New Build



  • Hello,

    I have been looking into building a pfsense router and was wondering if someone could help me out and indicate if the following hardware would be able to do all the things that I intend to do with it.

    Pros:

    • Its a server motherboard – so none of the non-essential ports like sound etc.

    • The 1U chassis will fit in my 2-post rack in the server closet

    • Ultra low TDP of 6W

    • Built in quad Intel LAN ports

    • Fanless – so less noise -- good since the server closet is just off of the living room

    • Comes with IPMI – which is great for monitoring and remote management/power especially since the router is going to be in the server closet

    Cons:

    • Sorta expensive since cheaper alternatives can be made using desktop grade hardware

    • ??

    Please let me know if there are other concerns with the above build. I may also spring for a used parts off of ebay to save some additional money if the difference is large enough.

    Other boards that I have been looking at are : Asus P10S-I  https://www.newegg.com/Product/Product.aspx?Item=N82E16813132820&cm_re=ASUS_P10S-I--13-132-820--Product

    and AsRock EPC612D4i – https://www.newegg.com/Product/Product.aspx?Item=N82E16813157615&cm_re=AsRock_EPC612D4i--13-157-615--Product

    But for both of those mobos, I'd have to spring for a processor too -- in the range of about $130 (used) or $300(new) -- making them very expensive routers.

    Now, here's what I intend to do with the machine:

    • It must support VPN – i.e. I use a VPN service via my dd-wrt router currently. I would like to use the same service via pfsense

    • Additionally I would also like to setup a VPN server on the router so that I can access my network when I am away from home

    • DHCP server for my local network and also a guest wifi network on a VLAN or physical

    • Firewall

    • HAVP

    • Parental Control – allowing blocking of keywords etc.

    • Squid/SquidGuard

    • Connect pfSense to a UPS – I may also connect the UPS to my FreeNAS server as the master and make pfSense as the slave.
      It depends on how well the UPS plays with either of the boxes.

    • IDS/IPS

    • Snort

    Pentium N3700 does support AES-NI – so I think the first 2 should be possible. What I would like to know is if the N3700 would have enough grunt. The last 2 are only so that I can tinker around and I might remove them if I don't need it, but I would still like to know if the processor on my mobo would be able to handle it.

    Would it make more sense to simply get a desktop grade mini-ITX board with a half decent processor and install it on a 1U chassis? I'd have to forego IPMI, most likely, but if it brings the cost down by half then I guess it would be worth it.

    Your advice and feedback would be very welcome.

    Thanks in advance.



  • Hello again,

    Been doing some reading and researching and guess my question boils down to 2 questions

    • Will the processor that I choose be able to do what I intend to do with a bit of room to spare as long as I choose something with AES-NI?

    • How much RAM do you think I would need in order to do what I intend to do

    I found a couple other boards with J1900 Celeron and 1 with i3 and was wondering if those would suffice instead of getting a server grade motherboard.

    The reason for my question is that the pfsense hardware compatibility list here indicates that you should use Server grade hardware for 101-500 Mbps & for 501+ Mbps. Currently I am lying in the 21-100 Mbps segment, but I'd like to future proof my hardware at least 1 level up.

    Thanks for taking the time to read.



  • @Inxsible:

    Hello again,

    Been doing some reading and researching and guess my question boils down to 2 questions

    • Will the processor that I choose be able to do what I intend to do with a bit of room to spare as long as I choose something with AES-NI?

    • How much RAM do you think I would need in order to do what I intend to do

    I found a couple other boards with J1900 Celeron and 1 with i3 and was wondering if those would suffice instead of getting a server grade motherboard.

    The reason for my question is that the pfsense hardware compatibility list here indicates that you should use Server grade hardware for 101-500 Mbps & for 501+ Mbps. Currently I am lying in the 21-100 Mbps segment, but I'd like to future proof my hardware at least 1 level up.

    Thanks for taking the time to read.

    I think they are referring to your network card and suggest server grade NICs which would be Intel. pfSense does not recommend anything other than Intel nics until you get into 10gb adapters, then Chelsio is the top choice. I like all of your choices but they are all on the pricey side for what your requirements are. and like you were thinking there is more powerful components for cheaper.  I will say if money was not an issue then yes Id suggest a nice low power 1u system.

