AES-IN system for sub £100 that will support an OpenVPN 200mbps connection?



  • I’m looking to build a better system to run Pfsense on.

    I’ve currently got it running on an old motherboard and a Pentium D 930 but it’s not the fastest thing when it comes to OpenVPN and a 200mbps internet connection.

    I’ve been reading a bit about AES-NI support on new CPU’s and looking at some benchmarks when this is used. The results seem very impressive:

    https://uk.hardware.info/reviews/6094/29/amd-vs-intel-57-processor-megatest-benchmarks-igpu-truecrypt-71-aes
    VS.
    https://uk.hardware.info/reviews/6094/30/amd-vs-intel-57-processor-megatest-benchmarks-igpu-truecrypt-71-aes-+-aes-ni

    I have my eye on this:

    https://www.ebuyer.com/708557

    What i’m unsure about however is if there is anything else I’m missing like i don’t know, this version of the CPU doesn’t have XXX which limits its encrypting ability, pfsense doesn’t like its network card or that Celerons are crap no matter what?

    I’m basically looking for a cheap and cheerful mini box (Ideally sub £100) that has low heat but high speed capable of supporting an OpenVPN connection at 200mbps.  I’m a little particular in where i shop from though so ideally i’m looking to buy from places like amazon.co.uk, ebuyer.com, misco.co.uk, overclockers.co.uk, novatech.co.uk or scan.co.uk.

    I was also thinking about pairing the above with one of these:

    https://www.amazon.co.uk/dp/B071R3YS2H/

    Would that work in terms of the single card allowing me to setup a Wan and Lan connection in pfsense as though i have 2 cards separately installed?

    The other question i have is if instead of that card i installed Vmware and setup pfsense in a virtual machine does the AES-NI still work as effectively through virtualisation software or does it take a performance hit for doing so?



  • I was in the same position as you, if you don't mind buying from eBay, any Dell core i5 sandy bridge or later will easily handle what you are after. Or, go around computer fair / second hand computer shops / gumtree. You will have a pretty powerful system that can handle pretty much what you are after.

    I bought a Qotom afterwards.



  • I settled for the price range that OP asked for, myself, i had some stuff laying around.

    but i got a ITX AMD APU-5000 with AES-NI onboard, i run it at 80down.

    i also run Surricata and few other services off it, dont usually go above the 30/50% mark.



  • @Waqar.UK:

    I was in the same position as you, if you don't mind buying from eBay, any Dell core i5 sandy bridge or later will easily handle what you are after. Or, go around computer fair / second hand computer shops / gumtree. You will have a pretty powerful system that can handle pretty much what you are after.

    I bought a Qotom afterwards.

    The problem with buying a cheap old computer like you suggested is that they tend to be standard size computers with fans and heat, lots and lots of heat.
    I'm looking for something smaller, compact and more importantly as heatless as possible which is why i was looking at the board I'd linked above.

    Devices like a Qotom are really off-putting to me. I can't give a real reason for it, they just aren't a solution i like. Also, looking up the only 1 i could find to buy on Amazon it's got a J1800 processor in it which according to Intel's ARK isn't AES-NI enabled. Nor is the J1900.
    Are you saying a Qotom-Q180N would work in regards to a 200mbps OpenVPN connection? Doesn't seem like it would to me.

    @Stan464:

    I settled for the price range that OP asked for, myself, i had some stuff laying around.

    but i got a ITX AMD APU-5000 with AES-NI onboard, i run it at 80down.

    i also run Surricata and few other services off it, dont usually go above the 30/50% mark.

    Ok, so would you say the AES-NI seems to have worked like its supposed to then and that a APU-5000 could support 200mps?



  • Keep in mind that Openvpn is single-threaded. High clockspeed will be more important then a lot of cores

    Low power things generally have lots of cores, but fail at high speed openvpn.



  • In that bandwidthd for OpenVPN the j3355b is recommended a lot since people have actually used it at those speeds so you know it will work. It's also really cheap. Its newer than what you linked a desktop part instead of.mobile and will be faster for OpenVPN.

    For home use NICs on a budget it's generally best to buy a used one off eBay that was a server pull. This will let you buy a better NIC for cheaper.
    I'd recommend an i340-t2 or i350-t2.

    You can also use a picoPSU 80 (non-WI) with the j3355b.

