€ without a CPU since I still have a Pentium G3258 lying around. If I pass on IPMI I could get a single NIC board with an additional Intel Desktop NIC for around 230€, for around 300€ I could get the ASRock Rack I mentioned before, which would also be a fully passive build and for 30€ additional bucks I could also get a Supermicro board with ECC RAM since the Pentium supports ECC, that would also be a small safety feature and I'd have IPMI included.

I'm actually even tending to get the latter, since I really like the Supermicro IPMI, because I already got a Supermicro board in my homeserver, only thing speaking against this would be the CPU cooler which I don't want to be passive on a 53W TDP.

jahonix

@shawly:

…I also want a router that I can pretty much keep for the rest of its or my own lifespan...

Huh, you must be at least 75+ then.
We're talking about technology that's still bound to Moore's Law. In 5 years you can get hardware that has a multitude of today's benchmarks or that draws significantly less power with the same number crunching capabilities.
It just doesn't make sense to buy hardware today that's supposed to last for the next decades. Completely unrealistic.

whosmatt

jahonix is right.

Going back to your OP, I'd suggest grabbing a cheap "smart" switch (you can get a 5 port TP-Link for $30USD; I'll leave the currency conversions to you) and experimenting with your current hardware.  You'll have a functional router at that point, and will get to learn a lot about pfsense and networking.  I'd wager it will perform quite well with your current connection and probably a lot more.  If you decide that route (no pun intended) isn't for you, you're only out a little bit of cash.  The Realtek driver supports hardware VLAN tagging, and the Pentium G3258 is fast enough to make up for any shortcomings up to a point much higher than your current WAN speed.

shawly

@jahonix:

@shawly:

…I also want a router that I can pretty much keep for the rest of its or my own lifespan...

Huh, you must be at least 75+ then.
We're talking about technology that's still bound to Moore's Law. In 5 years you can get hardware that has a multitude of today's benchmarks or that draws significantly less power with the same number crunching capabilities.
It just doesn't make sense to buy hardware today that's supposed to last for the next decades. Completely unrealistic.

I actually didn't mean it like that literally, I'm not that old, lol. I know I could save a 100 bucks if I go with the cheaper options but I'm a fan of IPMI and Germany only provides high bandwidth connections in some parts of bigger cities and I don't expect that'll change soon. That's why I think I can keep that router for a pretty long timespan even if you can get 4Gbps connections in five years, I don't think that'll happen in my area as soon as it's possible.

It's also for self satisfaction, since I don't really need a new router, but I want one because I'm interested in pfSense and I currently don't like the custom firmware router I currently use, I want to have freedom. I could technically use my homeserver to host a pfSense machine and pass through a NIC via VT-d, but if I ever shut down my server or just the VM then my DNS and DHCP server would also be down so I couldn't use the internet while my server is in maintenance so I'd need a fallback DNS.

And I just like I said, it feels so satisfying to get new hardware and put it to use. ;D I definitely think this route is for me, I already tinkered around with a virtual pfSense machine and I like having so many possibilities which I don't have with my current router. I'm also not a complete newbie if it comes to networking, I'm employed as a software developer and we also had basic networking in school during my apprenticeship.

whosmatt

@shawly:

It's also for self satisfaction, since I don't really need a new router, but I want one because I'm interested in pfSense and I currently don't like the custom firmware router I currently use, I want to have freedom. I could technically use my homeserver to host a pfSense machine and pass through a NIC via VT-d, but if I ever shut down my server or just the VM then my DNS and DHCP server would also be down so I couldn't use the internet while my server is in maintenance so I'd need a fallback DNS.

And I just like I said, it feels so satisfying to get new hardware and put it to use. ;D I definitely think this route is for me, I already tinkered around with a virtual pfSense machine and I like having so many possibilities which I don't have with my current router. I'm also not a complete newbie if it comes to networking, I'm employed as a software developer and we also had basic networking in school during my apprenticeship.

You just answered your own question.  If you like tinkering with hardware and networking, go for it!  You have a lot of options available to you, most of which you detailed yourself.  All will work just fine IMO.  Just a matter of how much money you want to put in to start with.  Whatever you decide, hope you have fun with it.

shawly

@whosmatt:

You just answered your own question.  If you like tinkering with hardware and networking, go for it!  You have a lot of options available to you, most of which you detailed yourself.  All will work just fine IMO.  Just a matter of how much money you want to put in to start with.  Whatever you decide, hope you have fun with it.

Yeah I pretty much did haha, but nontheless I still wanna thank all of you for your patience and your help!  :)
I've looked a little more and if I'd go with the Pentium G3258 build it would consume a lot of power compared to a SoC board and because I like the Supermicro boards I've decided to go with the Supermicro X11SBA-LN4F since it has an even lower power consumption and even four Intel I210-AT NICs, so I could even try out dual WAN if there is a chance that my next apartment has cable and VDSL or better. :)

Guest

options the ASUS Q87T and the Gigabyte GA-Q87TN

ASUS Q87T you will need the lastest BIOS F4, pfSense is running well on it.
GA-Q87TN is not really flawless running with pfSense on it.

APU2C4 will be nice to play with for a longer time
Jetway NF9HG-2930 will be the next fine running appliance
AxiomTek NA342 or NA361 will be coming nearly to this above.