Hardware for my first pfSense build



  • Hey guys,

    I'm not really experienced with pfSense, but recently I had a chance to play with it for a while and I loved it. I want do build myself a home router which has to handle 600/400 traffic with site to site OpenVPN connection. I'm mostly concerned about hardwace compatibility and CPU power for encrypted traffic, I'd also like to have two Intel NIC's for performance and reliability. I did some research, but due to my lack of experience with this software, I have to ask for help. I thought of Asus Q87T, then I found out that it has just one Intel NIC, the second one is Realtek. Is there any good and reliable mini ITX motherboard with two Intel NICs and fairly modern Intel CPU socket? Would and i3 or i5 be enough to handle lots of encrypted VPN traffic?



  • I thought of Asus Q87T, then I found out that it has just one Intel NIC, the second one is Realtek.

    Get a refurbished Intel i340-T4 or i350-T4 to solve around this behavior. A Intel Pro 1000 PT would be also matching
    nice to that borad.

    Is there any good and reliable mini ITX motherboard with two Intel NICs and fairly modern Intel CPU socket?

    gigabyte ga-6lisl (newer)
    Intel DQ77KB (older)

    Would and i3 or i5 be enough to handle lots of encrypted VPN traffic?

    Qotom Intel i5 with 4 GB LAN Ports.

    All in all it could also be nice to get a SG-3100 that is capable to route 1 GBit7s at the WAN port with easy and
    delivers ~300 MBit/s over IPSec VPN. OpenVPN needs raw CPU horse power and is single threaded!



  • I have used those DQ77's, they work well. Regarding OpenVPN performance: don't forget you can also use multiple OpenVPN connections together. This doesn't make single sessions faster, but does allow stacking multiple connections and spread them over multiple cores.



  • Thank you!  :)

    What do you think about this board?

    https://www.newegg.com/global/pl/Product/Product.aspx?Item=N82E16813157795

    It has two Intel NICs an 1151 socket. Combined with the i3-7300 it sould have enough single threaded power to handle OpenVPN.

    If it's an overkill, I thought of this, BlueKobold's suggestion:

    https://www.aliexpress.com/store/product/QOTOM-Q355G4-2017-New-fanless-X86-4-LAN-Micro-Computer-I5-5250U-Dual-core-onboard-1080P/108231_32800711474.html



  • @Unpleasant:

    Thank you!  :)

    What do you think about this board?

    https://www.newegg.com/global/pl/Product/Product.aspx?Item=N82E16813157795

    It has two Intel NICs an 1151 socket. Combined with the i3-7300 it sould have enough single threaded power to handle OpenVPN.

    If it's an overkill, I thought of this, BlueKobold's suggestion:

    https://www.aliexpress.com/store/product/QOTOM-Q355G4-2017-New-fanless-X86-4-LAN-Micro-Computer-I5-5250U-Dual-core-onboard-1080P/108231_32800711474.html

    That board is not bad, but it's not a super good fit either. I suppose the Qotom is both cheaper and faster and has more network ports. The only things to keep in mind is that the Qotom only has 1 RAM slot, 1 SATA port, 1 mSATA port and 1 PCIe slot. This means that you won't be able to upgrade it to handle things like 10GbE. In most cases, however, that is not really a problem.

    The "problem" with the Qotom box is that it's rather cheap and has pretty good features. It's hard to get something better for the same price.



  • @johnkeates:

    That board is not bad, but it's not a super good fit either. I suppose the Qotom is both cheaper and faster and has more network ports. The only things to keep in mind is that the Qotom only has 1 RAM slot, 1 SATA port, 1 mSATA port and 1 PCIe slot. This means that you won't be able to upgrade it to handle things like 10GbE. In most cases, however, that is not really a problem.

    The "problem" with the Qotom box is that it's rather cheap and has pretty good features. It's hard to get something better for the same price.

    So I guess I'll order QOTOM-Q355G4 with I5 5200U, 8GB RAM and 30GB SSD drive. Do you think it's a good idea to install additional wireles card into it? I've heard that with pfSense it's always better to buy a separate access point. Do you think this unit will handle at least 300mbps OpenVPN with aes256?



  • @Unpleasant:

    @johnkeates:

    That board is not bad, but it's not a super good fit either. I suppose the Qotom is both cheaper and faster and has more network ports. The only things to keep in mind is that the Qotom only has 1 RAM slot, 1 SATA port, 1 mSATA port and 1 PCIe slot. This means that you won't be able to upgrade it to handle things like 10GbE. In most cases, however, that is not really a problem.

    The "problem" with the Qotom box is that it's rather cheap and has pretty good features. It's hard to get something better for the same price.

    So I guess I'll order QOTOM-Q355G4 with I5 5200U, 8GB RAM and 30GB SSD drive. Do you think it's a good idea to install additional wireles card into it? I've heard that with pfSense it's always better to buy a separate access point. Do you think this unit will handle at least 300mbps OpenVPN with aes256?

    Don't add a WiFi card, it's indeed better to have a separate access point. It will do OpenVPN, but I'm not sure 300Mbps with AES256 is attainable. It should be possible considering you get over 700Mbps on AES128, so if double the key length causes double the computational power, it should work.



  • @johnkeates:

    Don't add a WiFi card, it's indeed better to have a separate access point. It will do OpenVPN, but I'm not sure 300Mbps with AES256 is attainable. It should be possible considering you get over 700Mbps on AES128, so if double the key length causes double the computational power, it should work.

    Okay, since the VPN is used mostly for sharing files across my family and friends plus playing some old LAN games, I guess I'll stick with AES128 for better performance, especially that some clients are run on beefy, yet still consumer routers and get around 60-80mbps. Thank you both guys for helping me! Now I just have to wait for the package. ;)



  • @Unpleasant:

    @johnkeates:

    That board is not bad, but it's not a super good fit either. I suppose the Qotom is both cheaper and faster and has more network ports. The only things to keep in mind is that the Qotom only has 1 RAM slot, 1 SATA port, 1 mSATA port and 1 PCIe slot. This means that you won't be able to upgrade it to handle things like 10GbE. In most cases, however, that is not really a problem.

    The "problem" with the Qotom box is that it's rather cheap and has pretty good features. It's hard to get something better for the same price.

    So I guess I'll order QOTOM-Q355G4 with I5 5200U, 8GB RAM and 30GB SSD drive. Do you think it's a good idea to install additional wireles card into it? I've heard that with pfSense it's always better to buy a separate access point. Do you think this unit will handle at least 300mbps OpenVPN with aes256?

    Good choice. I have used the exact same Q3554G for some months now, working very perfectly!



  • @TommyL:

    Good choice. I have used the exact same Q3554G for some months now, working very perfectly!

    Would an i5-4200U be much worse? Models with i5-5200U/5250U are out of stock on aliexpress. :-\



  • Yes, that'll be fine…


Log in to reply