Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense server for small organisation

    Scheduled Pinned Locked Moved Hardware
    21 Posts 11 Posters 6.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • _
      _JT
      last edited by

      I want to build a small server for running pfSense with VPN. It's not that big of an organisation, I think the amount of users that will be using VPN (which I want to use 2048bit encryption) will be around 25 and they certainly won't be online all at the same time. Internetconnection 50/50, maybe 100/100 later on. I was thinking of:

      • AMD Athlon 5350 AM1 CPU (same or better performance then J1900 + AES hardware support)
      • ASRock AM1H-ITX
      • 4GB
      • Crucial M550 SSD
      • Intel dual port NIC

      As far as I've found this should work with pfSense. But I want to be sure. Anyone got anything to add to this?

      1 Reply Last reply Reply Quote 0
      • D
        dreamslacker
        last edited by

        That setup should suffice for general NAT, firewalling and traffic shaping even up to your future 100M symmetric line.

        For VPN, you're pretty much stuck with OpenVPN at the moment if you expect to use AES acceleration (and you must select AES type encryption for it).  At any going rate, I'd prefer OpenVPN for remote-access/ road-warriors.

        If you intend to run additional packages like Squid, Snort & HAVP, then YMMV.

        1 Reply Last reply Reply Quote 0
        • _
          _JT
          last edited by

          Looking into SNORT now, looks interesting for extra security.

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by

            @_JT:

            Looking into SNORT now, looks interesting for extra security.

            I recommend you take a look at the Suricata package for pfSense as well.  A major upgrade to that package with some cool new features is coming soon.  Both Snort and Suricata perform essentially the same task, but each has its own unique features.  There are some threads in the Packages sub-forum about each package if you want to learn more.

            Bill

            1 Reply Last reply Reply Quote 0
            • _
              _JT
              last edited by

              Thanks! I'll be taking a look at those.

              1 Reply Last reply Reply Quote 0
              • M
                margen
                last edited by

                @_JT:

                I want to build a small server for running pfSense with VPN. It's not that big of an organisation, I think the amount of users that will be using VPN (which I want to use 2048bit encryption) will be around 25 and they certainly won't be online all at the same time. Internetconnection 50/50, maybe 100/100 later on. I was thinking of:

                • AMD Athlon 5350 AM1 CPU (same or better performance then J1900 + AES hardware support)
                • ASRock AM1H-ITX
                • 4GB
                • Crucial M550 SSD
                • Intel dual port NIC

                As far as I've found this should work with pfSense. But I want to be sure. Anyone got anything to add to this?

                Did you build it? How's it perform? What's the power consumption on it?

                1 Reply Last reply Reply Quote 0
                • M
                  messerchmidt
                  last edited by

                  @margen:

                  @_JT:

                  I want to build a small server for running pfSense with VPN. It's not that big of an organisation, I think the amount of users that will be using VPN (which I want to use 2048bit encryption) will be around 25 and they certainly won't be online all at the same time. Internetconnection 50/50, maybe 100/100 later on. I was thinking of:

                  • AMD Athlon 5350 AM1 CPU (same or better performance then J1900 + AES hardware support)
                  • ASRock AM1H-ITX
                  • 4GB
                  • Crucial M550 SSD
                  • Intel dual port NIC

                  As far as I've found this should work with pfSense. But I want to be sure. Anyone got anything to add to this?

                  Did you build it? How's it perform? What's the power consumption on it?

                  do the intel lan cards work on the am1 platform? I am liening towards this to, but the asus board for ecc and 8gb of ram

                  1 Reply Last reply Reply Quote 0
                  • E
                    Escorpiom
                    last edited by

                    Intel cards work just fine on the AM1 platform, no boycot here :-)

                    Cheers.

                    1 Reply Last reply Reply Quote 0
                    • S
                      S-KGray
                      last edited by

                      @margen:

                      @_JT:

                      I want to build a small server for running pfSense with VPN. It's not that big of an organisation, I think the amount of users that will be using VPN (which I want to use 2048bit encryption) will be around 25 and they certainly won't be online all at the same time. Internetconnection 50/50, maybe 100/100 later on. I was thinking of:

                      • AMD Athlon 5350 AM1 CPU (same or better performance then J1900 + AES hardware support)
                      • ASRock AM1H-ITX
                      • 4GB
                      • Crucial M550 SSD
                      • Intel dual port NIC

                      As far as I've found this should work with pfSense. But I want to be sure. Anyone got anything to add to this?

                      Did you build it? How's it perform? What's the power consumption on it?

                      Also interested in the power consumption and performance

                      1 Reply Last reply Reply Quote 0
                      • I
                        italics
                        last edited by

                        I was just curious, did you build it yet? It looks like it would be fine, but a lot of the newer ASRock Boards have hybrid USB3 and SATA controllers. I'm currently running one for the company I'm working with and it runs like a champ, but I had to manually load the usb3 module to get anything to work using my laptop as a temporary boot device.

                        1 Reply Last reply Reply Quote 0
                        • S
                          shaqan
                          last edited by

                          @messerchmidt:

                          @margen:

                          @_JT:

                          I want to build a small server for running pfSense with VPN. It's not that big of an organisation, I think the amount of users that will be using VPN (which I want to use 2048bit encryption) will be around 25 and they certainly won't be online all at the same time. Internetconnection 50/50, maybe 100/100 later on. I was thinking of:

                          • AMD Athlon 5350 AM1 CPU (same or better performance then J1900 + AES hardware support)
                          • ASRock AM1H-ITX
                          • 4GB
                          • Crucial M550 SSD
                          • Intel dual port NIC

                          As far as I've found this should work with pfSense. But I want to be sure. Anyone got anything to add to this?

