Hardware recommendations ATT 1gig up and down



  • Complete noob to Pfsense here.

    I have ATT U-verse with 1gig up and down service. Using their required Pace 5268ac gateway. I want to use one port of the gateway and attach a pfsense router to it for some devices.

    I’m looking for hardware recommendations to be able to run 3 or 4 devices with PIA vpn setup via OpenVpn. I don’t need to utilize the full gigabit, I’d be happy with 500 up and down. I’d just like for all of the connections to be able to do it at the same time if necessary. For things like torrenting, streaming, etc.

    Not planning on running any additional packages outside of the vpn, but having the option in the future wouldn’t be that bad.

    I already have an Intel i390-t4 on order. Figured that much out from reading things. Also already have a 16gb Ssd I was going to use for the hd. I can buy bigger if necessary. I just prefer ssd.

    Would an j3355 box suffice or would I need something beefier, I was looking at a used sff pc with i7-2600, 4gb ram, imbedded video for under $100. But that might be overkill and use way more power than necessary. I don’t care if I use about $35/yr power wise. Worth it for security and privacy.

    Thanks in advance.



  • i3-class CPU will suffice and enough headroom for near future. 16G SSD will suffice also.



  • @psycaz:

    I have ATT U-verse with 1gig up and down service.

    @psycaz:

    Would an j3355 box suffice or would I need something beefier

    You would need something beefier than j3355. From everything that I have read on the forum, j3355 will probably max out at 300Mbps.

    Also any particular reason why you bought a quad NIC vs dual NIC? What are you planning to do other than 1 port for WAN, 1 port for LAN? I ask because I am a noob to pfSense as well and I haven't really understood what quad NICs give you over a basic unmanaged switch – unless you have multiple ISPs serving your house and that way you can have multiple WANs. But most home users don't buy internet service from multiple ISPs



  • Thx SammyWoo

    I’m trying to find a used pc that I can get cheap. I’ll use your recommendation as a baseline.



  • @Inxsible:

    @psycaz:

    I have ATT U-verse with 1gig up and down service.

    @psycaz:

    Would an j3355 box suffice or would I need something beefier

    You would need something beefier than j3355. From everything that I have read on the forum, j3355 will probably max out at 300Mbps.

    Also any particular reason why you bought a quad NIC vs dual NIC? What are you planning to do other than 1 port for WAN, 1 port for LAN? I ask because I am a noob to pfSense as well and I haven't really understood what quad NICs give you over a basic unmanaged switch – unless you have multiple ISPs serving your house and that way you can have multiple WANs. But most home users don't buy internet service from multiple ISPs

    I honestly went quad for a couple reasons. At the moment, I’m looking at three devices I want connected to pfsense and the vpn, so that lets me use one for wan, the other three direct to the devices, hopefully better speed, less issues. I like having room should I want it in the future. I have a couple older nas devices I might want to connect down the road for outside access, I don’t use them that way currently. The extra ports give me options. I hate buying things twice because I tried to skimp at the start. Burned myself several times on other things.

    The price wasn’t that much more to go quad, paid $35 shipped. Should be a real one too as the chips aren’t screen printed. Resale shouldn’t be hard if this doesn’t work out either. I’ll make sure to use clear pics of the chips to prove it’s real, not a Chinese knockoff, if it is one.



  • @psycaz:

    I honestly went quad for a couple reasons. At the moment, I’m looking at three devices I want connected to pfsense and the vpn, so that lets me use one for wan, the other three direct to the devices,

    Will these 3 devices be able to talk to each other? If so, I can buy a quad NIC and attach them to 3 different switches thereby increasing the number of devices in my network instead of upgrading my 16 port switch with a bigger one in the future. It will save me the hassle of selling/trashing my 16 port unmanaged switch.

    @psycaz:

    hopefully better speed, less issues. I like having room should I want it in the future. I have a couple older nas devices I might want to connect down the road for outside access, I don’t use them that way currently. The extra ports give me options. I hate buying things twice because I tried to skimp at the start. Burned myself several times on other things.

    The price wasn’t that much more to go quad, paid $35 shipped. Should be a real one too as the chips aren’t screen printed. Resale shouldn’t be hard if this doesn’t work out either. I’ll make sure to use clear pics of the chips to prove it’s real, not a Chinese knockoff, if it is one.