    If you want a small case get a riser card for the pcie nic and you can use something like the m300 case from minibox.



  • @heper:

    Keep in mind that Openvpn is single-threaded. High clockspeed will be more important then a lot of cores

    Low power things generally have lots of cores, but fail at high speed openvpn.

    This is why i'm really interested to know how effective AES-NI is. The impression i get is that it can supposedly turn a low powered CPU into an encryption powerhouse.



  • @belt9:

    In that bandwidthd for OpenVPN the j3355b is recommended a lot since people have actually used it at those speeds so you know it will work. It's also really cheap. Its newer than what you linked a desktop part instead of.mobile and will be faster for OpenVPN.

    For home use NICs on a budget it's generally best to buy a used one off eBay that was a server pull. This will let you buy a better NIC for cheaper.
    I'd recommend an i340-t2 or i350-t2.

    You can also use a picoPSU 80 (non-WI) with the j3355b.

    If you want a small case get a riser card for the pcie nic and you can use something like the m300 case from minibox.

    Thanks for this. Shall go check it out. Sounds promising.



  • @smegheed:

    @Waqar.UK:

    I was in the same position as you, if you don't mind buying from eBay, any Dell core i5 sandy bridge or later will easily handle what you are after. Or, go around computer fair / second hand computer shops / gumtree. You will have a pretty powerful system that can handle pretty much what you are after.

    I bought a Qotom afterwards.

    The problem with buying a cheap old computer like you suggested is that they tend to be standard size computers with fans and heat, lots and lots of heat.
    I'm looking for something smaller, compact and more importantly as heatless as possible which is why i was looking at the board I'd linked above.

    Devices like a Qotom are really off-putting to me. I can't give a real reason for it, they just aren't a solution i like. Also, looking up the only 1 i could find to buy on Amazon it's got a J1800 processor in it which according to Intel's ARK isn't AES-NI enabled. Nor is the J1900.
    Are you saying a Qotom-Q180N would work in regards to a 200mbps OpenVPN connection? Doesn't seem like it would to me.

    @Stan464:

    I settled for the price range that OP asked for, myself, i had some stuff laying around.

    but i got a ITX AMD APU-5000 with AES-NI onboard, i run it at 80down.

    i also run Surricata and few other services off it, dont usually go above the 30/50% mark.

    Ok, so would you say the AES-NI seems to have worked like its supposed to then and that a APU-5000 could support 200mps?

    I have seen a small form factor (sff) Dell core i5 go for  the same price. So fitting a say dual lan NIC card should be possible.
    My Qotom is a i5 - 5250 U, has all the possible AES instructions, passive cooling and cheap to run.



  • Don't bother trying to use Amazon for the Qotom, get them directly from AliExpress. Warranty is the same and delivery is maybe one or two days difference.



  • @johnkeates:

    Don't bother trying to use Amazon for the Qotom, get them directly from AliExpress. Warranty is the same and delivery is maybe one or two days difference.

    So true, if the OP uses the official Qotom shop on Aliexpress, it will be very easy to order. They accept PayPal so your credit card details will never be seen by Qotom. It took about 3 weeks for my one to arrive to the UK. Their operation is very slick. If OP has any questions, they reply within 24 hours or less.



  • @smegheed:

    @heper:

    Keep in mind that Openvpn is single-threaded. High clockspeed will be more important then a lot of cores

    Low power things generally have lots of cores, but fail at high speed openvpn.

    This is why i'm really interested to know how effective AES-NI is. The impression i get is that it can supposedly turn a low powered CPU into an encryption powerhouse.

    1. openvpn has bottlenecks that don't involve AES encryption. speeding up the crypto routines just means you hit one of the other bottlenecks.

    2. AES-NI implementations are not all the same. at the same clock speed, a skylake processor can perform crypto at 10 times the rate of a silvermont processor.

    There is a lot more to choosing a solution than just whether it "has" AES-NI



  • @Waqar.UK:

    I have seen a small form factor (sff) Dell core i5 go for  the same price. So fitting a say dual lan NIC card should be possible.
    My Qotom is a i5 - 5250 U, has all the possible AES instructions, passive cooling and cheap to run.