                          Did you build it? How's it perform? What's the power consumption on it?

                          do the intel lan cards work on the am1 platform? I am liening towards this to, but the asus board for ecc and 8gb of ram

                          Is there any other ECC-supporting AM1 board in existence besides AM1M-A? It's quite fascinating little platform

                          1 Reply Last reply Reply Quote 0
                          • _
                            _JT
                            last edited by

                            Sorry all for not replying. In the end I bought an Asus AM1M-A and it works fine out of the box. Only hmac with OpenVPN doesn't work ( https://forum.pfsense.org/index.php?topic=83187.0 ). OpenVPN log shows no error before crashing so I have no idea where to start troubleshooting :( My Intel dual port card works fine! I will take a look at idle power consumption one of the coming days; I cannot yet supply any performance figures as I have not been in a situation that would produce any useable numbers. Anyone have an idea how to test this?

                            1 Reply Last reply Reply Quote 0
                            • _
                              _JT
                              last edited by

                              Already did a quick check: booted without UTP connected I saw an idle power use of 32w….higher than I anticipated. This could be due to two things:

                              • PSU. I have a full size ATX PSU which guarantees 80% efficiency (bronze). 0.8 * 32 = 24,5w consumption by other hardware
                              • Intel dual port NIC. It has a heatsink which suggests it uses some power. But I'm not sure about that. Might remove the card tonight and see what it does in idle.
                              1 Reply Last reply Reply Quote 0
                              • D
                                Douglas Haber
                                last edited by

                                @_JT:

                                Already did a quick check: booted without UTP connected I saw an idle power use of 32w….higher than I anticipated. This could be due to two things:

                                • PSU. I have a full size ATX PSU which guarantees 80% efficiency (bronze). 0.8 * 32 = 24,5w consumption by other hardware
                                • Intel dual port NIC. It has a heatsink which suggests it uses some power. But I'm not sure about that. Might remove the card tonight and see what it does in idle.

                                The NIC probably does draw a noticeable amount of power.

                                1 Reply Last reply Reply Quote 0
                                • F
                                  fragged
                                  last edited by

                                  You might need to tweak some system settings to get PowerD/Throttling to work nicely on your system. I don't know about tweaks for AMD, but this are the changes I made for my Intel Pentium G630T:

                                  In /boot/loader.conf.local add:

                                  
                                  hint.p4tcc.0.disabled=1
                                  hint.acpi_throttle.0.disabled=1
                                  
                                  

                                  I set this up in system tunables via GUI:

                                  
                                  dev.cpu.0.cx_lowest 	sysctl dev.cpu.0.cx_lowest=C3 	C3
                                  dev.cpu.1.cx_lowest 	sysctl dev.cpu.1.cx_lowest=C3 	C3
                                  
                                  

                                  Enable PowerD in Advanced/Misc.

                                  1 Reply Last reply Reply Quote 0
                                  • _
                                    _JT
                                    last edited by

                                    @Douglas:

                                    The NIC probably does draw a noticeable amount of power.

                                    Yes I found that out. Disconnecting the SSD made no difference, which is not unexpected as modern SSD's draw <0,5w in idle. Removing the networkcard however decreased power consumption to 24,5w in idle. 24,5 * 0.8 = 19,6w. A lot better, even though I think it could have been lower. TDP of 12w + mobo + memory + SSD, all idle.

                                    @fragged:

                                    You might need to tweak some system settings to get PowerD/Throttling to work nicely on your system. I don't know about tweaks for AMD, but this are the changes I made for my Intel Pentium G630T:

                                    In /boot/loader.conf.local add:

                                    
                                    hint.p4tcc.0.disabled=1
                                    hint.acpi_throttle.0.disabled=1
                                    
                                    

                                    I set this up in system tunables via GUI:

                                    
                                    dev.cpu.0.cx_lowest 	sysctl dev.cpu.0.cx_lowest=C3 	C3
                                    dev.cpu.1.cx_lowest 	sysctl dev.cpu.1.cx_lowest=C3 	C3
                                    
                                    

                                    Enable PowerD in Advanced/Misc.

                                    PowerD kills my system unfortunately. One of 2 problems I found with my config. https://forum.pfsense.org/index.php?topic=83035.0
                                    How can I find out at which clock frequency the CPU runs? Probably command line but I am not really known with the BSD command line.

                                    1 Reply Last reply Reply Quote 0
                                    • F
                                      fragged
                                      last edited by

                                      @_JT:

                                      How can I find out at which clock frequency the CPU runs? Probably command line but I am not really known with the BSD command line.

                                      Should be:

                                      
                                      sysctl dev.cpu.0.freq
                                      
                                      

                                      Quick Google search suggest that PowerD with various AMD CPU's might work better with FreeBSD 10. pfSense 2.2 beta is currently based on FreeBSD 10.1 RELEASE.

                                      1 Reply Last reply Reply Quote 0
                                      • _
                                        _JT
                                        last edited by

                                        CPU is running at 2050mhz in idle so that explains the power consumption. Now to find out how I can enable throttling…

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          messerchmidt
                                          last edited by

                                          i would add more ram, and maybe go asus board + eec if you have not purchased same already

                                          1 Reply Last reply Reply Quote 0
                                          • _
                                            _JT
                                            last edited by

                                            I already have the Asus board. And I can't keep purchasing all kinds of hardware to just see if it works ;)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.