    How do you check if the chips are screen printed or not?



  • @Inxsible:

    @psycaz:

    I honestly went quad for a couple reasons. At the moment, I’m looking at three devices I want connected to pfsense and the vpn, so that lets me use one for wan, the other three direct to the devices,

    Will these 3 devices be able to talk to each other? If so, I can buy a quad NIC and attach them to 3 different switches thereby increasing the number of devices in my network instead of upgrading my 16 port switch with a bigger one in the future. It will save me the hassle of selling/trashing my 16 port unmanaged switch.

    @psycaz:

    hopefully better speed, less issues. I like having room should I want it in the future. I have a couple older nas devices I might want to connect down the road for outside access, I don’t use them that way currently. The extra ports give me options. I hate buying things twice because I tried to skimp at the start. Burned myself several times on other things.

    The price wasn’t that much more to go quad, paid $35 shipped. Should be a real one too as the chips aren’t screen printed. Resale shouldn’t be hard if this doesn’t work out either. I’ll make sure to use clear pics of the chips to prove it’s real, not a Chinese knockoff, if it is one.

    How do you check if the chips are screen printed or not?

    I’m not sure on your first question. I’m honestly guessing. I figure once I get it built I will see what I can and can’t do with it.

    The screen print part, there’s no white printing on the center of the chips. They look like the printing is etched into the chip  I can’t say 100% until the card arrives. That is one of the ways to tell the fake from real. The real are etched. At least from my reading. It’s starting to get jumbled with as many threads as I’ve been reading trying to decide on a build platform. I’ve decided I’m going to worry about building first. Then focus on how to set it up once it’s built. That way my focus can be on one thing at a time. There’s so much good info here it’s overloading my head. I keep going off on reading tangents and get lost on what I started out looking for.



  • @Inxsible:

    haven't really understood what quad NICs give you over a basic unmanaged switch

    Run discrete, separate subnets.  Although you can mimic this with a VLAN-capable switch.  To me, and only to me, discrete subnets easier to visualize than try to keep VLAN configs all in my head.  I like things simple and stupid.



  • @SammyWoo:

    @Inxsible:

    haven't really understood what quad NICs give you over a basic unmanaged switch

    Run discrete, separate subnets.  Although you can mimic this with a VLAN-capable switch.  To me, and only to me, discrete subnets easier to visualize than try to keep VLAN configs all in my head.  I like things simple and stupid.

    Ok. When you use small words like that, it helps dufus like me understand. Thank you.

    Since they are separate subnets, then I imagine devices in different subnets cannot and should not be able to talk to each other. For my home network, I have the following devices :

    • Main FreeNAS

    • Backup FreeNAS

    • 1 Tablet

    • 2 Phones

    • 1 desktop

    • 2 Laptops - work & personal

    • 1 network enabled TV

    So I don't see the need to separate them into different subnets as I use my laptops/tablet to sometimes check up on my FreeNAS boxes. The TV is the only thing I can choose to put in a different subnet so it can't be hacked into and access my main network. I might set up a DMZ in the future when I have learnt more about networking to host a webserver. I can set it up via a VLAN then.

    I will just go buy a Dual NIC for my new pfSense build and will shutup now and stop hijacking this thread.

    Thank you again.



  • Inxsible, we’re both in similar boats, so I know I don’t mind your questions.

    I have a Shield, two other Kodi boxes, Fire Tv, pc, and two nas’ I could put onto a network with vpn. Some don’t need to talk to each other, some I will want to. Some strictly internal, some possible external down the road.

    I’m trying to leave room to grow as well be able to max my throughout as much as I can without having to go crazy cost wise.

    Running the PIA apps for vpn on the devices significantly reduces my throughput. I want to offload that to pfsense to get better speeds. My pc will run near the gigabit speeds with PIA turned off. Turn it on, and I’m down to 300 (best ever), but usually between 150 and 30. That’s too much for my liking.



  • @psycaz:

    Inxsible, we’re both in similar boats, so I know I don’t mind your questions.

    I have a Shield, two other Kodi boxes, Fire Tv, pc, and two nas’ I could put onto a network with vpn. Some don’t need to talk to each other, some I will want to. Some strictly internal, some possible external down the road.

    I’m trying to leave room to grow as well be able to max my throughout as much as I can without having to go crazy cost wise.