    I'm really not keen on buying second hand. I'm looking for new and easily returnable if it doesn't work out. I don't like eBay for anything really. Auctioned items have far less protection and returnabilty then store brought items. Looking at images of a dell core i5 it also still seems like it would generate a lot of heat?

    @Waqar.UK:

    So true, if the OP uses the official Qotom shop on Aliexpress, it will be very easy to order. They accept PayPal so your credit card details will never be seen by Qotom. It took about 3 weeks for my one to arrive to the UK. Their operation is vey slick. If OP has any questions, they reply within 24 hours or less.

    As i already said though, separate to me being picky about where i buy from devices like those from QOTOM are not something i'm looking for as a solution. It's hard to describe why. It's just a set thing i have little control over. Whereas i feel much more in control if i buy the board, case, psu etc or have at least heard of the manufacture before.

    I don't like buying from a place so far away, the time it takes to arrive and other little niggles that just add up to me considering it too much of a hassle/risk to bother giving them ago.
    When dealing with something I'm not all that familiar or sure about to start with (pfsense) i don't want to compound the problem and risk giving myself more issues by buying from an unknown place an unknown companies product.

    @VAMike:

    1. openvpn has bottlenecks that don't involve AES encryption. speeding up the crypto routines just means you hit one of the other bottlenecks.

    2. AES-NI implementations are not all the same. at the same clock speed, a skylake processor can perform crypto at 10 times the rate of a silvermont processor.

    There is a lot more to choosing a solution than just whether it "has" AES-NI

    Ok cool, are you able to explain further what those thing are so i know what i need to look for and can work out the cheapest items to buy that will do the job?



  • @smegheed:

    Ok cool, are you able to explain further what those thing are so i know what i need to look for and can work out the cheapest items to buy that will do the job?

    If you want all the details, I suggest you search around on the forum where you'll find a lot of threads about AES-NI performance. Or, just be specific about requirements (bandwidth, VPN, PPPoE, etc.) to get a more tailored response. The J3355 has already been suggested, and I'd say that's probably an obvious choice for you. You can search for existing reports from people who have that hardware.



  • The problem here is that your requirements are in conflict. You don't want to spend money, but you do expect certain performance. That's not going to happen, especially when adding 'store bought' (which IMHO is the worst place to buy anything computer related) to the list.

    If you want decent performance and buy it from the store, you'll have to triple your budget.

    Alternatives are:

    • not buying from the store, but from the country where the stuff is made (that's where the stores get their stuff)
    • going for less performance

    It's basically a 3-choice pick-2 game. You can't have it all ;)



  • @heper:

    Keep in mind that Openvpn is single-threaded. High clockspeed will be more important then a lot of cores

    Low power things generally have lots of cores, but fail at high speed openvpn.

    Single threaded per tunnel instance. Depends if they need a single tunnel to be fast or just the connection of active tunnels to be fast.



  • You can have it all, just buy a j3355b - they are like $55 from Newegg  and will do exactly what you want.

    For what you want you can even use the onboard NIC with VLANS on a smart switch, or buy a single NIC, or buy a solid dual NIC. all are not that expensive even if you buy new.

    picoPSU 80 is cheap, m300 is cheap.

    The problem is that people are recommending an i5 when only  a Celeron is called for.



  • @belt9:

    You can have it all, just buy a j3355b - they are like $55 from Newegg  and will do exactly what you want.

    For what you want you can even use the onboard NIC with VLANS on a smart switch, or buy a single NIC, or buy a solid dual NIC. all are not that expensive even if you buy new.

    picoPSU 80 is cheap, m300 is cheap.

    The problem is that people are recommending an i5 when only  a Celeron is called for.

    Maybe if you are in the US, but outside of the US, newegg is pointless.
    Getting a few UK prices show j3355b systems cost about 130 GBP and that's only mainboard, RAM and PSU.



  • https://www.amazon.co.uk/gp/aw/d/B01M9EXCYB/ref=mp_s_a_1_1?ie=UTF8&qid=1507218936&sr=8-1&pi=AC_SX236_SY340_FMwebp_QL65&keywords=j3355b&dpPl=1&dpID=51Q-%2BTonTML&ref=plSrch

    62gbp for board.

    At 130gbp including ram and PSU all you need is a nic and case for 70gbp. Can easily get away with a single how port nic for 200Mbps.

    I personally don't agree with OPs ideas about purchasing computer components, but he can get what he wants in his price range.