    I went the ebay used route and am very happy. though i do have a lack rack and wanted my router in it, i bought a sff dell core i3 for 30 bucks off ebay and love it. it's a i3-3220 so it doesn't have aesni but if you look on ebay you can find the 4th gen i3s that do for very cheap. You might look at off lease thin clients. that would be able to be mounted to a rack shelf and have low power usage. I know even the 2nd gen i5s support aes-ni but are going to consume a tad more electricity. even the i3 3220 has double the passmark score of the n3700, so i know something like that would give you ample head room for other plugins, I have a 60mb wan and it only tops off at 6% usage. and I would think 4gb of ram would be great. if you find something good on ebay you'd still have left over money for an ssd that would be much better for your squid cache.  And I'd suggest getting something like an intel i340-t2 which can be found for 20-25$ commonly



  • Thanks s_mason16.

    All the boards that I am looking at have onboard Intel NICs. So yes I know not to stray away from Intel when it comes to NIC and pfSense or even FreeNAS.

    Having said that, are you saying that a Pentium N3700 would be insufficient for all that I want to do and it would that require me to jump up to an i5/i7/xeon processor? These processors combined with a server grade motherboard do become prohibitively expensive. If such a processor is required for my needs, then I would definitely just get a desktop grade motherboard and add a Intel NIC card on it along with the processor, but if an AES-NI based processor like N3700 or Atom C2758 or Celeron J3455 can do what I need, then I might just get the server grade motherboard since it is SoC along with the bonus of ultra low TDP of around 6W. No i5/i7/xeon is going to come as close to 6W. The least I have seen is about 35W for those processors at which point I also need to worry about enough cooling in a 1U chassis - which means cooling fans, worrying about fitting all of that in 1U and if not, then spring for a 2U chassis etc. etc.

    Also, I have no issues buying stuff off of ebay to get a better deal on used items like I mentioned in my first post. I am mainly worried about buying the right CPU for my needs and amount of RAM. I can tailor the motherboard based on the CPU and secondly the cost.

    So the questions are:

    • Can Pentium N3700 handle everything that I want to do with it?

    • Can Celeron J3455 handle everything that I want to do with it?

    • Can Atom C2758 handle everything that I want to do with it?

    • Will 4GB RAM be enough for everything that I want to do with it?

    I hope you or someone can clarify further.

    Thank you,



  • @Inxsible:

    No i5/i7/xeon is going to come as close to 6W. The least I have seen is about 35W for those processors at which point I also need to worry about enough cooling in a 1U chassis - which means cooling fans, worrying about fitting all of that in 1U and if not, then spring for a 2U chassis etc. etc.

    My QOTOM-Q355G4 (Core i5 box)  has a TDP of 15W , but most of the time uses less.
    It's not 1U , but a little neat passively cooled box.

    https://forum.pfsense.org/index.php?topic=132528.msg728629#msg728629

    https://www.aliexpress.com/store/product/QOTOM-Q355G4-4-Gigabit-LAN-I5-5250U-Dual-core-LAN-Pfsense-Linux-ubuntu-mini-pc/108231_32798680692.html

    What i mean to say is that there exists Core i5's with a reasonable TDP , that might fit in a MoBo.

    /Bingo



  • I would say all those processors would fit your needs more than enough(you said your internet speed was less than 100mb), I think there is a thread where people say the j1900 gets about 800mbits of throughput with zero plugins installed. But as you said you'd like to be one step above your needs. it's not the routing and wan transmitting that tax a cpu, it's the plugins.

    and 4gb is in my opinion like a golden level for a small home. You could maybe use 1gb, maybe hit 2gb peak once in a while. but i doubt you'll ever hit 4gb. and no one's goal is to max their memory. I just had it around so i installed 2x 4gb sticks and it'll never get used.



  • Thanks for the heads up Bingo. I will look into those processors as well then.

    s_mason16, It's good to know that all the processors will be able to do what I need. This opens up many choices for me as I can either go with a server motherboard with SoC - to get remote power on/off and remote management or just go the desktop motherboard with pretty much any processor that supports AES-NI.

    About the memory, as I mentioned, I do have a 1GB 204 pin stick from an old laptop (the same from where I am sourcing the 2.5" 40GB HDD). I will try it with 1GB, and if I think I need more RAM, I can add a 1GB/2GB stick later. If 1GB is enough for me, then that might save me some additional money.

