Under $125 USD build recommendation for 600Mbps WAN



  • I am trying to build a pfSense router for a non-IT friend for under $125 -- the cheaper the better -- and he has 300Mbps Internet currently. He is planning on getting that to 600Mbps once his current contract is up.

    His needs are pretty basic.

    • VPN server -- for his family to connect to his network.
    • Maybe a VPN client -- possibly ExpressVPN
    • Firewall
    • Basic Routing & DHCP
    • Maybe a couple of VLANs -- to separate the IOT devices from the LAN on my suggestion
    • pfBlockerNG-devel

    So again, very basic usage. I was looking at old Core i5 based SFF desktops for about $90 - $120. He has mentioned that the look of the unit doesn't matter to him, although I am not sure he realizes yet that this will be a big desktop. But I think even that is way too overkill for his needs. I started looking at a few Core-i3s but most of the older i3s don't support AES-NI. And if there is something more "router like" in looks then it would be easier for him to accept.

    Would you be able to recommend something that I can look into? I have already disregarded Qotoms/Protectli as the ones that support AES-NI seem to be around $300 which is out of his budget. None of the "mini-desktops" would work because there would be no way to install a Intel 340-T2 or 340-T4 card in those boxes

    Thanks,



  • @Inxsible

    Out of the box sg1100 not shure how much routing it can handle $<300 I think

    Self build use Intel NICs
    For a goooood reason ;)


  • Netgate Administrator

    How much of that 600Mbps has to be encrypted? That is by far the biggest requirement on the list if you want to use the full 600Mbps.

    Steve



  • Cheap, Fast, Reliable

    Pick two.



  • Ought to be able to find a throwaway i5 by now. AES/NI has been available since 2010. Yes, SFF would be nice, but if space permits just use a standard size.



  • @Inxsible said in Under $125 USD build recommendation for 600Mbps WAN:

    He has mentioned that the look of the unit doesn't matter to him, although I am not sure he realizes yet that this will be a big desktop.

    IMO it's worth speaking with him about that first as the box will be sitting in his home for years, he may then be more inclined to spend a few bucks more for a smaller and quieter box.

    For a 600 Mbps line a 3865U Kaby Lake Celeron is enough (supports AES-NI, does about 330 Mbps OpenVPN, will do more with WireGuard), it goes for $170 on Aliexpress by one of the brands you mentioned, not including RAM and SSD which are best bought from Crucial (around $40 for 4+120 GB).



  • @noplan said in Under $125 USD build recommendation for 600Mbps WAN:

    Out of the box sg1100 not shure how much routing it can handle $<300 I think

    Yeah, I had checked the Netgate devices, but again they are out of his budget from the get-go just like the Qotoms & Protectli that I mentioned.

    @stephenw10 said in Under $125 USD build recommendation for 600Mbps WAN:

    How much of that 600Mbps has to be encrypted? That is by far the biggest requirement on the list if you want to use the full 600Mbps.

    As much as possible, but like I said, he is currently on a 300Mbps line... so if he can get a bit better than 300Mbps it should be fine. Again he is non-IT -- so it's not like he is sitting with an iPerf measuring device counting each and every byte that is passing through his network. But it should definitely be an improvement over his current setup which doesn't have a VPN server or client.

    @Cool_Corona said in Under $125 USD build recommendation for 600Mbps WAN:

    Cheap, Fast, Reliable
    Pick two.

    Umm.. I think an used i5 desktop would satisfy all three which is what I was looking at. I was just hoping if there was another option -- which would be more palatable in terms of looks. Regular folks think of router as this small device --- and Comcast & others has them spoiled by letting them think that a cable modem/router/wireless should be all 1 device.

    @provels said in Under $125 USD build recommendation for 600Mbps WAN:

    Ought to be able to find a throwaway i5 by now. AES/NI has been available since 2010. Yes, SFF would be nice, but if space permits just use a standard size.

    Yeah, that is what I was looking at... and there are plenty of old i5s available...

    @thegriffin said in Under $125 USD build recommendation for 600Mbps WAN:

    IMO it's worth speaking with him about that first as the box will be sitting in his home for years, he may then be more inclined to spend a few bucks more for a smaller and quieter box.
    For a 600 Mbps line a 3865U Kaby Lake Celeron is enough (supports AES-NI, does about 330 Mbps OpenVPN, will do more with WireGuard), it goes for $170 on Aliexpress by one of the brands you mentioned, not including RAM and SSD which are best bought from Crucial (around $40 for 4+120 GB).

