Opinions about possibly overkill setup (Qotom i5 + 8GB + 500GB ssd)
-
I'm spying the same model, configured with 8GB and a 60GB MSATA. Looks to be about $340 shipped. I have 300/20, and am interested in having an always-on VPN for at least my laptops and phones. It would be my first venture into pfsense, and I honestly don't know all that much about it, but I figure that should hopefully get me about half my line speed with VPN… Plus I like to tinker anyway. Talk me out of it? Or pull the trigger?
Thanks!
-
I'm spying the same model, configured with 8GB and a 60GB MSATA. Looks to be about $340 shipped. I have 300/20, and am interested in having an always-on VPN for at least my laptops and phones. It would be my first venture into pfsense, and I honestly don't know all that much about it, but I figure that should hopefully get me about half my line speed with VPN… Plus I like to tinker anyway. Talk me out of it? Or pull the trigger?
Thanks!
I'd say tinker on an old system first, before dishing out 340 bucks.
-
I'm spying the same model, configured with 8GB and a 60GB MSATA. Looks to be about $340 shipped. I have 300/20, and am interested in having an always-on VPN for at least my laptops and phones. It would be my first venture into pfsense, and I honestly don't know all that much about it, but I figure that should hopefully get me about half my line speed with VPN… Plus I like to tinker anyway. Talk me out of it? Or pull the trigger?
Thanks!Depends about your knowledge in networks, your current home setup and the amount of time/effort you are willing to allocate to the project. Installing pfsense & configuring it for a simple home setup is fairly straight forward. After you are up & running, you need to be a bit more careful when you tinker with it ;)
For me, installing pfsense was a small pet project because my old router (DD-WRT) was barely capable of running OpenVPN. I decided to split the routing and the AP into separate devices. Today a high end wifi router is easily $200 with limited functionality/flexibility compared to pfsense router + AP.
Before you buy it, you can consider running it on a Virtual Machine on a desktop or laptop. If you only have laptops, buy a few USB network cards on aliexpress and you can easily build yourself a pfsense that you can tinker with. After you have it fully working & happy with it….. then order the real hardware :)
-
Another doubt I have: how hard_power_off-resilient would this pfsense box be?
I'll explain.
I have set up a panel/dashboard with on/off switches each able to cut the power to a device of the network, and each labeled accordingly (modem, switch, wifi zone controller, wifi base station 1, router, NAS, etc.). Actually I figured the NAS shouldn't be easily/accidentally powered down so I removed its switch and connected the NAS straight into the UPS. (all the devices are connected to the UPS eventually)
This is all meant for "brute force" troubleshooting by the house occupants when I'm away.
Now, with regular routers, 99% of the times you can do no damage by pulling the cord, they will just spring back to regular operation once powered again.
Would a pfsense router risk to be messed up (data corruption, permissions, read only, etc.) after a sudden (intentional or else) power loss? Maybe enterprise grade SSDs with real power loss protection (not the fake one found on some consumer SSDs) could be a solution?
Should I treat it like the NAS (no easy power off switch) or like the other "indestructible" embedded devices?
Being prone to power off data corruption (and consequent need for human re-configuring) would be quite a relevant minus compared to actual off the shelf enterprise-grade routers…
-
Another doubt I have: how hard_power_off-resilient would this pfsense box be?
I'll explain.
I have set up a panel/dashboard with on/off switches each able to cut the power to a device of the network, and each labeled accordingly (modem, switch, wifi zone controller, wifi base station 1, router, NAS, etc.). Actually I figured the NAS shouldn't be easily/accidentally powered down so I removed its switch and connected the NAS straight into the UPS. (all the devices are connected to the UPS eventually)
This is all meant for "brute force" troubleshooting by the house occupants when I'm away.
Now, with regular routers, 99% of the times you can do no damage by pulling the cord, they will just spring back to regular operation once powered again.