  • If i really wanted to i could already use an old i7-4770K system to manage the 200mbps requirement. The problem is the heat it will generate. I've got a computer cupboard with a number of systems inside it and over the years the number of systems has steadily increased but the ventilation has remained the same and is not something i can change.

    I don't want to spend loads on a new system when i have a perfectly good capable system sitting right next to it. I also don't want to 'waste' a still powerful and useful system on what is essentially a glorified router that can do OpenVPN. This is what is limiting my spending. I also feel like it shouldn't cost an arm and leg to get OpenVPN to run @200mps.

    I do agree though that it's starting to look a little unlikely i can get what i want since after having looked at normal power supplies i fear that is where a lot of the heat will still come from.

    The picoPSU does not inspire confidence when looking at it. Looks like it will start generating smoke a couple of days after I've installed it  and I'm not willing to buy what i consider to be an unknown and risky power supply from a company I've never heard of before, especially when experimenting for the first time with something like I'm currently doing.

    The hope was to, for example, buy an all in one solution for as close to £100 as possible from a place like Amazon and from a main stream brand i recognise like Asus for example. Failing that  buy things like an asus all in one board, a low watt / low heat corsair power supply, cheap ram, a cheap micro-atx case and a dual network card and have pfsense run OpenVPN 24/7 on it while generating little heat and spending as close to £150 as possible.

    The money and size of case wasn't the important part, the heat was, though if it got to £200+ I'd start to consider it no longer cost effective. The whole AES-NI thing is where i got my hopes up i guess. I thought maybe, finally, i could buy a cheap, low cost, low heat system that could encrypt OpenVPN @200mbps.

    Having now gotten these replies and gone through the advice i can see that what i want and what's available are 2 different things. I'd like to buy a Qotom system but i see it as too much of an unknown risk which is of a similar catch 22. I don't know how good it is till i buy it but i won't buy it unless i know how good it is first, especially not when its shipped from abroad.

    It's a shame Amazon don't have the more powerful AES-NI enabled Qotom's available from within the UK otherwise i'd give one a go.

    Thanks to everyone for the help and advice though. It was all useful even if it was only to help me realise i can't do what i want within the limitations I've set myself.



  • @smegheed:

    The picoPSU does not inspire confidence when looking at it. Looks like it will start generating smoke a couple of days after I've installed it  and I'm not willing to buy what i consider to be an unknown and risky power supply from a company I've never heard of before, especially when experimenting for the first time with something like I'm currently doing.

    The picopsu is well known and the gold standard in this space.



  • It sure doesn't look it.

    What I'm currently thinking of doing now is running Vmware on the 4770k and combining 3 or 4 of the systems i currently have heating up the cupboard, including the current Pfsense system. This way i won't feel like I'm wasting it doing just 1 one thing while also reducing the amount of heat in the cupboard.

    Maybe when i'm willing to spend the money more or Amazon stocks something i consider a bit more viable i'll revisit this. I would prefer to use a separate system for my VPN connection in the end.



  • I'd say: just get a Qotom box, pay with PayPal, and be done with it. But you seem to be stuck in a circle where you won't buy anything you don't already know, but you would have to buy it to know it ;-)



  • Ehhh, you've used a Pico PSU before you just didn't know it.

    What do you think powers laptops, etc?

    AC to DC is in the external brick, the internal is just DC to DC.
    I'm not sure what you need to Inspire confidence? A covering plate?

    It sounds like you're just making up a bunch of artificial restriction.

    What you're trying to do is neither new or difficult. You've been told exactly what you need to accomplish what you want to do.
    You can try to reinvent the wheel if you want, you're probably not going to come up with anything better. You'll probably come up with something much worse.



  • @smegheed:

    It sure doesn't look it.

    Well, then you're probably better served doing research on small form factor systems than agonizing here.



  • Here something about CPUs performance

    https://forum.pfsense.org/index.php?topic=115673.0

    I own a Celeron N3150 and I can assure you that it can not exceed 130Mbps acting as OpenVPN client.



  • The problem with buying a cheap old computer like you suggested is that they tend to be standard size computers with fans and heat, lots and lots of heat.

    But for less then £100 you might be hoping eventually to much from that budget? And it is not only targeted to
    one or two things here, but more then targeted to exactly these or that point most be reached.