    Yeah... I am going to have a talk with him today and explain as best as I can that within $125 he would have to live with a SFF desktop at best. Not sure if he can go upto $200 -- not everyone can -- but if he can then maybe I can look at the one that you mentioned.

    Usually people just think of it as --- $125 up front vs "just" $10 per month for the rental of an all-in-one device that Comcast would rent to them which to them is "a year's worth of money up front". Now when I tell them it would be $200 or $300 -- that for them is 3 year's worth.



  • Maybe a used netgate, apu2, protectli, or similar device if they're around?

    Thinking outside the pfsense box for a minute, for less money you can try a used or even new consumer grade router running a decent open source firmware which is still supported, e.g., tomato, ddwrt, openwrt, asus merlin, and such. Since cost is the biggest concern, that is going to be one of the lowest cost options which may check most, if not all of the boxes and also check the bonus boxes for form factor and power consumption. Those routers/firmware could be hit or miss if you don't do your homework. You would not get the benefit of working with pfSense of course, but if money is the major concern consider that an old processor in a desktop PC going to eat significantly more energy than a consumer grade router. Up front cost is only part of the total cost picture. Also, even with a pfSense box you will have to deal with connecting wifi access points to that box which would be a seperate cost. What I mention above includes all that and for less up front and long term operating cost. It's not pfSense, but what you're asking for is hard to satisfy.


  • LAYER 8 Global Moderator

    Well the sg1100 can do 800 IMIX from reported benchmarks..

    That is only a hair over the 125 budget.. I would suggest you go that route.. If money is that big of an issue..

    Really depends on what sort of traffic he will be doing to be honest..

    Keep in mind that the money you save on just getting some old desktop, prob going to eat up your upfront savings in elec cost over life of the unit.. 50+ watts idle vs say 10-20w..



  • @Raffi_ said in Under $125 USD build recommendation for 600Mbps WAN:

    Maybe a used netgate, apu2, protectli, or similar device if they're around?

    Haven't found older devices which are significantly cheaper on ebay.

    @Raffi_ said in Under $125 USD build recommendation for 600Mbps WAN:

    Thinking outside the pfsense box for a minute, for less money you can try a used or even new consumer grade router running a decent open source firmware which is still supported, e.g., tomato, ddwrt, openwrt, asus merlin, and such. Since cost is the biggest concern, that is going to be one of the lowest cost options which may check most, if not all of the boxes and also check the bonus boxes for form factor and power consumption. Those routers/firmware could be hit or miss if you don't do your homework. You would not get the benefit of working with pfSense of course, but if money is the major concern consider that an old processor in a desktop PC going to eat significantly more energy than a consumer grade router. Up front cost is only part of the total cost picture. Also, even with a pfSense box you will have to deal with connecting wifi access points to that box which would be a seperate cost. What I mention above includes all that and for less up front and long term operating cost. It's not pfSense, but what you're asking for is hard to satisfy.

    That's a fair assessment and I agree with your logic. The thing is handling DD-wrt and the likes are real hit or miss. I recently bricked my Netgear N300 router when I tried to upgrade the DD-wrt firmware that it was running. Secondly, I will be the go-to person for anything that might go wrong with his network -- I already am -- so I don't want to deal with something that is too cumbersome to upgrade and or change.

    Again, he said he wasn't concerned with the looks of the router. It was just me thinking I'd try to give him something as palatable as possible within his budget. I wanted to assure myself that I am not missing out on some device which I didn't know about that could be suitable for his use case.
    Since he is switching out of his Comcast all in one device -- he already knows he has to spend some more money on the Cable Modem (~$40) and 1 or 2 wireless AP (~$60 each). Which is why he initially told me to keep the router under $125... because in total he would have to spend about $225-$285.

    Once I have a talk with him tonight, he will either be ok with a SFF desktop or he will have to increase the budget -- Then I will know which route to take.

    Thank you all.



  • @johnpoz said in Under $125 USD build recommendation for 600Mbps WAN:

    Well the sg1100 can do 800 IMIX from reported benchmarks..
    That is only a hair over the 125 budget.. I would suggest you go that route.. If money is that big of an issue..
    Really depends on what sort of traffic he will be doing to be honest..
    Keep in mind that the money you save on just getting some old desktop, prob going to each up your upfront savings in elec cost over life of the unit.. 50+ watts idle vs say 10-20w..

