• I've used pfsense in the past and am looking to build a nice little atom d510 box for home use to get pfsense again. I've searched the forums and say some people talking about the  supermicro X7SPA-H-O but I couldn't find a clear answer to what I want to do.
    I'm looking at getting that board and putting about 3gb of ram into it. This will be for a small home network of no more than 5 users. I'm wanting to run openvpn (wouldn't have users on it all the time and most likely only be used by myself from my android phone or from my netbook when I'm connected to a wireless network somewhere else), freeradius (possibly used with the yubikey pam module for authentication with a wap and with openvpn), snort, and qos for controlling the network to get the best ping for gaming. I realize for my uses that this is probably(more than likely) very much overkill. I'm also probably going to be getting uverse 25mbps soon.

    My question is will this setup be able to handle what I want to do without too much drop in throughput?

  • No idea about snort in particular to be honest, but I doubt I would run it directly on a firewall myself. I'm currently running two of these (with 1GB memory, 2GB SATA flash and an extra intel server adapter) in production. For the record, including IPMI (~13 Watt) they only draw about 40 Watts of power. One is used in a colo rack with 100Mbit uplink and pushing most traffic over IPsec / PPTP VPN. The other one is used in the office with two DSL uplinks (load balancing / failover) and two LAN segments. I haven't yet tried pushing the hardware to its limits though. You will want to run a full install on these motherboards and install the SMP kernel to take advantage of the dual core + hyperthreading features.

    I think that at that rate (25Mbps) there's no reason to believe this hardware is not up to the task, but there's only one way to find out.

  • Yeah, I was planning on running a full install with smp. I also know it's best to have your own box for each service (freeradius/vpn/firewall/snort/etc) for security reasons but with this being a home network and a limited budget I feel I can get away with it on one box. This is going to be much better than the modified linksys wrt310n running dd-wrt that I currently have. I know I really don't need all of what I'm planning on running but if this box can handle it without too much of a drop I'm going to test it out.

  • stokhli,

    You will be fine :)

    The only thing that could cause an issue is snort, and as scoop says just give it a shot and try it. Apart from that, the rest is perfect for what you want to do.

    Enjoy pfSense :)

    Scoop: you're not pushing 100Mbps IPSEC traffic with an Atom are you?

  • No, not by a long shot currently. They're several AES-256/SHA1/DH5 IPsec tunnels, so I doubt it'll ever reach interface speed. But I'm happy to try it next year as soon as a remote peer also has 100Mbit/s. :)

Log in to reply