    Time to hit ebay/newegg/amazon.

    Thanks.


  • Banned

    J3355B



  • Thanks pfBasic, for the short and succinct post.  :) ;)


  • Banned

    Anytime! It's a great part, I recommend it often. It's great for sub 100Mbps + significant package usage & also for gigabit with light package usage.

    It's cheap, no moving parts and takes standard PCIe quad Gb NICs.

    I use one for an HTPC (Apollo Lake has HEVC decoding) and it runs High Bitrate 4K 10bit HEVC with no issues. I personally tested it using Suricata with a moderate ruleset and piping all traffic over OpenVPN AES-128 + pfBlockerNG and it maxed out at ~65Mbps with no tweaking, IDS/IPS was the limiting factor. ~300Mbps is the peak with just OpenVPN, no IDS/IPS.

    For your described use case it will serve you well for years.

    If you don't already have a PSU it's best paired with a picoPSU - http://www.mini-box.com/picoPSU-80-60W-power-kit
    If you do already have one use that.

    It will take the SO-DIMM RAM you already have. You will probably run into issues using IDS/IPS on 1GB RAM unless you are using very light rulesets (which is honestly probably best for home use - IDS/IPS is honestly total overkill for home networks).



  • What about one of the new denverton boards?

    ie A2SDi-4C-HLN4F?

    Think it has everything you are looking for and afaik has aes & quickassist.

    Been looking at getting one of them for my pfsense build.

    https://www.supermicro.com/products/nfo/Atom.cfm?show=SELECT&type=C3000

    Edit:
    Just double checked, the 2 core one actually doesn't have quick assist (C3338), however the 4 core and above ones do (A2SDi-4C-HLN4F has C3558).

    I would think then the C3558 would be perfect? Anyone disagree?



  • Regarding server hardware, and also IPMI:

    • server hardware only makes sense if it's very important to have long term vendor support and special features
    • IPMI makes no sense if you only have 1 WAN link since you won't be able to manage it if pfSense goes down

    Remote power-on can be done with Wake-on-LAN via the LAN network, or using ASF. Sensor readings can be done in pfSense (either via the WebUI or via SSH).
    If you have a local network where someone is always available, then IPMI can be nice to have since you won't have to go to the hardware device to reset it, but other than that, the true profit with IPMI comes from out-of-band management in case your pfSense-managed WAN is dead.

    For your case, desktop and even laptop hardware (mobile i3 or mobile i5) will suffice. Make sure you get AES-NI support.



  • @pfBasic:

    Anytime! It's a great part, I recommend it often. It's great for sub 100Mbps + significant package usage & also for gigabit with light package usage.
    ….You will probably run into issues using IDS/IPS on 1GB RAM unless you are using very light rulesets (which is honestly probably best for home use - IDS/IPS is honestly total overkill for home networks).

    IDS/IPS – I was only going to play around with it just for my understanding. I don't know if I am going to keep it around. I probably won't even keep Squid, because I don't have a cap on my internet connection, so it hardly matters if I cache. I might lose a few ms to redownload which could be obtained from the cache -- but then again, this is a home network where performance is important but not mission critical.

    I will, however keep using the VPN -- client and server, plus pfBlocker or similar parental controls, firewall and HAVP.

    @iormangund:

    Think it has everything you are looking for and afaik has aes & quickassist.

    Hmm. Not very familiar with Quick Assist. I might have to read up on that and whether it would be useful for my use case.

    @johnkeates:

    Regarding server hardware, and also IPMI:

    • server hardware only makes sense if it's very important to have long term vendor support and special features
    • IPMI makes no sense if you only have 1 WAN link since you won't be able to manage it if pfSense goes down

    Remote power-on can be done with Wake-on-LAN via the LAN network, or using ASF. Sensor readings can be done in pfSense (either via the WebUI or via SSH).
    If you have a local network where someone is always available, then IPMI can be nice to have since you won't have to go to the hardware device to reset it, but other than that, the true profit with IPMI comes from out-of-band management in case your pfSense-managed WAN is dead.

    For your case, desktop and even laptop hardware (mobile i3 or mobile i5) will suffice. Make sure you get AES-NI support.