    Makes sense. If I buy used, the difference between dual and quad is not huge – about $5-$10 on ebay. I just wanted to understand what quad NICs would provide over dual.

    @psycaz:

    Running the PIA apps for vpn on the devices significantly reduces my throughput. I want to offload that to pfsense to get better speeds. My pc will run near the gigabit speeds with PIA turned off. Turn it on, and I’m down to 300 (best ever), but usually between 150 and 30. That’s too much for my liking.

    Then you would surely need a better CPU than what you currently have in your pc.

    I intend to go with a J3355B since my internet speed is only 50Mbps down. Gigabit is currently too expensive for me given my usage.



  • I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.



  • @psycaz:

    I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.

    I run my VPN client in pfSense as well and route everything except my work laptop through it. I know you said it works fine on your iPad, but have you tried a different server for PIA?

    I had issues with 3 servers with my VPN provider before I settled on the 4th one. And the weird thing is that the 3 that were flaky were in the same city that I am in and the one that I am now using and has been stable ever since is 800 miles away.



  • @Inxsible:

    @psycaz:

    I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.

    I run my VPN client in pfSense as well and route everything except my work laptop through it. I know you said it works fine on your iPad, but have you tried a different server for PIA?

    I had issues with 3 servers with my VPN provider before I settled on the 4th one. And the weird thing is that the 3 that were flaky were in the same city that I am in and the one that I am now using and has been stable ever since is 800 miles away.

    I’ve tried multiple servers. I switch if I’m not seeing good speeds, hoping to find one. I find the Midwest to be the best for me most of the time. Every once in awhile I’ll need to move to the New York server.



  • @psycaz:

    @Inxsible:

    @psycaz:

    I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.

    I run my VPN client in pfSense as well and route everything except my work laptop through it. I know you said it works fine on your iPad, but have you tried a different server for PIA?

    I had issues with 3 servers with my VPN provider before I settled on the 4th one. And the weird thing is that the 3 that were flaky were in the same city that I am in and the one that I am now using and has been stable ever since is 800 miles away.

    I’ve tried multiple servers. I switch if I’m not seeing good speeds, hoping to find one. I find the Midwest to be the best for me most of the time. Every once in awhile I’ll need to move to the New York server.

    One thing with using VPN in pfSense instead of using a client on the PC itself is that it's not as easy to quickly change servers. You also cannot change servers for just one device/PC, unless you have already created multiple VPN interfaces in pfSense and route every device through a different interface.

    So, if you are using VPN only to hide data from your ISP, it shouldn't be a problem. But if you are using it to avoid geo-location then it might be a pain to constantly switch VPN servers. Also, as you may have noticed many websites/apps don't work behind a VPN.

    I recently noticed that TurboTax and TaxAct don't work if I am routing my desktop through the VPN interface. I have to go directly through my ISP. Same with Amazon app on the phone. The Amazon website works, but the phone app only shows me pictures of dogs and tells me "something went wrong"

    I am starting to think getting VPN is now more of a hassle especially when my wife starts complaining about not being able to shop on Amazon app while on wifi.



  • @Inxsible:

    @psycaz:

    @Inxsible:

    @psycaz:

    I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.

    I run my VPN client in pfSense as well and route everything except my work laptop through it. I know you said it works fine on your iPad, but have you tried a different server for PIA?

    I had issues with 3 servers with my VPN provider before I settled on the 4th one. And the weird thing is that the 3 that were flaky were in the same city that I am in and the one that I am now using and has been stable ever since is 800 miles away.

    I’ve tried multiple servers. I switch if I’m not seeing good speeds, hoping to find one. I find the Midwest to be the best for me most of the time. Every once in awhile I’ll need to move to the New York server.

    One thing with using VPN in pfSense instead of using a client on the PC itself is that it's not as easy to quickly change servers. You also cannot change servers for just one device/PC, unless you have already created multiple VPN interfaces in pfSense and route every device through a different interface.

    So, if you are using VPN only to hide data from your ISP, it shouldn't be a problem. But if you are using it to avoid geo-location then it might be a pain to constantly switch VPN servers. Also, as you may have noticed many websites/apps don't work behind a VPN.

    I recently noticed that TurboTax and TaxAct don't work if I am routing my desktop through the VPN interface. I have to go directly through my ISP. Same with Amazon app on the phone. The Amazon website works, but the phone app only shows me pictures of dogs and tells me "something went wrong"

    I am starting to think getting VPN is now more of a hassle especially when my wife starts complaining about not being able to shop on Amazon app while on wifi.

