Recommendation for home user with VPN, Snort & fanless
-
Hello everyone,
I appreciate you taking a look at my request, any recommendation is very helpful. I will provide some background on my usage, to give you a better idea on hardware recommendations you may have (if you have any specific networking advise feel free to let me know!).
Current internet: 50Mbps/10Mbps -> I will potentially be relocating for work into an area where I will have access to faster internet within a year.
There are only two users on the network, my girlfriend and I. I have a work laptop, personal laptop, and a main desktop. (I have some additional systems I play around with but they are not typically on), my girlfriend has one laptop system she uses and our smart phones are always connected when at home. Additional network traffic includes an Apple TV (may be switched to linux style alternative and a second one added to the bedroom) and a few wireless cameras that are currently just setup for viewing.In the near future I will be adding a NAS that will have dual 10/100/1000 cards an am hoping to bond these together as it will be a location for system backups, file storage, and movie streaming to the AppleTV(s). It is possible that I will add more cameras and finally set them up to record to the NAS. I am a developer and work from home often with need for reliable VPN connection to use our development systems.
Packages:
I am hoping to use the following at a minimum on top of the typical router functionality: Snort, VPN server, VPN client (to redirect torrent traffic to a specific always on VPN), maybe Squid for caching, and something for dynamic DNS direct (do not have static IP). I may use others as I learn about them as I do like to tinker.I already started a build but my motherboard was DOA and they will not have a replacement for a few weeks, at this point I began to rethink the build I was going to use which included: Gigabyte ga-j1900N-D3V, 4GB ram, 32GB SSD running on a 120watt picoPSU. It seemed like a good idea but started to have second thoughts regarding the power of the CPU, lack of AES, the onboard NICs (Realtek) and lack of PCI E for additional NICs, I do have a mini PCI E gigabit card from another project ( http://www.amazon.com/StarTech-ST1000SMPEX-Express-Gigabit-Ethernet/dp/B006VCPB2S ) but I am not sure if it is even compatible plus I have to get a half mini PCIE to full mini PCIE adapter as it seems the motherboard is using the half size. I do like the idea that the system is completely fanless as until I own my own house I cannot always guarantee that the router will be out of the way but something with very little noise would work but is not optimal.
Please let me know if you have any recommendations on different motherboards/CPUs(celeron/atom/pentium/i3?) and network cards(a total of 4 is optimal). I had never really looked into the low power CPU market before this build thus learned the hard way just because intel produces the CPU does not mean it can be purchased retail!
Thank you very much for read!
Edit: Forgot to mention my price range, I would like all components to come out to around $400~ but less is also great. I already have a few small form factor cases, ddr3 ram, the SSD and the power supply I mentioned above. If I don't end up needing some of those components I can always return them.
-
I would say that CPU is quite a good choice for your current requirements, perhaps not if you up your WAN bandwidth significantly. There is much talk about AES at the moment but given that an Atom D510 can push ~50Mbps of VPN traffic the J1900 should have no problems maxing out your connection.
Choosing Intel NICs over Realtek is always going to be a wise decision.That particular board seems to have some issues, maybe a good thing it was DOA!
https://forum.pfsense.org/index.php?topic=73518.0Steve
-
I have to admit I ordered that board even after seeing those posts.. maybe I just enjoy the pain :/ . The issues were suppose to be fixed with the new BIOS but that does not help when you cannot boot it. Do you have any recommendations for a board/cpu combo that may come with intel chips and have a REAL pcie for adding additional network cards? I stumbled on a different configuration using one of the 35W i3 + akasa euler case and thin mini-itx but it seems that case does not have room to add any network cards at all so I would be stuck with the 2 NICs on most of the thin mini itx motherboards I have seen. Not to mention the price of the build seems to jump alot.
The only other decent board I found with the j1900 is http://www.amazon.com/Supermicro-Mini-DDR3-Motherboards-MBD-X10SBA-L-O/dp/B00IL2WTY4/ref=pd_sim_sbs_pc_1?ie=UTF8&refRID=0RECC67MFV0Y76Y6NRSZ which is a bit pricey… and it seems the intel i210AT driver support is still in the air? I have seen people saying both and it seems there is only one board using the j2900 at all..
I tried to look for some good benchmarks but just dont understand these low power CPUs and how they compare in power, it seems price does not always help. Are the atoms more powerful than this celeron? Will it even matter in my use case? Sorry for all the question but I do appreciate it.
-
Do you have any recommendations for a board/cpu combo that may come with intel chips and have a REAL pcie for adding additional network cards?
This one: http://www.msi.com/product/ipc/MS98E3.html also has 2 intel i210at's but it might turn out cheaper then the Supermicro one. Maybe drivers will be solved in Pfsense 2.2? Not sure when this board is supposed to come out.
-
This might be pretty close to what you want: http://www.mitxpc.com/proddetail.asp?prod=JBC200F99-525-B
I got something similar, but just dual nic
-
The D525 will be on it's limits with 50Mbps of VPN. I doubt it would do even a tuned Snort config as well without dropping throughput significantly.
