Hardware recommendation for homeuse

jagradang

Hi Guys,

New to the forum but have been browsing for a while so kind of know my way around. My current setup is under performing for what i need so desperately looking at a more suitable solution.

I currently have an asus ac68u router running merlin but with my vpn requirements is now heavily under-performing.

I want the following setup (for home network)-

• normal setup - DNS, dhcp with static ips etc.

• openvpn server to access my home cctv unit (without having to open ports)

• 2x openvpn client (NordVPN) - split connections as required on the network. and achieve full internet bandwidth

• Internet speeds for 100M line (this is where Asus router really struggles with openvpn)

• thinking of snort and squid if required - so capable of running those if required

• NAT and other basic firewall rules

• Would like to lock down/issolate CCTV so i can block all external traffic to/from it - I can access it only by vpn

• It'll be connected to modem and into 24 port gigabit switch (so only 2 ports really required)

Thinking of setting this up on low powered hardware so it doesn't cost an arm and a leg to run 24/7 and also would like to run this in an esxi vmware. Mainly because i also need a unifi controller for my Ubitquitti ac pro so would be good to run this on same machine.

I have a HP N36L microserver ( only has 2gb ram and the 1 standard NIC). I was thinking to get it up and runnnng i can

• buy a 16Gb usb to run esxi (or run it off the same 2.5" hdd as below)
• Buy 4gb RAM (should be enough for the 2 machines?)
• quad hp Gig NIC
• 1x 2.5" hdd for vms (already have this)

I think CPU power wise it'll be fine but my biggest concern is running cost (power consumption) which from other forums sounds like it could be around 45w-60w (potentially costing around £85 a yr to run in the UK which is very high). (unless anyone else on here has any experience on how much power usage this would be?)

Alternative being either another machine with low power esxi for both machines OR rasberry pi3+ for unifi could controller and a low powered pc for pfsense

Any help and support would be really appreciated. Hopefully i haven;t bombarded you guys with too much info (or not enough).

uptownVagrant

I don't know what your budget is but you are going to want something with AES-NI support going forward.
https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html

I'm using an Intel C2558 (15 watts TDP) based board for a 100Mbit circuit used with openvpn and IPsec - you might be able to get away with a C2358 (7 watts TDP). If you look into the C2000 series make sure you're looking at new because there was a defect in earlier revisions. See Intel AVR54.

Many of the currently sold netgate appliances are based on the Intel C3000 series so a big hint there.
https://www.netgate.com/products/appliances/

netblues

Well, your microserver is a bit old. (a 2011 model) 2 core cpu, up to 8 g ram and it needs something like 30 watts of power at least. (I suggest you grab a cheap plug type power meter from ebay and use it to measure total consumption).
Having said that, especially for vpn performance you do need hardware offload of aes, so a newer cpu is needed.
If you consider a new microserver the gen10 based on x3216 was a tdp of 15wats and supports AES too..
With a little bit more power you could also go for 4 cores and run a kvm for other things too.

Regards

jagradang

Thanks guys for the reply. It's kinda what I thought so wanted to check before I went ahead and spent lots of money trying to fix my old horse.

The biggest issue I have with new hardware is that here in the UK everything is so expensive. I quickly looked at the c2558 at I'm looking around £400 for descent hardware which is well out of my budget for a router. I would be looking around £150 max. Ideally closer to the £100.

I think I need to really look harder and shop around a bit for the best hardware and maybe if I can get other uses out of it I can probably increase the budget a bit.

Brett-Tech

@jagradang
DISCLAIMER: I haven't set this up yet, waiting on shipment will update when arrived if everything worked out.
I was in the exact same situation as you this past week. I finally decided on buying a laptop with a broken screen off ebay to put pfsense on. You can get these broken laptops really cheap (as-is) and they come with a bunch of built-in benefits.

• built in UPS (battery)
• low power (look for TDP 15w or less chips)
• AES-NI (just about anything 3rd gen Intel or newer has this as well as some 2nd gen chips). you can look up chip specs here: https://ark.intel.com/#@Processors

Look for one that has Gigabit Ethernet and at least one usb3 that you can plug in a usb ethernet adapter.

I bought mine yesterday for about $80 USD shipped taxes inc. I only need to pick up an adapter (~$15 USD).

Tips I learned for narrowing the search on ebay.

• category: Computers/Tablets & Networking > Laptops & Netbooks > PC Laptops & Netbooks
• max price: slightly higher than what you targeting ($85 for me)
• item location: only search within your country (Customs fees kill us on international shipments here so I wanted to avoid that even if the selection was much smaller/slightly more expensive.)
• sort by: ending soonest
• Don't forget to include shipping + tax in your calculations.

netblues

A laptop is an option, just make sure the fans work and take some time to clean it from internal dust.
Laptops weren't designed to be always on devices, however without high load and descent cooling it will do the job.
Forget about the usb lan interface. Shaky and unstable in general for what you are trying to do
Get a cheap managed 5 port switch. It will give you 4 lans at gigabit speed with mininal power requirements and far greater stability.

