A $200 Budget - Recommendations?
-
Greetings all. I'm new here, but no stranger to a diy router. For a good number of years I ran m0n0wall, DD-WRT, and Tomato on a variety of setups. I would like to return to a something akin to m0n0wall, pfsense, etc.
First order of business is getting the hardware for pfSense, and I would appreciate your help.
Budget:
- $200
Requirements:
- Power: Low - i.e. sub 10 watts if at all possible.
- Packages: For Sure: VPN
- Packages: Other: I have no idea yet what other packages I might like to use with pfsense; this aspect is a work in progress for me. I come from a tech background, so I'm likely to try things out and use other packages over time.
Users and Devices:
- Users: 2
- Devices Total: 5
- Devices Typically Running: 2 or 3
Connection Speeds:
- Current Speeds: Around 100/10 or a little more (current setup handles this fine).
- Future Speeds: I would like to find hardware that performs better than the above. I know "better" is a relative term :). That said, how much better can I do?
Cheers.
-
APU2D4 is already good enough
-
APU2D4 is already good enough
Thanks for the reply.
I'm only a little familiar with PC Engines products, but I'm definitely interested.
If you have time, here are several questions that come to mind:
-
I don't currently see a apu2d4, just the apu1d4 and apu2c4. Is a apu2d4 available (apologies if I'm missing the obvious)?
-
While I've read some information about these boards, any guess on what kind of throughput I would see with and without VPN?
-
Is it best to order directly from PC Engines (or via a reseller)?
-
Are there any good reviews or opinions on these boards that you could point me to, that discuss positives and negatives?
-
I see that AES-NI is a feature, but I'm guessing it lacks Intel QuickAssist, is that correct?
-
Anything else that would be good for me to consider when building a pfsense system, that I would be sacrificing or limiting myself by heading this route?
-
-
1. The only difference between the APU2C4 and the later coming APU2D4 would be software changes (BIOS Firmware), which can easily be done on the C4.
2. There is currently a german thread https://forum.pfsense.org/index.php?topic=101373.0 which shows some VPN benchmarks, also i have seen several posts about the performance in other threads.
3. You can't order directly from PCEngines since you need to be a reseller yourself, so just order from a reseller from this site http://www.pcengines.ch/order.php.
4. Same as point 2, most people are very positive about this piece of hardware.
5. Right, at this point pfSense doesn't support QuickAssist but it would be later.
6. You can't reach 1Gb/s with VPN or some packages activated. -
1. The only difference between the APU2C4 and the later coming APU2D4 would be software changes (BIOS Firmware), which can easily be done on the C4.
2. There is currently a german thread https://forum.pfsense.org/index.php?topic=101373.0 which shows some VPN benchmarks, also i have seen several posts about the performance in other threads.
3. You can't order directly from PCEngines since you need to be a reseller yourself, so just order from a reseller from this site http://www.pcengines.ch/order.php.
4. Same as point 2, most people are very positive about this piece of hardware.
5. Right, at this point pfSense doesn't support QuickAssist but it would be later.
6. You can't reach 1Gb/s with VPN or some packages activated.Much appreciated. I was also able to read through a good number of posts on these forums since my last post here. My knowledge is slowly growing.
As far as ordering goes, the PC Engines site states that they sell to business customers only in the EU, but no such message is stated if you're in the US. It reads like I can directly order this if I'm in the US. Am I right about that?
-
Sure you can, but don't forget the VAT, Shipping Cost and RMA procedure if your order in Switzerland.
If you buy at a US reseller it would ship faster, you also have VAT already included and if something is wrong with the board you RMA at the reseller not at a Swiss company. -
Had bad experience with cheap chinese J1900 pfsense 4LAN box from pondesk, wouldn't buy again.
So far, the SG-2440 is expensive but works like a charm for me.What about a dual LAN mini-itx board ?
