Building Standardized Router

  • We've built quite a few Untangle routers for clients over the years, but pfSense offers more via VPN and QoS.  Generally these routers have been  built using whatever stock we were using at the time.  Since as a company we are getting more and more into VOIP, pfSense seems to be a better fit.  With the advent of all the low power stuff coming out, we've thought about building a standardized router that we can use.  Something more like a router and not a PC that we use as a router, small and compact with minimal power usage.  Atom's seem good, but only come with one NIC.  There are some Jetway boards with some nice features like extra ports that go into the back IO shield, but I don't know the brand and it seems difficult to get the parts.

    Has anyone had good success building a compact router using pfSense?  I like the idea of using a case that doesn't use a full power supply, but rather something like a picoPSU.  I've read that there are even some boards that have the power built in.  We'll just use a small SSD for storage so 65W should be plenty of power.  I see some nice sites with some interesting products, but none of them are stateside.  They seem to be in Europe.

    Whatever we decide to use, the model line needs to have continuing availability.  That means it'd be best if it came from a larger company like Asus/AsRock, not a company like JetWay where it seems difficult to get the parts.  We don't want to be looking for parts every time we need to build one.  That's what this endeavor is supposed to do away with.

    Thanks for any help!

  • I have a couple of Jetway mini-ITX systems with daughter cards I use to run pfSense on my home network. Both use a PicoPSU. One uses an external switchmode 12V "brick" the other piggy backs off the 12 V supply of a nearby computer. I agree the Jetway parts are not especially easy to source but stock them and ship outside the UK.

    If I was starting afresh I would use a fanless motherboard and a VLAN capable switch as a "port multiplier" to get additional ethernet interfaces without using a PCI slot.

    The Intel D510MO mini ITX board is passively cooled and has a PCI Express mini card slot as well as the PCI slot. The ASUS AT5NM10-I is also fanless. Both seem to be available at reasonable prices. I have no experience with these boards.

    If you search the forums for ITX you will probably find mention of MSI boards and SuperMicro boards with multiple LAN ports that are known to run pfSense but these seem considerably more expensive than the boards I have mentioned.

  • I've had nothing but success with pfSense on alix boards for SOHO use.  Netgate is an excellent source for them in the US and a major supporter of the pfSense project besides.  For larger installations, I've had a great deal of success with supermicro hardware, although this hardware is generally overkill for anything except very high performance environments.

  • How powerful are the alix kits compared to something like a Linksys RV082?  With the RV line we need to turn off features such as SPI because it can't handle the traffic without screwing up the voip.  RTP needs to come every 20ms for smooth audio and the RV line just doesn't have the power to do it with SPI enabled.  I need to be able to comfortably sit 50 users behind one.  Is the Geode powerful enough to run pfSense with everything turned on like filtering, traffic shaping, and SPI?  I like the Netgate m1n1wall 2D3 / 2D13 and only a few dollars more to have them assemble it and install the OS is nice.  It's essentially what I would like to make, but is it powerful enough?

    Actually, I just reviewed benchmarks for the Geode and they don't seem to do well, especially with VPN.  :(

  • There's no price on the site for the items that I can see.  What's the price range?

    Also, has anyone checked out  They seem to have some pretty nice stuff from what I can tell.  I can put together a box for between $275 (including a separately sourced NIC) and $400 (going all out).

  • I've had very good luck with the Hacom stuff.  They even have a few articles that describe the throughput differences of their boxes.

  • @Stewart:

    There's no price on the site for the items that I can see.  What's the price range?

    Mine ran a little under $2K for the two boxes, rack mount hardware (you want one unit with the rackmount kit and one without it if you're going to mount them in a single RU), two C2D T7400 CPUs, 4GB of RAM each, and a pair of 8GB SLC CompactFlash cards for full installs.

    You could probably do a bit better on the units themselves if you're buying multiple to resell.  You could also save some cash by using less RAM, slower CPUs (I originally installed Celeron M 440 CPUs because I already had them sitting around, and the T7400 was kind of hard to find in stock), or 2.5" hard drives instead of SLC CompactFlash (MLC cards + NanoBSD would also work to lower the price).

  • @submicron:

    I've had nothing but success with pfSense on alix boards for SOHO use.  Netgate is an excellent source for them in the US and a major supporter of the pfSense project besides.

    Taking a SOHO basis up to 10 hosts, alix2d3 + 4gb CF: is that enough running pfsense+squid/havp+snort

  • Hacom is another heavy supporter of pfSense and while I have no personal first-hand experience with their gear, a number of pfSense commercial support customers have used it with complete success.  Definitely another recommended vendor.

Log in to reply