    Agreed and Agreed. You are right in every point. I would only have 1 WAN connection. IPMI for me would only be useful in that if I ever wanted to reboot or do something in the BIOS (upgrade or change settings etc…) I wouldn't have to disconnect it from the rack and bring it up to my home office to connect to a monitor and keyboard. I can simply use KVM over IP to do that. Infact I do that with my FreeNAS box. That box required a server motherboard because FreeNAS and its forum is big on using ECC RAM, so I had to get a server board. The one I got (TYAN S5533) had IPMI.

    On that note, I hear that pfSense would now start supporting ZFS filesystem -- Would this necessitate having ECC RAM -- as that is what FreeNAS recommends for ZFS ? I know FreeNAS works without ECC too, it's just what they prefer/recommend.



  • @Inxsible:

    @pfBasic:

    Anytime! It's a great part, I recommend it often. It's great for sub 100Mbps + significant package usage & also for gigabit with light package usage.
    ….You will probably run into issues using IDS/IPS on 1GB RAM unless you are using very light rulesets (which is honestly probably best for home use - IDS/IPS is honestly total overkill for home networks).

    IDS/IPS – I was only going to play around with it just for my understanding. I don't know if I am going to keep it around. I probably won't even keep Squid, because I don't have a cap on my internet connection, so it hardly matters if I cache. I might lose a few ms to redownload which could be obtained from the cache -- but then again, this is a home network where performance is important but not mission critical.

    I will, however keep using the VPN -- client and server, plus pfBlocker or similar parental controls, firewall and HAVP.

    @iormangund:

    Think it has everything you are looking for and afaik has aes & quickassist.

    Hmm. Not very familiar with Quick Assist. I might have to read up on that and whether it would be useful for my use case.

    @johnkeates:

    Regarding server hardware, and also IPMI:

    • server hardware only makes sense if it's very important to have long term vendor support and special features
    • IPMI makes no sense if you only have 1 WAN link since you won't be able to manage it if pfSense goes down

    Remote power-on can be done with Wake-on-LAN via the LAN network, or using ASF. Sensor readings can be done in pfSense (either via the WebUI or via SSH).
    If you have a local network where someone is always available, then IPMI can be nice to have since you won't have to go to the hardware device to reset it, but other than that, the true profit with IPMI comes from out-of-band management in case your pfSense-managed WAN is dead.

    For your case, desktop and even laptop hardware (mobile i3 or mobile i5) will suffice. Make sure you get AES-NI support.

    Agreed and Agreed. You are right in every point. I would only have 1 WAN connection. IPMI for me would only be useful in that if I ever wanted to reboot or do something in the BIOS (upgrade or change settings etc…) I wouldn't have to disconnect it from the rack and bring it up to my home office to connect to a monitor and keyboard. I can simply use KVM over IP to do that. Infact I do that with my FreeNAS box. That box required a server motherboard because FreeNAS and its forum is big on using ECC RAM, so I had to get a server board. The one I got (TYAN S5533) had IPMI.

    On that note, I hear that pfSense would now start supporting ZFS filesystem -- Would this necessitate having ECC RAM -- as that is what FreeNAS recommends for ZFS ? I know FreeNAS works without ECC too, it's just what they prefer/recommend.

    Regarding server/ECC hardware: it's not really a requirement but rather something that you should probably always do, but sometimes doesn't fit the budget. For instance, if you want good storage of a lot of data there bit flips and RAM errors would be a big problem, having mirrored drives and ECC helps a lot. For a firewall, it might only help if there is data flowing over the network that has no checksums. If it fits inside the budget, I always design systems with ECC and redundancy in mind, but it simply isn't always possible.

    For most situations it is overkill, imagine:

    2x pfSense nodes in HA mode
    2x WAN links
    2x Switches for LAN
    2x PSU per system
    2x line power feeds
    2x UPS
    bonded networking in failover mode
    all disks raid1/mirror
    all ram ECC

    it would survive a lot, but also be pretty expensive ;-)


  • Banned

    For that kind of IDS/IPS you'll have no problems at all performance wise.

    I will, however keep using the VPN – client and server, plus pfBlocker or similar parental controls, firewall and HAVP.

    It will push triple your current bandwidth over OpenVPN, significantly more over ipsec. HAVP can have some pretty noticeable performance impacts on your network even if itsn't taxing your CPU. I tried it out with my old i5-2400 setup and could tell a difference whether it was on or off even though the CPU wasn't even kind of working hard. It also just isn't very useful - but use it if you want it!