-
pfSense is a x86 and FreeBSD based firewall and so the number of packets will be really important
for that doings.Budget:
- $200
Poor and small, but related to your needs and named wishes and the VPN usage (not the packets)
it would be the best to go with the new PC Engines APU2C4 in my eyes. Send from Germany to the
USA with tax and transportation cost or shipping fee, it was something around ~$173. Together
with a mSATA and or WiFi card it could be fine matching your needs and wishes.- Intel Ports
- Quad Core CPU
- AES-NI inside
- power saving
- matching your budget!!!
PC Engines APU2C4 from Varia-Store
Perhaps an Intel N3050, N3150 or N3700 will be coming nearly to that budget but then also
only with AES-NI and no Intel QuickAssist!AES-NI and Intel QuickAssist will be able to get and starting from the SG-2440 units upstairs
and on the Supermicro C2x58 boards. And not for $200! -
Lots of nice suggestions here. Here's what I have at under your budget and performing quite well for your intended uses. I don't see your WAN speed in the thread, but perhaps I missed it. EDIT: nm, I'm a dolt. 100/10 is fine for this, and probably 4x that.
Keep in mind, I didn't buy any of this hardware with the intent to build a pfsense machine out of it. Originally it was a HTPC. Performed well at that too.
Motherboard: MSI AM1i (Currently $35 at newegg with a rebate, $40 without)
CPU: AMD Sempron 2650 (Currently $29 at newegg)
RAM: Mushkin 2x2GB DDR3 that I had lying around from a previous project. 2GB will be fine, maybe ~$11
NIC: HP N360T dual port PIC-E low profile with Intel chipset. I think I paid $20 on ebay.
Storage: Some old laptop hard drive I had lying around.
Case/PSU: Antec ISK 310-150. $75.The case is the thing I like the least about my current build. It's bigger than necessary and actually would make a better SFF desktop PC. But it's what I have. Could probably find something more suitable and use a pico psu.
Anyway, total cost $175 or so without storage (Hell, you can use a 4GB flash drive) and it does about 700Mbps on iperf and 90Mbps on OpenVPN benchmarks floating around this board. The motherboard is socketed, so replace the Sempron 2650 with Athlon 5350 for $20 more and you have quad cores at 2GHz instead of 2 at 1.4GHz. Both CPUs have AES-NI. RAM is cheap, and the board has 2 slots and can support I think 32GB.
It's not fanless, but it's quieter than the drobo it sits next to. And definitely draws more than 10 watts but not a ton and I haven't yet put my Kill-a-watt on it. My next one will probably be a purpose built fanless system, but for the price… and it's been rock solid. Zero problems.
If I were in your shoes I'd explore the fanless embedded stuff first, but I'd also probably spend more doing so.
-
if you can extend your budget, zoltac ci323 based build is a good choice. 8gb ram and a 128gb ssd. maybe a laptop cooler below to cool it.
https://www.amazon.com/ZOTAC-Quad-Core-Graphics-Barebones-ZBOX-CI323NANO-U/dp/B0179S50UU
-
If the budget will be expandable to something likes ~$350 - $399 I would better go with another set up;
- Jetway NF9HG-2930 ~$200
- 2 x 4 GB ~$40
- mSATA ~$60
- WiFI ~$40
- M350 case ~$40
- PSU ~$15
– ~$395 with WiFi and 60 GB mSATA SSD
-- ~$330 without WiFI and 32 GB mSATA SSD and only a $10 PSUNo AES-NI and Intel QuickAssist, but powerful enough to built a strong small UTM device that is
power saving and silent or fan less. It is able to route without PPPoE nearly 1 GBit/s at the WAN
and together with PPPoE nearly >500+ MBit/s and running Squid, SquidGuard, SARG and Snort
will be also on top of this able to realize without any pain! OpenVPN and IPSec is not really pimped
or tuned by that hardware but nearly ~100 MBit/s - 200 MBit/s would be enough for sending taken
photos from the smartphone or camera to the home network NAS or storage.It comes with 4 Intel LAN Ports (NICs) and works well with PowerD (hi adaptive) and TRIM enabled.
The mubuf size can be highed up to 1000000