Would a pfsense router risk to be messed up (data corruption, permissions, read only, etc.) after a sudden (intentional or else) power loss? Maybe enterprise grade SSDs with real power loss protection (not the fake one found on some consumer SSDs) could be a solution?
Should I treat it like the NAS (no easy power off switch) or like the other "indestructible" embedded devices?
Being prone to power off data corruption (and consequent need for human re-configuring) would be quite a relevant minus compared to actual off the shelf enterprise-grade routers…
It is not as indestructible as a embedded router but its less prone to failure by brute force restarting than a NAS. I've tested it by pulling the plug a few times to check its robustness once I first installed pfsense on the quotum box and all was ok. However I now have it plugged in to my UPS alongside the access point, NAS and gigabit switch.
The reason why your occupants might try brute force troubleshooting is because a device hangs and it does not respond - that is quite common with traditional wifi-router combos. However with the PFSense box you shouldn't need to do this. I've seen multiple users here with uptimes of over 300+ days. The underlying OS is super stable and will not need rebooting due to crash/hang etc. Surprisingly also after converting my wifi-router to access point only, its stability has increased, to the extend that I have not had to reboot it in weeks!
So I'd recommend that you plug it in your UPS alongside your remaining networking equipment (NAS, switch, wifi access point) and maybe leave the modem on a normal plug in case that shows any signs of instability. If your modem is stable as well then plugging into the UPS as well will give you the added bonus of having internet available even in the event of a power cut ;)
-
Thanks.
Most of the times (like, once a month) the problem
is the modem. The modem needs to be power cycled, and the easiest way is to on/off it.
But then the router sometimes fails to "handshake" again with the rebooted modem and needs to be power cycled as well.So pfsense could end up needing more (tech savvy) human intervention than a regular off the shelf router…it would be interesting to use a server-grade SSD with actual power loss protection and do a "pull the cord 100 times" test and see if it survives with intact settings...I'd be surprised if somebody haven't already tried and studied all of this in depth given some stories I read of pfsense being deployed in delicate (even critical?) situations...
By the way during power outages in my neighborhood the fiber ONUs in the street cabinets are unpowered as well so I can't connect to the internet anyway :D
-
I wouldn't think the problem would be the hardware (SSD etc) but rather the software being interrupted while writing to disk and leaving it in an inconsistent state. Possibly the use of ram drive for var & tmp would help in your case. However before doing anything, I'd check if pfsense is having the same issue as your router in handshaking with the modem or whether that was some form of issue with the router - modem itself.
-
I use a Dell R210 II Xeon Quad with HT, 24 GB ram, 480 GB SSD
all used items I had laying around, can't even hear the R210 run in the rack
And I'm currently using a Broadcom NET EXTREME II 10GB SFP Network Card
WITH 1 GB fibre, ( WAN ) to a 24 Port 10GB SFP SWITCH ( LAN ) , House is wired with 10 Gb fiber
With my ISP I typically get anywhere from 980 - 1230 and it doesn't even break a sweat :-)Used Servers are always a great way to go… cheap and fast :-)
And if you're using your PF sense router with your ISP modem your ISP modem should be in bridge mode, as a reminder.
-
Power outage resilience can best be improved by installing to zfs. UFS has more issues with power outages.
-
I built a couple of boxes with the following configuration, that have been outstanding so far…
Intel DQ77KB board + I5 Processor + 8 GB RAM -- $150 (refurbished, ebay)
Silverstone Tek case + Silverstone low-profile fan + 90W PSU -- $82
I had some old SSDs rattling around -- $0Total: $232, for a very capable pfSense box, that can also be a decent general purpose computer.
There are some old threads on the DQ77KB board on this forum as well.
-
yeah EIST has minimal affect on temps and power consumption, c-states is where the real gains are.
If you have a cpu that has turbo mode tho, then you need to enable powerd (and eist) to utilise the higher clocks, I personally run my unit with powerd set to the stock clocks as the min speed, so basically I get turbo mode alongside no throttling.