    DO NOT waste your money on ECC RAM for a home network - just totally no reason at all for that crap. If you are running a business, sure throw it in there so you can tell your boss you did - it still won't matter for a small network.

    There are no additional requirements to use ZFS. There is also nothing about ZFS that makes it need ECC RAM any more than other FS. The FreeNAS extremists make ZFS essentially sound like a huge liability the way they chant the ECC mantra  ::), even the creator of ZFS has debunked that myth.  I currently have it installed in raidz2 on 4 cheap flash drives with no issues for months, but I wouldn't use flash drives unless you have plenty of RAM for a RAM Disk (my system came with 8GB that I don't need). You can check out the link in my signature if you're interested in a ZFS install.

    Regarding server/ECC hardware: it's not really a requirement but rather something that you should probably always do,

    I'm pretty sure this statement was directed towards a FreeNAS setup? Because previously you stated the opposite.

    server/ECC is neither required nor recommended for home use pfSense if you like your money.



  • @pfBasic:

    HAVP can have some pretty noticeable performance impacts on your network even if itsn't taxing your CPU. I tried it out with my old i5-2400 setup and could tell a difference whether it was on or off even though the CPU wasn't even kind of working hard. It also just isn't very useful - but use it if you want it!

    Noted !
    @pfBasic:

    DO NOT waste your money on ECC RAM for a home network - just totally no reason at all for that crap.

    and Noted !
    @pfBasic:

    server/ECC is neither required nor recommended for home use pfSense if you like your money.

    I do like my money. It's pretty hard to come by !  ;)



  • Well, just ordered A2SDi-4C-HLN4F. Though I think it might take a week or two to get here (cost €360 including shipping).
    Already have a spare mini itx case and ram so no other costs for me.

    Will probably make a thread on it to point out any issues and how well it performs.

    Afaik there are no threads on someone actually using pfsense with denverton (not surprising as boards were only announced like a week ago).

    Edit: as for the server vs home comments. Pretty much agree, though if you can afford it and the server hardware has features you want then imho you should go server. Personally I couldn't find a board (soc or non) that fitted my criteria then denverton mobos dropped, couple of the main things I wanted was fanless, more than 2 intel nic and ipmi. As mentioned earlier though, for most ipmi may be pointless on a router system, my use case for it is a little different then just a home router so ipmi is essential.


  • Banned

    there are definitely fringe cases where server hardware would be desirable in a home - but they are for sure fringe cases.

    That Denverton Atom really doesn't offer much over a modern SoC Celeron/Pentium for most home users looking in that market segment (low power fanless SoC).
    But it does cost a lot more (over 4 times as much for quad NIC setups).

    In your case, you needed some specific features it has - that most people definitely don't need at home.

    though if you can afford it and the server hardware has features you want then imho you should go server.

    Many people on here have this general opinion on hardware selection - and it is valid in the professional sector. Unfortunately it often gets spread into the home sector where it has no place.

    I would rephrase that for home use:

    though if you can afford it and the server hardware has features you want absolutely must have and cannot get in the commercial market imho you should go server.

    For the 99% server hardware offers little to nothing they will actually use (or often even notice), yet it costs dramatically more.



  • @pfBasic:

    there are definitely fringe cases where server hardware would be desirable in a home - but they are for sure fringe cases.

    That Denverton Atom really doesn't offer much over a modern SoC Celeron/Pentium for most home users looking in that market segment (low power fanless SoC).
    But it does cost a lot more (over 4 times as much for quad NIC setups).

    In your case, you needed some specific features it has - that most people definitely don't need at home.

    though if you can afford it and the server hardware has features you want then imho you should go server.

    Many people on here have this general opinion on hardware selection - and it is valid in the professional sector. Unfortunately it often gets spread into the home sector where it has no place.

    I would rephrase that for home use:

    though if you can afford it and the server hardware has features you want absolutely must have and cannot get in the commercial market imho you should go server.

    For the 99% server hardware offers little to nothing they will actually use (or often even notice), yet it costs dramatically more.

    Yup, I'll go with that. Depends on what the person is after. Every potential build I was putting together was coming to around the cost of that denverton board. I wasn't satisfied with non server alternative build parts I was looking at to do the job. So overall it made sense for me.



  • @iormangund:

    Well, just ordered A2SDi-4C-HLN4F. Though I think it might take a week or two to get here (cost €360 including shipping).