Steve
-
It seems you are saying most of the embedded chips are not going to cut it? Do you think stepping up to the i3 to avoid drop in throughput is needed? It just seems there are not many options to keep a machine like that silent.
-
At your price point maybe. The Rangley Atoms seem have huge potential which will only get better with the multi-thread pf in 2.2.
Steve
-
At your price point maybe. The Rangley Atoms seem have huge potential which will only get better with the multi-thread pf in 2.2.
Steve
Rangeley is a great platform, even under 2.1.x. It's going to absolutely scream under 2.2 with multi-threaded pF, AES-NI, and Suricata.
-
I picked up a second hand i5-4570T on ebay for $135 (AUD) - was pulled from a HP.
Considering the T series of haswell are rated to 35W TDP you could reasonably run it fanless with just about any moderately sized cooler sans fan. You could even undervolt to get it down further.
http://ark.intel.com/products/75045/Intel-Core-i5-4570T-Processor-4M-Cache-up-to-3_60-GHz
On a home connection like yours, most of the time it'd be running well and truly under it's TDP anyhow (probably 5-8W at idle)
Another alternative is the i3-4130T (http://ark.intel.com/products/77481/Intel-Core-i3-4130T-Processor-3M-Cache-2_90-GHz )
I would personally put a "silent" slow blow fan on whatever cooler cause that is in my nature, but it would be unnecessary at that TDP
Both of these CPUs have AES-NI, have scope for upgrades (to the i7-4970 if you feel like you need it sometime) and both can be put on a cheap ($60~) motherboard.
-
Considering the T series of haswell are rated to 35W TDP you could reasonably run it fanless with just about any moderately sized cooler sans fan.
Hmm, not sure I'd agree with that. Most CPUs that are commonly used fanless are <15W TDP. There are cases designed for 35W TDP fanless but they usually go to significant lengths to dissipate the heat. The Akasa Euler for example.
Most modern CPUs have built in over-heat protection of some sort so will just clock down instead of melting but I'm not sure I'd want to rely on that or run a CPU at it's maximum operating temp continuously.Steve
-
I popped one of these: http://www.itsvet.com/proizvod/thermaltake-cl-p0019-fanless-103/comp_comp_cooler/49/237 on an overclocked Q6600 (at 3.2ghz) and it coped ok. That would have been dissipating 150+w
More modern heatsinks are much bigger in terms of surface area.
If you popped something like these on the chip:
http://www.thermaltake.com/Cooling/Air_Cooler_/Frio/C_00001826/Frio_Extreme/design.htmor
http://www.thermaltake.com/Cooling/Air_Cooler_/Contac/C_00001807/Contac_21_/design.htmor
http://www.thermaltake.com/Cooling/Air_Cooler_/Others/C_00001896/BigTyp_Revo_/design.htmI think you would be more than fine, especially considering in a home application you would not be running full out most of the time.
Intel specify the heatsink 60% down the following page for 35W (and it's tiny!)
http://www.anandtech.com/show/4524/the-sandy-bridge-pentium-review-pentium-g850-g840-g620-g620t-tested -
Well, yes, those look fine. I may well be out of touch here but those look like more than 'moderately sized' to me. ;)
35W is a pretty low TDP by modern standards, although the trend for ever increasing power consumption looks to be thankfully reversing. You don't need to much to dissipate 35W but it's a big gap between a small/quiet fan and fanless.
I guess my point here is that if fanless is a key requirement then you're better off spending more on a CPU with a very low TDP than trying to cool a standard CPU with an expensive case. In my opinion!Steve
-
I've run intel i5-3740t (?) and xeon 1265lv2 fanless Ian euler case with dual port i350 on intel dq66kb Mobo. Both run snort and pfblocker with intensive rules on multiple interfaces. Both CPUs run at 10-20% utilisation and 55 degC. Ram is a bigger hurdle, get 16gb of fast stuff, not silly over clocked marketing bull, just good solid low latency ram.
I'm building a couple of rangeley systems next week too for comparison. I've been meaning to throw build and data threads up for sometime but got distracted. -
16gb of ram is utterly unnecessary for home use.
I run 6 gig on my box and even that is overkill..
-
16gb of ram is utterly unnecessary for home use.
I run 6 gig on my box and even that is overkill..
Not necessarily. Snort can use 3-4GB of RAM per interface, depending on how you configure it, and squid can use RAM for a first level cache.
-
I can't see a home user needing multiple snort interfaces and a large squid setup.
Just can't see it
Would love to be proven wrong
-
Depends how you define 'need'. ;)
You could argue that most people don't need a pfSense setup for home use at all.Steve
-
Well, I don't use squid. I prefer to overcome the need with a lot of unmetered bandwidth.
Snort, on the other hand, is very valuable. I run on all interfaces, blocking on externals, alerting on internal. Very memory-intensive.
-
Does it catch much on your home network? What does it catch?
I ask because I gave up running Snort at home after I was getting more false positives than anything useful. That was some time ago though and I'm not running any home servers (currently).Steve