Hardware recommendation for home use

trans

Hi

I`m changing ISP and going from 10/1 Mb coax to optic 100/20Mb.

Now I`am using thin client with VIA C7 Processor 1000MHz, nanobsd (1g) image. Single WAN and single LAN (1Gb LANs via switch).
Connected to MikroTik switch RouterBOARD 260GS and access point RouterBOARD hAP lite.

There are two users using OpenVPN with AES.

I think this system is not good enough for optic so it is time for upgrade.

I don`t want to go overboard with build but would be nice to have multiple Gb LANs and wifi on router so I can use less devices.
I prefer small, silent type PC.

Should I go for i3 or some kind of fan less pc ? What pc/cpu would you recommend and why ?

thanks

ikkuranus

That's fairly mediocre as far as fiber connections go. I'd try it before buying something.

jgiannakas

Newbie with pfsense here but done quite a bit of research before buying so hope it helps.

CPU:
To max out a gigabit connection if you are considering running any packet filtering / packet inspection services, like snort & having high VPN usage you need a relatively beefy CPU. Also for future proofing and optimal OpenVPN performance you will need an AES-NI capable CPU as the version after 2.4 will work only with CPUs with that instruction set. A Core I3-4005U would be ideal for low to moderate loads (no packet inspection) with a Intel Core i5-5250U being more comfortable with higher loads and complex snort rules. Both support AES-NI so both should work for a decent while. That said for a 100/20 connection the i3 would be more than enough.

NICs:
Intel NICs work well in contrast to Realtek that are reportedly not so great. So I would aim for a board that has them integrated.

Disk:
If you are not running any local caching a 32gb minipcie SSD or even a USB stick would be enough. If you do need to run a local proxy, then you will need a large, high quality SSD to serve files as fast as possible.

Memory:
In a home setting, even with snort running and multiple clients and snort running you should not have a practical need for anything over 4GB ram.

WiFi on router:
Dont, just don't do it. Any WiFi N/AC access point would be a better solution. I am using my R7000 in access point mode and getting real world 650-750mbps transfers through it to my LAN and WAN from my MacBook Pro. WiFi support in pfSense/BSD is not comparable to a dedicated access point so do yourself a favour and buy a decent one especially if you have any WiFi AC capable devices.

Personally having assessed my needs (1Gbit symmetric fiber and wanting the fastest speed I could get) I went with the Core i5-5250U, 4gb ram, 32gb SSD in a fanless enclosure from Aliexpress (Qotom Q355G4). It consumes about 12-15 watts while at low load and spikes to 20-25watts when downloading at gigabit speed. Running 3x OpenVPN servers on it for remote access for me and family and a light touch Snort configuration and the router is sitting mostly idle, spiking to 50-60% when downloading at gigabit speed.

If you are intending to stay on a 100/20mb connection I would go with the i3 posted above (Qotom Q330G4). It will be more than enough for what you intend to use it for. However as the difference between the i3 and i5 is ~40 USD the i5 is better value in my opinion. The i5 config would set you back about 260USD which in my opinion is dirt cheap for a super capable router. If you intend to use local caching bump up the hard drive to 128gb SSD and memory to 8GB (326USD for the i5 and 290USD for the i3)