    Congrats. Do let us know about your build and how it turns out for you.

    I am most likely going the desktop grade route. J3355B is the top choice in new – but I am also looking at ebay for used mobos/cpus where if I can get an i3/i5 with a low tdp around 15W in the same price range as the new J3355 -- it might give me a bit more grunt for my VPNs since they use AES-256-CBC. I am not sure if i3/i5 would be fanless though. Might have to check.

    I am probably going to get a 1U case from these fellas -- http://www.plinkusa.net/1u.htm

    Brand new they cost from $45 - $150.  Even used supermicro chassis sell for more than that on ebay. For my use case, the base one would do as well, they have 3-4 choices from $45 to $60. The good thing about them is that they also provide 39mm I/O plates for the different mobos which you can use instead of the 50mm I/O plates that normally come with boards.

    If your board is some random layout for which they don't have an I/O plate, you can always buy the basic plate and cut it up according to your mobo.



  • The i3's and i5's can be fanless but you'll get the mobile low power ones. Not bad for pfSense, so it's not like you need the raw core power at max performance.
    Regarding ECC: don't get it unless you have both the money and use weird non-checksummed protocols.



  • @bingo600:

    @Inxsible:

    No i5/i7/xeon is going to come as close to 6W. The least I have seen is about 35W for those processors at which point I also need to worry about enough cooling in a 1U chassis - which means cooling fans, worrying about fitting all of that in 1U and if not, then spring for a 2U chassis etc. etc.

    My QOTOM-Q355G4 (Core i5 box)  has a TDP of 15W , but most of the time uses less.
    It's not 1U , but a little neat passively cooled box.

    https://forum.pfsense.org/index.php?topic=132528.msg728629#msg728629

    https://www.aliexpress.com/store/product/QOTOM-Q355G4-4-Gigabit-LAN-I5-5250U-Dual-core-LAN-Pfsense-Linux-ubuntu-mini-pc/108231_32798680692.html

    What i mean to say is that there exists Core i5's with a reasonable TDP , that might fit in a MoBo.

    /Bingo

    @johnkeates:

    The i3's and i5's can be fanless but you'll get the mobile low power ones. Not bad for pfSense, so it's not like you need the raw core power at max performance.
    Regarding ECC: don't get it unless you have both the money and use weird non-checksummed protocols.

    Where do I find the mobile low power ones? I have been trying to search for core i3/i5 U designated processors, but newegg, amazon and ebay all just show me $300-$500 laptops. I don't want that. All I want is to buy a core ix-xxxxU processor. I found a few T designated processors, but then the TDP is 35W and above which means it won't be fanless.



  • @Inxsible:

    @bingo600:

    @Inxsible:

    No i5/i7/xeon is going to come as close to 6W. The least I have seen is about 35W for those processors at which point I also need to worry about enough cooling in a 1U chassis - which means cooling fans, worrying about fitting all of that in 1U and if not, then spring for a 2U chassis etc. etc.

    My QOTOM-Q355G4 (Core i5 box)  has a TDP of 15W , but most of the time uses less.
    It's not 1U , but a little neat passively cooled box.

    https://forum.pfsense.org/index.php?topic=132528.msg728629#msg728629

    https://www.aliexpress.com/store/product/QOTOM-Q355G4-4-Gigabit-LAN-I5-5250U-Dual-core-LAN-Pfsense-Linux-ubuntu-mini-pc/108231_32798680692.html

    What i mean to say is that there exists Core i5's with a reasonable TDP , that might fit in a MoBo.

    /Bingo

    @johnkeates:

    The i3's and i5's can be fanless but you'll get the mobile low power ones. Not bad for pfSense, so it's not like you need the raw core power at max performance.
    Regarding ECC: don't get it unless you have both the money and use weird non-checksummed protocols.

    Where do I find the mobile low power ones? I have been trying to search for core i3/i5 U designated processors, but newegg, amazon and ebay all just show me $300-$500 laptops. I don't want that. All I want is to buy a core ix-xxxxU processor. I found a few T designated processors, but then the TDP is 35W and above which means it won't be fanless.

    You cannot buy them for end-user purposes. They are not socketed and integrated on the motherboard directly.



  • @johnkeates:

    You cannot buy them for end-user purposes. They are not socketed and integrated on the motherboard directly.

