Old pc or newer box



  • I am looking to put pfsense on its own box, I am currently running it on the main family pc on vmwareplayer which causes me a headache every time I need to reboot it etc.

    I had been looking at getting one of these Qotom boxes you see online that has an i3 40005 and also looking at purchasing separate components N3150  / j3455.

    However I also had a look on ebay and had been considering getting an old office pc such as this HP PRODESK 400 G1- 4TH GEN i3 4GB RAM. 750 GB HD-3.60 GHZ - 4160 CPU less ££$$, + a intel nic.

    What option should I go for bearing in mind cost, internet speed up to 200mbps, and openvpn usage and the need for AES-NI.


  • Banned

    Since you haven't already purchased anything I would recommend a third option.

    Buy a J3355B @ ~$57

    Buy a cheap $~25 SSD

    Buy 2x2GB SO-DIMM DDR3 @ ~$10 - if you have old Laptop RAM laying around - use that

    Buy a 60W picoPSU kit @ $35

    Buy an i340-t2 @ $15 - or if you need more than two ports

    Buy an i340-t4 @ $30-40

    ~$145 dual port - $170 quad port

    Throw it all in the case of your choosing or the case you already have if you've got an old desktop laying around, just be sure to buy a NIC with the appropriate NIC height (low profile or standard) for the case you use.

    That system will give you Full Gb throughput for routing and firewalling and ~300Mbps OpenVPN without Gateway Groups, ~600Mbps OpenVPN with Gateway Groups.

    It will have no moving parts, make no noise and be very energy efficient.

    I would say this is the go-to build for a low cost box for 95% of home users.



  • Thanks for the suggestion it looks good, just struggling to find similar prices in the UK


  • Banned

    Ah yeah that's a problem. To figure out whether or not it's worth it to buy old v new use an online electricity cost calculator for a quick comparison. Plug in your actual cost per kwh, 24/7/365 on time and the difference in watts between the two boxes.

    Figure about 12W for a new core i3 fanless vs about 35w for an old workstation.

    Then figure out how many years it would take to make up for the high price of buying new.

    In the US it's a pretty long time (7-10 years) for most areas. In other parts of the world with high power costs can be much less.





  • board seems expensive, given the same board goes for $54.99 in the US. Maybe check if you can have it shipped from the US for cheaper. But the rest looks pretty ok.

    You'd still need RAM and the Intel dual Lan card.



  • Is the J3355 recommended over the J3455? Is this because of single core performance  for OPENVpn?

    I do have an old ssd and some ram I can use already and I was looking at this card on ebay: http://www.ebay.co.uk/itm/382197822881



  • @bilbo:

    Is the J3355 recommended over the J3455? Is this because of single core performance  for OPENVpn?

    • J3355 is clocked at 2.0 GHz and J3455 is clocked at 1.5GHz.

    • J3355 has 2 cores/2 threads, J3455 has 4 cores/4 threads.

    You pick your poison based on what you want the machine to do.


  • Banned

    J3455 doesn't have a pcie x4 sized slot in the mini itx board. You have to get the larger board from Asus,or  buy a single nic or modify a dual or quad port nic - which is easy and will not in any way impact performance but most people are unwilling to do any physical modifications themselves, you can also purchase a riser.

    Also make sure the case you buy fits at least a low profile pcie card. Some cases will require the use of a riser to do so.



  • @TS_b:

    J3455 doesn't have a pcie x4 sized slot in the mini itx board. You have to get the larger board from Asus,or  buy a single nic or modify a dual or quad port nic…

    You can always fit the x4 card in the x1 slot without problems. You will lose the speed however.

    There are, in all 4 mini-itx boards available on newegg featuring either J3355 or J3455 (2 for each)

    In fact, in the pictures you can see that not all pins of the slots are connected to the board (especially in the x16 slots – it's very clear). Although checking the board manual is the only sure fire way to confirm whether the particular slot has all the lanes available or not

    So any of the 4 you choose, you will lose speed because all the Intel i350-t2 cards that I found are x4 cards. I still have to check if the card itself runs in x4 or some lower mode. What also needs to made sure is the PCIE version that is being used as well, because that is part of what dictates the speed along with the lanes available in the slot.