    • sub £100
    • OpenVPN ~200 MBit/s
    • Low noise, low power using

    This might be able to get by saving some more coins and go then away with a right matching Qotom box with an
    Intel i3, i5 or i7 CPU, 4 GB till 8 GB of RAM and a small SSD or mSATA around 32 GB till 120 GB likes you need it.

    I'm looking for something smaller, compact and more importantly as headless as possible which is why i was looking at the board I'd linked above.

    The WiFi is mostly not able to use at this boards and often (not even) there will be perhaps BIOS problems with this
    kind of boards. So go with a small Qotom and all will be fine here as I see it right or other were mentioned it earlier
    as me. All other options that will be hitting that points will be more expensive as this variant and even using more
    electric power too.

    Devices like a Qotom are really off-putting to me. I can't give a real reason for it, they just aren't a solution i like. Also, looking up the only 1 i could find to buy on Amazon it's got a J1800 processor in it which according to Intel's ARK isn't AES-NI enabled. Nor is the J1900.

    Again, it is based on your needs, wished and goals that must be or should be reached exactly, and not by the available
    hardware on the market. Only by your thinking and willing to set it up as you need and want it.

    Are you saying a Qotom-Q180N would work in regards to a 200mbps OpenVPN connection? Doesn't seem like it would to me.

    Around ~300 MBit/s will be the best mark with silent hardware that is not, I repeat it, which is not so strong and
    power hungry.

    This is why i'm really interested to know how effective AES-NI is. The impression i get is that it can supposedly turn a low powered CPU into an encryption powerhouse.

    If we talk here about IPSec you will be really near to the realism with that comment, a small SG-4860 is able to
    push ~470 MBit/s over IPSec VPN and on top of this counting the TCP/IP overhead will be nearly ~500 MBit/s
    real throughput then!!!! That is impressive for that small kind of pfSense box.

    I'm really not keen on buying second hand.

    You want to get or reach nearly real ~200 MBit/s over OpenVPN and that is the fact here in that game play
    nothing else. And on top of this, it might be power saving, silent and must be under £100 too! Please don´t forget
    that you were setting the levels and not we are doing so, did we?

    I'm looking for new and easily returnable if it doesn't work out. I don't like eBay for anything really. Auctioned items have far less protection and returnabilty then store brought items. Looking at images of a dell core i5 it also still seems like it would generate a lot of heat?

    Axiomtek has very powerful hardware for pfSense but nothing in your budget region or level.
    Supermicro has very stable and powerful hardware but again not in your budget level.
    Qotom has also very powerful and silent hardware and nearly to your budget or better not so far away from it.

    This is what is limiting my spending. I also feel like it shouldn't cost an arm and leg to get OpenVPN to run @200mps.

    Once again to get the best mark such as ~300 MBit/s total OpenVPN throughput, with sielnt and not so power
    hungry hardware will exactly meeting the Qotom Intel i3 or i5 level.

    I'd say: just get a Qotom box, pay with PayPal, and be done with it. But you seem to be stuck in a circle where you won't buy anything you don't already know, but you would have to buy it to know it ;-)

    Me too, but I will also consider to save more money and get then a more powerful Qotom box that is able to
    handle all things at the best.

    Alternately you may be also happy with a refurbished small and silent Intel E3-12xxv3 server, but using
    more electric power and not soooo silent as you may whish it perhaps.



  • @BlueKobold:

    Once again to get the best mark such as ~300 MBit/s total OpenVPN throughput, with sielnt and not so power
    hungry hardware will exactly meeting the Qotom Intel i3 or i5 level.

    Qotom isn't going to hit the price target, and it's frankly not great hardware in the first place. Yeah, it's an i5, but it's a U-series i5 that's a couple of generations old. I'd rather have a J3355 for a small fanless box. The only reason to buy the qotom is if you don't want to deal with parts, but the OP started out talking about parts so that doesn't seem to be the case.



  • @VAMike:

    I'd rather have a J3355 for a small fanless box.

    Is there a J3355 board with Intel NICs?  I've had enough bad experience with Realtek NICs to not want to deal with them, even if they have fixed their earlier issues :p

    I'd love to find a site with motherboards where you can search for things like LAN chipsets, number of LAN ports, etc.  PCpartpicker.com is more aimed at enthusiasts - they do have some boards listed there that have multiple NICs but most of them are really old and not really what those of us looking to build low power firewalls are interested in.