    Aha ! No wonder I wasn't able to find any. Well then in that case, if I am to build my own, the best i3/i5/i7 I would get would be with a TDP of 35W.

    Looks like I should stick with Celeron J3355 or Pentium N3700 which are integrated as well, but at least you can get ITX boards instead of laptop boards of weird shapes and sizes which may or may not fit my case.


  • Banned

    Just go with exactly what pfBasic recommends  ;)



  • @TS_b:

    Just go with exactly what pfBasic recommends  ;)

    Oh I am going to. Was only wondering if there was an option to get a bit more grunt in the processor so that it could handle AES-256-CBC since that's what my VPN provider uses. I saw pfBasic's J3355 thread where he laid out it's performance vis-a-vis VPN and different ciphers which is why I was thinking of getting a slightly better processor, but since that would increase the TDP –leading to cooling etc. I think I am going to stick to the J3355



  • For VPN get an i5. The Qotom boxes work fine with OpenVPN.



  • @johnkeates:

    For VPN get an i5. The Qotom boxes work fine with OpenVPN.

    Nooooooooooo !!!!!

    I thought I had finally made up my mind to get the J3355. Now I have to search all over again :(

    I was going to build one in a 1U rack. and also wanted as low a TDP as possible. As I mentioned above, with i3/i5, the least TDP I can get would be 35W, which means I would have to fit in fans in the 1U making it difficult.

    Looks like I should stop thinking about fitting it in 1U and just put a box in a rack shelf.

    Starting from scratch… Thanks, but no thanks johnkeates. ;)

    /justkidding



  • @Inxsible:

    @johnkeates:

    For VPN get an i5. The Qotom boxes work fine with OpenVPN.

    Nooooooooooo !!!!!

    I thought I had finally made up my mind to get the J3355. Now I have to search all over again :(

    I was going to build one in a 1U rack. and also wanted as low a TDP as possible. As I mentioned above, with i3/i5, the least TDP I can get would be 35W, which means I would have to fit in fans in the 1U making it difficult.

    Looks like I should stop thinking about fitting it in 1U and just put a box in a rack shelf.

    Starting from scratch… Thanks, but no thanks johnkeates. ;)

    /justkidding

    I think the TDP of those mobile i5 boxes is like sub-15W :p You could take the board out and put it in a 1U rack mount case? Oh, and it's passively cooled so there's that. But in a 1U with no fins, you might want to put a little fan running at a slow speed in there.


  • Banned

    What throughputs do you need for VPN? The j3355 will do quite a bit of VPN throughput. (300mbps)

    I5 is a bad recommendation. I3 is better at openvpn than i5.

    If you need something more powerful than a j3355 (which you probably do not), then look to a modern Pentium that is not passively cooled, not an i3 or an i5. Massive Overkill recommendations are pretty much par for the course on this forum, you have to be careful and protect your wallet.



  • @TS_b:

    What throughputs do you need for VPN? The j3355 will do quite a bit of VPN throughput. (300mbps)

    I5 is a bad recommendation. I3 is better at openvpn than i5.

    If you need something more powerful than a j3355 (which you probably do not), then look to a modern Pentium that is not passively cooled, not an i3 or an i5. Massive Overkill recommendations are pretty much par for the course on this forum, you have to be careful and protect your wallet.

    Currently my internet speed is 50Mbps, but I am planning on bumping it up to 75Mbps or 150Mbps after my current contract ends. So I will still be within the limits of J3355, I believe.

    I also have options for 300Mbps, 1000Mbps and 2000Mbps, but they are prohibitively expensive right now where I live.



  • @Inxsible:

    @TS_b:

    What throughputs do you need for VPN? The j3355 will do quite a bit of VPN throughput. (300mbps)

    I5 is a bad recommendation. I3 is better at openvpn than i5.

    If you need something more powerful than a j3355 (which you probably do not), then look to a modern Pentium that is not passively cooled, not an i3 or an i5. Massive Overkill recommendations are pretty much par for the course on this forum, you have to be careful and protect your wallet.

    Currently my internet speed is 50Mbps, but I am planning on bumping it up to 75Mbps or 150Mbps after my current contract ends. So I will still be within the limits of J3355, I believe.

    I also have options for 300Mbps, 1000Mbps and 2000Mbps, but they are prohibitively expensive right now where I live.