    The above boards have been used by many on this fine forum and maybe someone can tell us more about the PCIe configurations with regards to adding an Intel i350-t2 card on it and the speed it gets. It obviously can work since so many use it, but will it exploit the full potential of the server NIC card?


  • Banned

    @Inxsible:

    @TS_b:

    J3455 doesn't have a pcie x4 sized slot in the mini itx board. You have to get the larger board from Asus,or  buy a single nic or modify a dual or quad port nic…

    You can always fit the x4 card in the x1 slot without problems. You will lose the speed however.

    There are, in all 4 mini-itx boards available on newegg featuring either J3355 or J3455 (2 for each)

    In fact, in the pictures you can see that not all pins of the slots are connected to the board (especially in the x16 slots – it's very clear). Although checking the board manual is the only sure fire way to confirm whether the particular slot has all the lanes available or not

    So any of the 4 you choose, you will lose speed because all the Intel i350-t2 cards that I found are x4 cards. I still have to check if the card itself runs in x4 or some lower mode. What also needs to made sure is the PCIE version that is being used as well, because that is part of what dictates the speed along with the lanes available in the slot.

    The above boards have been used by many on this fine forum and maybe someone can tell us more about the PCIe configurations with regards to adding an Intel i350-t2 card on it and the speed it gets. It obviously can work since so many use it, but will it exploit the full potential of the server NIC card?

    None of this is correct.

    A physical x4 card will not fit in a physical x1 slot without physical modifications or purchasing an x1 to x4+ riser.

    There will be no performance or speed penalty in any combination.

    PCIe v2.0 at x1 (the slowest) speed will handle four ports of full duplex gigabit throughput without penalty.

    The problem has nothing to do with the speed of the card or the board, it has to do with whether or not the card will fit in the slot… Like Legos.

    Also, Asus sells a j3455 board with a >x1 slot. That's your only option for j3455 without riser or modification of you want more than a single port nic.



  • @TS_b:

    None of this is correct.

    A physical x4 card will not fit in a physical x1 slot without physical modifications or purchasing an x1 to x4+ riser.

    Correct. I don't believe I said you can either. I agree I could have been more precise.

    @TS_b:

    There will be no performance or speed penalty in any combination.

    So you are saying that an x16 slot working in x1 mode will be just as fast as x16 slot in x16 mode. I don't think so. The number of available lanes do matter in the amount of throughput. And you yourself are saying that "x1 (the slowest) speed…" in the very next comment. So that's a contradiction.

    @TS_b:

    PCIe v2.0 at x1 (the slowest) speed will handle four ports of full duplex gigabit throughput without penalty.

    I don't know much about this as I haven't researched how much speed a dual or quad port Lan card would need.

    @TS_b:

    The problem has nothing to do with the speed of the card or the board, it has to do with whether or not the card will fit in the slot… Like Legos.

    Two ways to skin that cat.

    • You can file off the end of the x1 slot so that it doesn't block the x4, x8 or x16 card

    • File off the card itself to fit in a smaller slot

    @TS_b:

    Also, Asus sells a j3455 board with a >x1 slot. That's your only option for j3455 without riser or modification of you want more than a single port nic.

    Is this Asus J3455 a mini ITX board? Because I haven't found it on Newegg or Amazon. Can you please provide a link?


  • Banned

    It's not itx that's what I said in my earlier post, you have to buy a bigger board.

    The x16 isn't a factor in NICs, no dual or quad modern Ethernet nics are x16,  they are x4. And a quad port gigabit nic only needs x1 pcie v2.0 to Max out it's sued.


  • Banned

    The bottom line is that for most people a j3355 is the choice for pfSense.

    You'll note that in my earlier post I did state that you can modify a card to fit an x1 slot (a couple times).
    But few people are willing to do that so it's kind of moot.

    So that leaves you with the riser option.