    See, my wife is why I’m only going to do wired connections to the box. The WiFi stuff can go on as they have been. I won’t have to hear about things not loading or working.

    If I need my pc to use a non-vpn connection, I’ll just switch cables to the ATT gateway.



  • @psycaz:

    See, my wife is why I’m only going to do wired connections to the box. The WiFi stuff can go on as they have been. I won’t have to hear about things not loading or working.

    If I need my pc to use a non-vpn connection, I’ll just switch cables to the ATT gateway.

    That's smart. You could also create an alias and add or remove your PC from that alias depending on whether that alias is being routed via the VPN gateway or the ISP gateway.

    For eg. I have an alias for my work laptop so that it goes out the ISP. When I needed to do my taxes, I just put my desktop in the same alias until I was done with the taxes and then removed it from the alias again.



  • Well the pc I was looking at acquiring is not available to me any longer. I’ll keep an eye out for something cheap but functional that’ll support AES-NI.

    I have an old Compaq with a Core 2 Duo E8600 in it I’m going to start with once the NIC gets here. It’ll give me a chance to play with and learn Pfsense while hunting a pc or parts.

    It’ll have 8gb ram and I’ll use that 16gb ssd as the hd. It should be enough for me to familiarize myself a bit with Pfsense.



  • @psycaz:

    Well the pc I was looking at acquiring is not available to me any longer. I’ll keep an eye out for something cheap but functional that’ll support AES-NI.

    I have an old Compaq with a Core 2 Duo E8600 in it I’m going to start with once the NIC gets here. It’ll give me a chance to play with and learn Pfsense while hunting a pc or parts.

    It’ll have 8gb ram and I’ll use that 16gb ssd as the hd. It should be enough for me to familiarize myself a bit with Pfsense.

    Keep us posted.

    I got myself a i340-T4 as well for the same price as that of T2 (at least when I was looking). Now I have my RAM and motherboard (AsRock J3355B) on order.



  • @Inxsible:

    @psycaz:

    Well the pc I was looking at acquiring is not available to me any longer. I’ll keep an eye out for something cheap but functional that’ll support AES-NI.

    I have an old Compaq with a Core 2 Duo E8600 in it I’m going to start with once the NIC gets here. It’ll give me a chance to play with and learn Pfsense while hunting a pc or parts.

    It’ll have 8gb ram and I’ll use that 16gb ssd as the hd. It should be enough for me to familiarize myself a bit with Pfsense.

    Keep us posted.

    I got myself a i340-T4 as well for the same price as that of T2 (at least when I was looking). Now I have my RAM and motherboard (AsRock J3355B) on order.

    Glad you found a t4 for the same price. Makes it easy on which to buy. My nic should be here Saturday so I hope to start this weekend.



  • This is not going as I’d hoped.

    The old pic I was going to use to toy with doesn’t have a slot to accommodate the i390-t4. So I decided to use my main pc (amd fx8320e) and just disconnect all the hard drives and use an usb drive to just try out pfsense.

    Install went fine. But I can not connect to the web GUI no matter what. Tried from two other computers. Tried reinstalling pfsense from scratch - twice. Tried with leaving the wan cable unplugged when installing. No luck. I can’t even ping the pfsense machine.

    I’m lost and confused. Time for a break and see if I can find where I making a mistake.

    Good luck inxisble. I hope your build goes well.



  • @psycaz:

    This is not going as I’d hoped.

    The old pic I was going to use to toy with doesn’t have a slot to accommodate the i390-t4. So I decided to use my main pc (amd fx8320e) and just disconnect all the hard drives and use an usb drive to just try out pfsense.

    Install went fine. But I can not connect to the web GUI no matter what. Tried from two other computers. Tried reinstalling pfsense from scratch - twice. Tried with leaving the wan cable unplugged when installing. No luck. I can’t even ping the pfsense machine.

    I’m lost and confused. Time for a break and see if I can find where I making a mistake.

    Good luck inxisble. I hope your build goes well.

    Not great luck here either.