Brett-Tech

@netblues thanks for the tips!

edit: does the switch sit between the router and modem? if not don't i need 2 ethernet ports for modem > router > switch?

netblues

What router?
If you go for a pf solution, then most probably you will eliminate the router completely.
Why do double nat to begin with?
pf most probably will be doing a pppoe call to your isp
But there are other options too, please provide more info.
In any case pf being a network box will be taking ethernet either natively or ppp over ethernet.

Brett-Tech

Sorry where I said router i meant pfsense (laptop with one Ethernet).
Ok so currently I'm connected:

• cable modem -> Asus RT-AC68u -> LAN

I figured I would need a usb ethernet to do:

• cable modem -> pfsense -> Asus RT-AC68u -> LAN

With the ASUS just acting as an AP.

You mentioned getting a switch instead of usb ethernet adapter. Since there would only be 1 ethernet port on the pfsense laptop both In(WAN) and Out(LAN) would be over the same cable so I would need some kind of tagging with the switch between the modem and pfsense. Right?

• cable modem -> switch -> pfsense -> back to the switch -> Asus RT-AC68u -> LAN

If this isn't what you meant I apologize as I am quite new to the networking side of things. Ultimately the reason for switching to pfsense was because my ASUS router couldn't handle the OVPN connection. The laptop was because I didn't really have much budget and since it is a home network I don't need 100% up-time guaranteed a reboot every so often is fine.

no_jah

If you're lokking for something at around £150, maybe consider something like this:

https://goo.gl/uDhESU

netblues

@no_jah said in Hardware recommendation for homeuse:

If you're lokking for something at around £150, maybe consider something like this:

https://goo.gl/uDhESU

Well this is much more robust and straight forward, however I doubt it will be 150 quid with 2 gigs and an ssd.
The op has already a laptop if I recall ¨)

no_jah

@netblues

If you select 2gig ram 32ssd, and Q370Y4 bundle you will land at $215, wich is about £168 plus shipping

netblues

@brett-tech said in Hardware recommendation for homeuse:

Sorry where I said router i meant pfsense (laptop with one Ethernet).
Ok so currently I'm connected:

• cable modem -> Asus RT-AC68u -> LAN

I figured I would need a usb ethernet to do:

• cable modem -> pfsense -> Asus RT-AC68u -> LAN

With the ASUS just acting as an AP.

You mentioned getting a switch instead of usb ethernet adapter. Since there would only be 1 ethernet port on the pfsense laptop both In(WAN) and Out(LAN) would be over the same cable so I would need some kind of tagging with the switch between the modem and pfsense. Right?

• cable modem -> switch -> pfsense -> back to the switch -> Asus RT-AC68u -> LAN

If this isn't what you meant I apologize as I am quite new to the networking side of things. Ultimately the reason for switching to pfsense was because my ASUS router couldn't handle the OVPN connection. The laptop was because I didn't really have much budget and since it is a home network I don't need 100% up-time guaranteed a reboot every so often is fine.

The managed switch will give you 4 lan interfaces for pf, effectively quadrupling the 1 laptop port.
It is just that the 4 ports are sharing 2 gigabits of bandiwdth (one 1 one out since we are fullduplex)
More than enough, as long as you are not routing among your lans moving large files around. (e.g. movies).

So one port will talk to the modem, and one to your lan.
The wifi is just a lan device.
Having said that, perhaps you want to separate the wifi, use a captive portal for guests etc.
You have two additional ports for that.
A managed switch sells for $30 more or less, and will give you the joy of hassling with vlans.
Not that difficult once you get a hold of it.
As a solution is very robust and reliable.

netblues

@no_jah Indeed. And there is a possibility it will also incur some customs fees, lets say another 40 quid?
So we are not looking at 150.
Moreover, the laptop has a screen and a ups.
For an office not really important

For a home, it another story

Babiz

I also try to play around with laptop, and four usb nics trought usb 2.0 hub, it's working but no prformance at all, better deal with vlans and managed switch can handle gigabit port of laptop on board and or additional PCI express 34 network card for WAN side is a must for psycally isolate network, like this: Link:

and of course laptop must to have pci express card 34 slot too.

Anyway my first choiche for home office pfSense router is APU box , look great piece of hardware for my customers :D duh.

Goodbye

Brett-Tech

Thanks for the replies, pretty sure I understand what is going on now. Do you have an example of a managed switch I could reference when looking for something similar?

netblues

@brett-tech
D-LINK DGS-1100-08. Retails at 32 euros, with 8 ports. A bargain.
What you are looking is 802.1Q feature.

no_jah

@brett-tech

How many ports do you need?
I can recommens Netgear smart switches, I have one GS724T v4 (24 ports), and a couple of GS108T v2 (8 ports)

Brett-Tech

Great thanks for the help guys! Definitely don't need anything too heavy duty 8 ports is plenty. If in the future I get more into the networking side of things or my needs change I can upgrade then.

Babiz

@brett-tech I advice you to avoid tp-link SG xxxE series at all, they do not handle vlans propely, I have some v2.0 hardware and its gets packets errors with only one vlan trunk setup.. too bad. (If the newer hardware revision/firmware fixed this issue, I don't know lol)