  • @TS_b:

    It's not itx that's what I said in my earlier post, you have to buy a bigger board.

    The x16 isn't a factor in NICs, no dual or quad modern Ethernet nics are x16,  they are x4. And a quad port gigabit nic only needs x1 pcie v2.0 to Max out it's sued.

    Agreed. My earlier post said the same thing that I have only found x4 LAN cards. Question is why do they make them in x4, if all they require is x1 speed?


  • Banned

    I think because they only require x1 speeds for PCIe v2.0+.

    Someone with an x1 PCIe v1.x slot would need all 4 Lanes.

    Back in the day the end of the slots on mobos were open, allowing the user to make an intelligent selection.
    These days they dummy proof them and in the process inconvenience the <1% who would care.



  • @TS_b:

    I think because they only require x1 speeds for PCIe v2.0+.

    Someone with an x1 PCIe v1.x slot would need all 4 Lanes.

    Back in the day the end of the slots on mobos were open, allowing the user to make an intelligent selection.
    These days they dummy proof them and in the process inconvenience the <1% who would care.

    Fair enough.

    And that's why it's important to also find out the version of the PCI that the motherboard provides/supports.



  • Interesting read, thanks!

    Just found this as far as PCIe throughput is concerned.
    In my days we had fights between PCI and AGP after ISA slots were abandoned. Well, think I'm getting old.



  • Cool, so there are open ended x1 slots, which may fit bigger cards without having to file away anything. Why did they not do this from the get go? Would have saved so much headache.


  • Banned

    They used to do that. You can find it on old Mobo standards.

    They've since stopped doing it (afaik).

    I think they stopped because people were then putting things like video cards into open ended slots that couldn't handle the required bandwidths and then assumed the Mobo was bad when it didn't work.
    So now they kiddie proof them.



  • @TS_b:

    They used to do that. You can find it on old Mobo standards.

    They've since stopped doing it (afaik).

    I think they stopped because people were then putting things like video cards into open ended slots that couldn't handle the required bandwidths and then assumed the Mobo was bad when it didn't work.
    So now they kiddie proof them.

    making it inconvenient for us. :(


  • Banned

    Haha yup, but there's always the option to open it yourself or trim the card - generally speaking you're better off modifying whichever of the two devices is easier to replace.

    Then there's riser cards, but those can make it difficult to fit the card into very small cases. 1U cases often work well with risers though.

    For pfSense though and the dilineation between j3355 and j3455 people are probably generally better off with the 3355.

    It will be better for ooenvpn and will handle GbE routing and firewalling with ease.

    The 3455 will mostly shine for a user that needs more significant throughput with Suricata and has either modest or no need of openvpn.



  • @TS_b:

    I think because they only require x1 speeds for PCIe v2.0+.

    Someone with an x1 PCIe v1.x slot would need all 4 Lanes.

    That, and because server motherboards basically never come with a x1 slot so for their target market it's a non-issue. Also, by using all 4 lanes of PCIe 2, they theoretically get better performance to/from the buffers on the card. May matter in the target market, but much less relevant for a firewall and completely irrelevant for a low power home firewall.



  • What option should I go for bearing in mind cost, internet speed up to 200mbps, and openvpn usage and the need for AES-NI.

    APU2C4 would be nice if there will be no other needs, offered services, enabled functions or installed packets.
    The Qotom box will be also nice but also with more horse power for installing and running more packets and services.



  • @Inxsible:

    Question is why do they make them in x4, if all they require is x1 speed?

    It's the differences between PCIe 1.0 vs 2.0 or 3.0.  The quad port server NICs that many of us use or recommend absolutely do require 4 lanes of PCIe 1.0 bandwidth to function with full performance.

    GPU miners use riser cables all the time, and that works because the x16 GPUs can get away with x1 bandwidth because they're doing massive compute operations on relatively small chunks of data, meaning that the bandwith of the interface isn't a problem.  It is a problem with something like an HBA or a NIC, though, especially when that NIC uses only PCIe 1.0.