    Well he wants to be able to use VPN client & server --- which might be a problem for the SG1100 because as per Netgate, the IPSEC VPN traffic drops to 46Mbps under IMIX. Also SG-1100 mentions an IMIX of 480Mbps not 800. iPerf is 880Mbps yes.

    He might have 2 or 3 connections to his VPN server -- so not too many connections but I really don't want his network to slow down compared to what he has now which is 300Mbps WAN -but no VPN.

    I have already explained to him that he is never going to get the full WAN speed when using VPN -- but dropping to 46Mbps might be too noticeable.


  • LAYER 8 Global Moderator

    Sounds like its family connecting to his device for vpn..

    What is his upload? 300 or 600, with only 10 up, means his vpn clients only ever going to see 10max pulling anything from his network.. Doesn't really matter what his download speed is.. And that would be spread across how many users he has at any given time..

    His current connection is 300/300?

    What are their speeds? Not sure why you would be worried too much if upload of client and server are in the 10/20 range ;)



  • The HPT730 thin client is frequently on ebay, and right now there's one for $94 USD. So, if you can find one of these, with enough RAM, you might have to add a hard drive and a network card. It should be really close to your $125 budget box price.

    Another good option is the HP T620 PLUS. Be careful with this one, because I think there's a really small one, but you've got to look for the one you can add an expansion card to - the ethernet network card.

    Hope that helps.



  • @johnpoz said in Under $125 USD build recommendation for 600Mbps WAN:

    His current connection is 300/300?

    Really difficult to find the upload speed listed on Comcast. I searched for his address and didn't find any reference to upload speed for any of the plans in the details.
    But I found this https://www.xfinity.com/networkmanagement which indicates 35Mbps upload for the 300Mbps download tier.

    Considering that the information is a bit over a year old, and hoping that Comcast made some improvements, I would think it wouldn't be better than 50Mbps upload. But I can ask him tonight if he knows what his upload speed is.

    @akuma1x Thanks, I will look at those and see if those fit better to his use case.


  • LAYER 8 Global Moderator

    Well have him do a simple speedtest, what does it show for upload?

    I was on comcast for years, I doubt its 50 ;)

    And I think you were reading the gig teir for 35.
    https://www.xfinity.com/networkmanagement
    300 Mbps 318.2 Mbps(1) 25 Mbps 29.7 Mbps(1)

    Lets say he can do 50.. I would be flabbergasted if does on comcast. Then something that can handle 45, seems ok to me..

    Part of the reason I moved away from comcast was the horrible upload in their packages.. I moved from a 75/10 plan to a 500/50 plan with different isp for less money..



  • @johnpoz said in Under $125 USD build recommendation for 600Mbps WAN:

    Well have him do a simple speedtest, what does it show for upload?
    I was on comcast for years, I doubt its 50 ;)
    And I think you were reading the gig teir for 35.
    https://www.xfinity.com/networkmanagement
    300 Mbps 318.2 Mbps(1) 25 Mbps 29.7 Mbps(1)
    Lets say he can do 50.. I would be flabbergasted if does on comcast. Then something that can handle 45, seems ok to me..
    Part of the reason I moved away from comcast was the horrible upload in their packages.. I moved from a 75/10 plan to a 500/50 plan with different isp for less money..

    Yes, you are right. It is pegged at 25Mbps not 35. I read that incorrectly.

    I will have him do a speed test today and explain to him the various scenarios. Maybe the SG-1100 could possibly come back into the fore especially if he can up the budget from 125 to 200.

    Thanks.



  • @Inxsible said in Under $125 USD build recommendation for 600Mbps WAN:

    I will have him do a speed test today and explain to him the various scenarios. Maybe the SG-1100 could possibly come back into the fore especially if he can up the budget from 125 to 200.

    Thanks.

    Though if he's also thinking about using a VPN service (you mentioned ExpressVPN on your OP) he needs a VPN throughput closer to his download speed.



  • @Inxsible I have Comcast 300 Mbps download service. The uploads are capped at 10 Mbps.



  • This post is deleted!


  • I had a chat with my friend and he is fine with the desktop size box as it will sit in his basement closet. I guess I just have to find a old i5 based desktop and a Intel 340-T2 or T4 card for him. He doesn't want to go up too much in the budget however.


Log in to reply