    I that case, the J3355 would be a good choice. Not only does it work very well, it also has the right performance for your connection. Regarding i3 vs. i5, for pure OpenVPN performance, single core speed is the most important at this time.



  • As I was prowling the local craigslist last evening, here's what I found

    A Supermicro server for sale

    All for $200 !!! A new build with J3355 ($55+$2 shipping) + picopsu ($35) + RAM ($25) + 1U case ($45+$20 shipping) + riser card ($14) + sata to pata adapter($4) (my laptop drive that I was gonna use is IDE) would have cost me exactly $200.

    I know this completely ruins my low TDP requirement and is serious overkill for what I want to do, but I couldn't pass up the opportunity. I am thinking of using this as my pfsense because my crummy Netgear WNR3500L just cannot handle the VPN and keeps getting disconnected.

    I will still build a low power router with a J3355 a few months down the line and then convert this as my backup or a 2nd FreeNAS box.

    Now comes the fun part of exploring the new machine and tinkering with it.









  • Banned

    That's a good find, enjoy!

    In order to offset the high power usage, consider not building a standalone J3355 now that you have this box. It would just be another box to buy and feed power even if it's not much power

    Use your new server as intended and virtualize as many services as you can on it! There's a subforum here dedicated to virtual pfSense setups and it works very well.



  • I'd suggest virtualising pfSense as well, but running pfSense stand-alone on it wouldn't be so bad either. You can change the profiles to down clock and lower the fan speeds dramatically. A bigger server doesn't always require a baseline of 100W, it really depends on the settings. PowerD and the likes help a lot too.

    If you have more services you want to run besides pfSense, and are interested in virtualisation, it is worth it to set it up. The NICs in this server are excellent.



  • Ooh!!!

    New things to learn. Will seriously look into virtualization and powerD etc. I might come back with a shit ton of questions. Be ready to answer them ;)

    The one thing I am not sure about is the backplane on that server. It says SAS, but can't be 100% certain. I haven't been able to see the model number on the backplane.



  • @Inxsible:

    Ooh!!!

    New things to learn. Will seriously look into virtualization and powerD etc. I might come back with a shit ton of questions. Be ready to answer them ;)

    The one thing I am not sure about is the backplane on that server. It says SAS, but can't be 100% certain. I haven't been able to see the model number on the backplane.

    It's probably SAS with SATA fallback support, at least, that's what the cables and part numbers so far tell me. It is totally plausible that they are using a SAS controller, SAS cables and SAS connections but a SATA-only backplane chip. The disks themselves look like SATA disks.



  • The disks are definitely SATA. I pulled each one out and checked.

    Will need to figure out the backplane once I get back home.



  • Found the case model number: its CSE-813M ( I have updated my previous post, to provide links where I can)

    However I found 2 models with the 350W gold power supply :  Not sure which one I have.

    https://www.supermicro.com/products/chassis/1U/813/SC813MT-350CB

    https://www.supermicro.com/products/chassis/1U/813/SC813MTQ-350CB

    Secondly the backplane is the Supermicro SAS815TQ, so I am assuming that my chassis is SC813MTQ-350CB, because the other one has SAS815T backplane, although I haven't found much difference between the 2 backplanes. How would I figure out if this was a SAS1 or SAS2 backplane ?

    Also for the motherboard: I found 3 different X9SCLs. I am not sure what the difference is :

    [Supermicro X9SCL+-F](https://www.supermicro.com/products/motherboard/Xeon/C202_C204/X9SCL_-F.cfm)

    Supermicro X9SCL

    Supermicro X9SCL-F



  • After reading through the specs of X9SCL+-F and X9SCL-F, I found the following 3 differences:

    | X9SCL-F | X9SCL+-F |
    | Intel® 82579LM and 82574L, 2x Gigabit LAN ports | Two Intel® 82574L Gigabit Ethernet Controllers |
    | 1x DOM (Disk on Module) power connector | N/A |
    | Memory Voltage – 1.5 V, 1.35V | Memory Voltage – 1.5 V |

    How much would these differences matter?

    And if not much, then why does Supermicro build similar boards like these? There is another board X9SCL that has the same features as X9SCL-F except that X9SCL doesn't seem to have IPMI.

    These boards are also quite similar to X9SCMs where they have 2 SATA3 and 4 SATA2 ports vs all 6 SATA2 in X9SCLs