    That's why I keep combing the forums here looking for what others are using/recommending/looking at too - but talk about time consuming!



  • @EricE:

    @VAMike:

    I'd rather have a J3355 for a small fanless box.

    Is there a J3355 board with Intel NICs?  I've had enough bad experience with Realtek NICs to not want to deal with them, even if they have fixed their earlier issues :p

    I'd love to find a site with motherboards where you can search for things like LAN chipsets, number of LAN ports, etc.  PCpartpicker.com is more aimed at enthusiasts - they do have some boards listed there that have multiple NICs but most of them are really old and not really what those of us looking to build low power firewalls are interested in.

    That's why I keep combing the forums here looking for what others are using/recommending/looking at too - but talk about time consuming!

    You can add a dual port nic and still come out ahead



  • Minibox M300 is small, and takes a PCIe card provided you use a riser. http://www.mini-box.com/Mini-Box-M300

    J3355B has an x16 slot and dual gigabit NICs will all be x4 slots.

    I think minibox sells a riser for the M300 for like $3.



  • @johnkeates:

    Don't bother trying to use Amazon for the Qotom, get them directly from AliExpress. Warranty is the same and delivery is maybe one or two days difference.

    I used one of these and they are great.

    https://www.aliexpress.com/item/New-Braswell-mini-pc-M150S-with-2G-ram-8G-SSD-celeron-N3150-Dual-H-D-M/32533935685.html



  • I realised about two months ago that it will be impossible to get any new box under ~£200 for getting such OpenVPN performance, not in 2017.

    Still, the original question is very close to my own search, the difference is that I am willing to buy from China, especially from AliExpress where you get protection.

    Maybe someone can help me decide which box should be better, my question was https://forum.pfsense.org/index.php?topic=137651.0 but if you can point to other one i would not mind.

    PS. Also my performance requirements are even lower, I only really need 80mbps OpenVPN as that's my VDSL limit so far. Obviously that I would not mind being able to scale up later it it does not double the cost.



  • If 80 Mbps is all you need and you're willing to build something yourself the J3355B is the way to go I think. Most relatively cheap and power efficiënt builds for your speed requirements include the j3355B, a micro psu and an Intel Nic from ebay.



  • Our US$3K (5 year old) main router took a shot during a recent power outage and until we get a replacement we decided to temporarily use a Zotac ZBOX-CI327NANO-U Intel Celeron N3450 dual LAN box.
    It has some unsupported hardware (SD socket), for which we found a solution. But otherwise it is an outstanding machine.
    With 4GB of RAM and a 60GB SSD it comes for roughly $175, which puts it in your budget.
    The hardware build of this little box is far superior to many products out there. I wouldn't want to put down any products that are hyped on these forums (or elsewhere) but since you seem to be interested in doing your homework diligently I suggest that you take a close look at this little box.
    Not sure if blue chip still means much in this day and age as it did 20 years ago, but CI327 is definitely a blue chip product.
    It will certainly drive your 200 mbps line, ours runs off a 300/300 without a hiccup. It hardly feels warm as it only burns a few watts. Absolutely perfect for home or SOHO use. If you need more ethernet ports simply put a small VLAN enabled switch on one of the ports.



  • J3355B w/ Intel NICs > N3450 w/ Realtek NICs

    That zotac box is at a good price point for low bandwidthd out non OpenVPN serious though!



  • Not sure if you've already purchased your new hardware but I thought I'd add my input for hardware recommendation. Trust me I've spent the last 3 weeks looking at a lot of possibilities. First I'll show what I'm currently running and then what I'm upgrading to and why.

    I tried a few bits of hardware back in 2010 - a dual P3 server, a P4 Celeron system but eventually settled for and have had a Mini-ITX setup for the last 7 years consisting of:

    Thermaltake Element Q ITX case with 220W PSU (I replaced PSU with a Pico PSU)
    Point of View Atom 330 Mini ITX motherboard (I disconnected the fan)
    2GB DDR2
    Old 2.5" laptop hard drive
    HP NC364T quad port gigabit NIC - added a few years ago to replace a single port NIC that I had in the 16x PCI-e slot.

