SFF for pfSense
-
To get a really definitive answer you'll need to post what exactly you want to run, what packages (IPS, VPN, etc.), how many users, how much bandwidth, etc.
That being said, it's probably safe to say that your setup will meet most things you'll throw at it. More than likely an i5 with AES-NI for a router is dramatic overkill to say the least.
-
Fair enough on the i5 but the prices of those J1900 class mini-appliances I said why not? I want to be able to keep VPN going most if not all the time and get as close to full speed on my gig connection.
-
Yeah j1900 would be very disappointing for you on VPN.
Gigabit does require decent equipment and trying to get gigabit VPN can be tough depending on the type of protocol you use. OpenVPN is generally considered the most secure but is single threaded and CPU intensive.
I don't know how fast you'll get on the VPN but I'd be interested to hear how it goes.Check out an i340 or i350 NIC, the more work your NIC can offload your CPU the better for your VPN throughout. They can also be had of eBay, used or Chinese knockoffs are fine for home user, many on the forums have had great success with them.
-
I believe that the HP cards are i340/i350 cards just re-branded as HP.
-
yeah you're right, it looks like they are i340's.
I'm interested to hear what performance you get!
-
I should be able to put the PC together tonight and maybe install pfsense tomorrow. I'll have to figure out how to test this so I can publish performance figures. I just found a G3220T that I had forgotten about. I'll test both of them. I almost bought a NC375T until I found out that it doesn't have an intel chipset.
-
I should be able to put the PC together tonight and maybe install pfsense tomorrow. I'll have to figure out how to test this so I can publish performance figures. I just found a G3220T that I had forgotten about. I'll test both of them. I almost bought a NC375T until I found out that it doesn't have an intel chipset.
NC364T for a 4 port or NC360T for a 2 port are what you want. Both are based on the Intel 82571EB chipset and come with low profile brackets (but make sure the seller includes them).
-
I have the NC360T for the pfSense box and the NC365T for the ESXi box. Turns out the Core i5-3470T was bad so I returned that. I found an i3-3240 so I threw that in. I'll finish the build this weekend and I'll see if I'm happy with that chip. If not I'll keep my eye out on ebay for a 35w I5.
-
What was so bad about it? Was the CPU actually defective or was performance no good?
If you're looking for respectable encrypted VPN throughput then the 3240 is likely not going to impress you as it has no AES-NI at all.
Encryption performance is highly dependent on AES-NI, hardware or software that doesn't support it will cause performance to decrease dramatically.
It's also worth noting that AES-NI from 2012 is not the same animal as AES-NI from 2017. If VPN is disappointing you but performance is good elsewhere, you might be better suited by a modern CPU. -
It was defective. I just happen to have an i3-3240 gathering dust (and I did notice that I needed to go to the i5's to get AES-NI) so I'm throwing that in for now until I can find a decent deal on another i5-3470T. I'm currently using the SFF as a test box and so far so good. I got EXSi 6.5a and ProxMox installed on it with no issues (separate SSD's I have a bunch of small ones 60-100GB) so I'll use it to test a few different firewalls. If I get solid performance from it I'll use it as my firewall/gateway. If not I'll just keep running pfsense in a VM like I am now (current server has L5640 cpu's and I have no performance issues, the upgraded virtualization servers have E5-2670s). Either way I think I'll keep my eyes on good deals on these SFF's since they make nice small ESXi servers.