    Got the J3355B board and RAM… tested well. No errors in memtest+. But once I connect the NIC and restart, I get the AsRock splash screen and then the motherboard shuts down. I might have to RMA the NIC back to Ebay :(



  • Update

    Found an old hard drive and used that, coupled with a single port intel nic I got off eBay. Finally got it up and running to play with. The computer has an e7600 core2duo in it.

    I did manage to snag a Compaq 6200 pro mt w i5-2400 in it relatively waiting for it to come in.

    Next problem is when using the old pc, my speed when connected to Pia are way lower than expected.

    Laptop through pfsense gets 400/400 off my gigabit line. Once I turn on PIA, it drops to 50-90/90, down/up.

    Changing the port to dmz+ on the 5268ac did nothing to change the speeds. I made sure to reboot the router and pfsense computer.

    Hoping it’s an issue with the e7600 not using aes-ni. The onboard nic in the pc is supposed to be intel. New pc is supposed to come in tomorrow. Should have it up and running in an hour if it does.

    Here’s hoping for better luck.

    Better luck to you to Inxsible


  • Netgate Administrator

    What throughput are you expecting to see over OpenVPN?

    400Mbps is fast for OpenVPN using a single connection. Also many providers will not reach that speed, though I believe I've seen reports PIA will.

    Steve



  • The 400 was with openvpn not setup yet. I was just testing connectivity.

    New pc came in yesterday. I can’t get the i340-t4 to work. But I got it all running with the single port nic I picked up.

    900+ up and down just testing connectivity. Once OpenVpn was setup for PIA, I got 300-400 down, 250-300 up. That’s with pfsense not set on my 5268ac to DMZ+ To completely bypass the gateway.

    That’s faster than I’ve ever been able to get at night with any device in my house for PIA. I’m quite happy with that. I realize I could probably get faster using the DMZ+ function to completely remove my 5268ac gateway from the equation, but I want to make sure I don’t leave the other things using the gateway exposed to the web.

    Next, I wouldn’t mind figuring out how to add wireless internet access through pfsense now. The pc doesn’t have any wireless adapter that I setup pfsense on. Reading up on if it’s possible and what would be required to make it work.


  • Netgate Administrator

    It's almost always better to use an external access point of some sort. You can usually position it better and you can get whatever the latest greatest wifi technology is. With a wifi device in pfSense you can only use 802.11N.

    Steve



  • Thanks Steve.

    Is there one that’s recommended?

    I have a Netgear R7000 I could try to use if that would work. Never could get it setup the way I wanted. That’s running did-wrt. I can put the firmware to stock too.



  • @psycaz:

    I have a Netgear R7000 I could try to use if that would work.

    Why wouldn't it work? what's wrong with it?

    Never could get it setup the way I wanted.

    Which is?

    If this R7000 has a WAN port, the easiest way to set it up is in bridge mode (no NAT) and simplest to integrated into a LAN with a dedicated FW.

    Buy I agree with him, have your WIFI in a separate box because your FW will tend to be in a corner closet, while the WIFI antenna most likely needs to be centrally located, in between other advantages as already mentioned.


  • Netgate Administrator

    Yup, should work fine. I imagine DD-WRT gives you some more options over the default firmware including 'access point only mode' or something similar.

    Even if it doesn't you can just disable DHCP on it and connect to it's LAN ports.

    https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense

    Steve



  • run ddwrt on the r7000, add a laptop cooler to power off the usb port, as use it as a AP

    let the pc do pfsense



  • @SammyWoo:

    @psycaz:

    I have a Netgear R7000 I could try to use if that would work.

    Why wouldn't it work? what's wrong with it?

    Never could get it setup the way I wanted.

    Which is?

    If this R7000 has a WAN port, the easiest way to set it up is in bridge mode (no NAT) and simplest to integrated into a LAN with a dedicated FW.

    Buy I agree with him, have your WIFI in a separate box because your FW will tend to be in a corner closet, while the WIFI antenna most likely needs to be centrally located, in between other advantages as already mentioned.

    I could never get it to work correctly connecting to PIA through my gateway. Even if it said it was connected to PIA, none of the computers connected to the r7000 showed being on the vpn. Other times, it would drop the connect and never let me re-establish it without a complete reboot of TE router. That reset all of the setting for PIA.

    Left alone without PIA, it worked fine.

    I gave up on it for a while. That let me to pfsense, which I love.



  • Thanks fo the info on using the r7000. I’ll work on that this coming weekend.