Reusing hardware for pfSense

Jacopx

Buongiorno a tutti! ;)
I'm a software engineer with a passion for networks. I have in my home a little server for Plex, Gogs and for data storage I'm you a Raspberry for Pi-Hole, PlexPy and OpenVPN too. I really like to made solution by myself (of course, I'm an engineer).
My home WAN is and FTTH for 1 GbE (D:720-U:190 [Mb/s]), my LAN is of course 1 Gbe… I want to add a pfSense Router/Firewall to have more control about the environment.

Being my first experience with pfSense I don't want to spend money if I'm not sure of the product. I have dusted my old old gaming pc it's and this are the specs:

MOBO: Gigabyte GA-MA790X-DS4
CPU: AMD Athlon 64 X2 6400+ (3.2Ghz)
RAM: Kingstone Hyperx DDR2-4gb

with a new SSD is this system enough power for managing a 1 GbE WAN. I'm going to use OpenVPN to connect from the outside to my home but, the most of the time, with a connection slower that my home one for SFTP connection.

If this solution is not enough what are you suggesting me? My first problem is related to the power consumption of the system, is possibile to keep it under 40Wh* with my solution or with a worked one?

*The home is free for the 7:00AM to the 7:00PM the most of the time is used by 4 people, surfing, Netflix or sometimes gaming.

Thanks for you help!  ;)

whosmatt

I think you should try your current hardware first.  At the very least that will give you a chance to evaluate pfSense with minimal expense.  Decide whether you like the software (I expect you will) and if the performance isn't quite where you want it to be, but the software is to your liking, then you can consider the next step of purchasing new hardware or a dedicated appliance.  You don't need an SSD; use any old hard disk you have lying around.  If you don't have a hard drive to reuse, I'd of course recommend a small SSD, but it's not strictly necessary.  Good luck and have fun tinkering!

Jacopx

@whosmatt:

I think you should try your current hardware first.  […] Good luck and have fun tinkering!

I will try tonight! ;)

gjaltemba

Your hardware list includes only a single onboard ethernet port. How do you plan to connect pfSense to your wan and lan?

stephenw10

Could use VLANs for extra tinkering fun.  ;) I suspect he has spare NICs though. Choose in Intel based card if you have a choice.

Steve

Jacopx

@gjaltemba:

Your hardware list includes only a single onboard ethernet port. How do you plan to connect pfSense to your wan and lan?

I'm not Crazy, i have 3 spare NICs

I have configured everything. Tomorrow I will try with the Gigabit.
I'm sure that I will need to buy new parts, this config drain around 100Wh… It's to much

Jacopx

@whosmatt:

I think you should try your current hardware first.  At the very least that will give you a chance to evaluate pfSense with minimal expense.  Decide whether you like the software (I expect you will) and if the performance isn't quite where you want it to be, but the software is to your liking, then you can consider the next step of purchasing new hardware or a dedicated appliance.  You don't need an SSD; use any old hard disk you have lying around.  If you don't have a hard drive to reuse, I'd of course recommend a small SSD, but it's not strictly necessary.  Good luck and have fun tinkering!

I have try with the WAN… It have a strange behaviour, when I try a speedtest is goes only around 415 Mb/s but the CPU utilisation remain under the 40%. It's normal? Is seams like it not use the dual core...

whosmatt

@Jacopx:

I have try with the WAN… It have a strange behaviour, when I try a speedtest is goes only around 415 Mb/s but the CPU utilisation remain under the 40%. It's normal? Is seams like it not use the dual core...

It's probably a limitation elsewhere.    What NICs are you using?  How are they connected?  (what slots in the motherboard?)  The best possible scenario is to use a PCIe x4 server NIC (2 or 4 ports with an Intel chipset) in one of the two PCIe x16 slots on your motherboard.  Check your documentation and make sure the lower slot is at least x4 electrically.  I'd expect it is at least x8 if the board is advertised to support Nvidia SLI or AMD Crossfire, but best to check the documentation.  For example, I have a Gigabyte board with 3 x16 slots, but only the top one is actually x16; the other two are x4 and x1 electrically.

Or, if you already plan on purchasing new hardware and have seen enough of pfSense to stick with it, go ahead and start planning for that rather than throwing money at your current power hog.  I'm the type of person that is curious and persistent enough that I'd just have to see what I could get out of that old build, but once that's done, it really doesn't make sense to run it 24x7 long-term unless you just don't care about power usage.

Jacopx

@whosmatt:

@Jacopx:

I have try with the WAN… It have a strange behaviour, when I try a speedtest is goes only around 415 Mb/s but the CPU utilisation remain under the 40%. It's normal? Is seams like it not use the dual core...

It's probably a limitation elsewhere.    What NICs are you using?  How are they connected?  (what slots in the motherboard?)  The best possible scenario is to use a PCIe x4 server NIC (2 or 4 ports with an Intel chipset) in one of the two PCIe x16 slots on your motherboard.  Check your documentation and make sure the lower slot is at least x4 electrically.  I'd expect it is at least x8 if the board is advertised to support Nvidia SLI or AMD Crossfire, but best to check the documentation.  For example, I have a Gigabyte board with 3 x16 slots, but only the top one is actually x16; the other two are x4 and x1 electrically.

Or, if you already plan on purchasing new hardware and have seen enough of pfSense to stick with it, go ahead and start planning for that rather than throwing money at your current power hog.  I'm the type of person that is curious and persistent enough that I'd just have to see what I could get out of that old build, but once that's done, it really doesn't make sense to run it 24x7 long-term unless you just don't care about power usage.

Now I use a PCIe (TP-Link TG-3468) and a PCI (TP-Link TG-3269) I think that the second one must to be changed when I will buy the new hardware… I have try to change the port, now are insert in the slot as you can see in here: (The Green ones are the best place, red ones are the ones that I'm using now with the NIC that I have)

I only need 2 GbE port, what it could be the best NIC that I can buy, not for this configuration but for the future?

whosmatt

Something like the HP NC360T which can be had in the US market for $20 or so in slot PCIE_16_2 would do the trick.

That's an older PCIe x4 card designed for servers, and it has 2 ports driven by an Intel chipset.  Some other people on this board can recommend similar cards, perhaps ones that are available cheap in your region, but the main gist is that you can get an Intel server NIC with 2 or 4 ports pretty cheap on the used market.

I'd expect that you'd see significant benefit simply by using a second PCIe NIC rather than your current PCI one, no matter the chipset, but probably  not realize 1Gbps throughput until you get something with an Intel chipset.  The Realtek chipsets get a bad rap with FreeBSD and pfSense because the driver support is not on par with drivers for other operating systems, specifically Windows and Linux.

And finally, if your internet connection uses PPPoE for authentication, look specifically for a NIC that uses the 'em' driver for Intel chips.  The HP I mentioned above does, as do the PRO/1000 NICs (as far as I'm aware).  There is something about the 'em' driver that makes it perform better with PPPoE over the 'igb' driver that some of the newer Intel NICs use.