    In those 7 years my ISP has upgraded my connection several times to where I'm at 200Mb/12Mb as well as me recently using a VPN service, I can certainly tell my silent little box is struggling with how much I'm hammering it. (I run a games server, Teamspeak server, etc)

    I currently struggle to get over 60Mb/s Download when the VPN is connected, I get near enough the full 200Mb/s when it is not connected. I can see the CPU usage for the OpenVPN process (running top in the shell) is hovering around 80%+

    Not wanting to spend too much on hardware and with the recent announcement that a CPU with AES-NI instructions will be required and I need one anyway as I use OpenVPN, I decided now is a good time for me to upgrade.

    I'm keeping the case, PSU, hard drive and Quad port NIC. This immediately limited me to an ITX board with a minimum of a PCI-e 4x slot. So with that search criteria I have ordered the following, all second hand but that doesn't bother me as I've used second hand parts in my current build:

    Portwell WADE-8320 motherboard, with heatsink (£45 delivered)
    Intel Core i5 520m CPU (£8 delivered)
    2GB DDR3 SO-DIMM (free as I had spare but less than £10)

    The reasons are price, performance and features. The motherboard comes with two Intel Gigabit NIC's onboard and has a 4x PCI-e slot. It supports 1st gen mobile i3,i5 and i7 CPU's which are all cheap nowadays. I recommend the i5 5xxm series as they are cheap, dual core hyper threaded and have AES-NI. It has a mini PCI-e slot on the reverse of the board if you wanted to add in a small SSD rather than use a normal drive via SATA.

    Currently my Atom system draws 40W at the wall (30W for the motherboard/CPU/RAM and 10W for the HP NIC) this is due in part to the incredibly inefficient southbridge used on older Atoms boards, so although the CPU has a low TDP, the motherboard chipset negates any gains.

    I'm confident that even though the i5 520m is rated at 35W TDP, the fact that the QM57 chipset used on the motherboard is only rated at 3.5W TDP, my new system won’t draw much more power than the Atom it’s replacing, especially as the Core i5 has better C states when idling.

    Trust me, I looked at a LOT of options, including the later Atoms, Celerons, etc. Nothing beat the price/performance ratio of what I've mentioned above, in my opinion and use case scenario.



  • 40W for an Atom? yikes - that's atrocious.

    TDP is heat dissipation, nothing to do with power draw - as your atom obviously proves.

    As far as price performance, check out ebay.

    My current system is a SFF i5-2400 i340t4 box drawing <40W and it cost me <$150, and that box performance is crazy overkill.

    Since you already have a case, storage, RAM and a NIC - why don't you just buy a J3355B? That will draw way less power and is honestly pretty close in performance to the i5-520m - it almost certainly outclasses the 520m in OpenVPN throughput, it will also probably cost you less upfront.



  • @belt9:

    40W for an Atom? yikes - that's atrocious.

    Yeah, they rushed it out the door to meet the schedule before a low power chipset was ready to go with the low power cpu. Nine years ago, though, it was the cheapest & easiest way to get passive cooling, dual cores, and 64 bit instructions.

    Since you already have a case, storage, RAM and a NIC - why don't you just buy a J3355B? That will draw way less power and is honestly pretty close in performance to the i5-520m - it almost certainly outclasses the 520m in OpenVPN throughput, it will also probably cost you less upfront.

    atom 330 was DDR2, need new ram.



  • Yeah that's crazy! I use an old N450 in a netbook to run a Unifi controller on it (really should figure out VMware and virtualize all this stuff on my i5-2400) - it doesn't get great power consumption numbers but certainly not that bad.

    User said they had 2GB DDR3 SO-DIMM on hand, if not though that stuff is super cheap on eBay. Ultimately, the idea of "upgrading" from one incredibly inefficient, anemic CPU to another inefficient but slightly-less anemic CPU makes no sense to me when there are cheap products out there like the Apollo Lake Celerons.

    @Anarki:

    Trust me, I looked at a LOT of options, including the later Atoms, Celerons, etc. Nothing beat the price/performance ratio of what I've mentioned above, in my opinion and use case scenario.

    https://www.newegg.com/global/uk/Product/Product.aspx?Item=N82E16813157726&cm_re=j3355b--13-157-726--Product

    Looks like about £55 including VAT for a much better product that also happens to be new instead of used.