Help picking out hardware for 1 gbps + VPN
-
So I am fortunate to have access to 1 Gbps internet, and will be getting it shortly. I will need to buy a new router to handle the speeds and since they range in price from 100 and up I figured I would look into building a pfsense machine instead. I also plan on getting a VPN like Private Internet Access.
From everything I have read so far, I will need a decent CPU to handle the 900ish Mbps speeds as well as running a VPN at the same time. I have this build so far (except for this is the actual MOBO). Is there anything wrong with this build? I would like to spend half of what I am spending currently, but pretty much everything I looked at in that price range didn't seem powerful enough (atom proccessors and such). Can anyone find hardware capable of handling what I will be doing for less than 400 US dollars?
-
Hello,
related to your budget you would be not really able to buy a device from the pfSense store, because
the SG-2220 unit is not capable to handle 1 GBit/s WAN throughput or load! :'(But the Netgate RCC-VE 2440 System is able to install the ADI community version of pfSense 2.2.2
for only $353 Unit and USB console cable and on top a 30 GB mSATA for ~$69 :(Other hardware related to the following circumstances and points would be;
- Supermicro C2558 board for ~$280 and ~$70 case & RAM & SSD
- Intel Celeron G3260 @3,3GHz & 8 GB RAM & mSATA or SSD Intel Dual or Quad Port NIC ~$250
- Jetway NF9HG-2930 Intel Celeron Quad Core Fanless PC w/ 4X Intel LAN, 2GB, M350 ~$299 & RAM Upgrade & SSD
4 Intel GB LAN Ports 1 x miniPCIe slot + SIM slot & 1 miniPCIe mSATA slot, max. 8 GB RAM ::) - Jetway Intel N2930 Network PC w/ 5X Intel LAN, 2GB, JBC200F9N-E4IN-B, ADE4INLANG ~$309 & RAM Upgrade & SSD
5 Intel GB LAN Ports 1 x miniPCIe slot & 1 miniPCIe mSATA slot, max. 8 GB RAM 8)
-
So it looks like I will be paying 300$ minimum if I want to get a pfsense machine as my router.
Thanks for the recommendations. I think I might just go with a gigabit router for now, as there are some in the sub 100 dollar price range with ~800 Mbps throughput, and that is good enough for me :)
-
So it looks like I will be paying 300$ minimum if I want to get a pfsense machine as my router.
No, but related to your wishes and needs it would be going in this direction!
If you only need SPI/NAT/Firewall ruels for 50 MBit/s internet connection, you can go with a used
Alix board for 150 € or $150. But this is then not really matching your criteria and the needs.Thanks for the recommendations.
- Intel Celeron G3260 @3.3GHz ~$50
- mini ITX Board ~$50
- mini ITX case ~$100
- 8 GB RAM ~$70
- mSATA or SSD ~$70
- Intel Quad Port NIC ~$60
Might be also running for you!
I think I might just go with a gigabit router for now, as there are some in the sub 100 dollar
price range with ~800 Mbps throughput, and that is good enough for me :)??? Could be that you are right. Perhaps then with DD-WRT or OpenWRT.
-
So it looks like I will be paying 300$ minimum if I want to get a pfsense machine as my router.
Thanks for the recommendations. I think I might just go with a gigabit router for now, as there are some in the sub 100 dollar price range with ~800 Mbps throughput, and that is good enough for me :)
I have the ASUS RT-AC66U which SmallNetBuilder says has a WAN to LAN throughput of 836 Mbps but the max I get is 220~ Mbps. So just be careful with the routers available. I am currently in the process of ordering the parts to build a pfsense machine based on the C2758.
-
I have the ASUS RT-AC66U which SmallNetBuilder says has a WAN to LAN throughput of 836 Mbps
This a very heavy home router, but not really compare able to pfSense which is a full featured firewall.
Those routers often do SPI/NAT and thats it, not more but also not less and this also often on top assisted
by a smaller and cheaper ASIC/FPGA chip to saturate the WAN - LAN throughput, in pfSense is all done in
software without support from those chips, since the latest versions they use AES-NI and in the future
they will benefit also from Intel QuickAssist.You should also using the same method as they have done in their test, to come closer to the same result.
but the max I get is 220~ Mbps. So just be careful with the routers available.
Perhaps you should sending from one PC to another running iPerf or jPerf or NetIO.
I am currently in the process of ordering the parts to build a pfsense machine based on the C2758.
From the pfSense shop or based on a supermicro mainboard? Which case you thing to go with?
-
My home network is all 1 Gbps, as tested by iperf, it's just the router's WAN to LAN that is slow, hence why I am going with pfsense.
I am indeed going with the Supermicro board and I'll be using the M350 case unless you have a better recommendation?
-
I am indeed going with the Supermicro board and I'll be using the M350 case unless you have a better recommendation?
If you want to go with the Supermicro board perhaps you could tell me first about which one
we are talking about, the SoC I mean, C2758, C2558 or C2358?
-
@BlueKobold:
I am indeed going with the Supermicro board and I'll be using the M350 case unless you have a better recommendation?
If you want to go with the Supermicro board perhaps you could tell me first about which one
we are talking about, the SoC I mean, C2758, C2558 or C2358?C2758 like my previous post stated.
-
So it looks like I will be paying 300$ minimum if I want to get a pfsense machine as my router.
Thanks for the recommendations. I think I might just go with a gigabit router for now, as there are some in the sub 100 dollar price range with ~800 Mbps throughput, and that is good enough for me :)
I have the ASUS RT-AC66U which SmallNetBuilder says has a WAN to LAN throughput of 836 Mbps but the max I get is 220~ Mbps. So just be careful with the routers available. I am currently in the process of ordering the parts to build a pfsense machine based on the C2758.
Damn. That makes me worried then about the router I am getting. How can they say it has that kind of throughput, yet you are not even getting 1/4th of that >:(
-
So it looks like I will be paying 300$ minimum if I want to get a pfsense machine as my router.
Thanks for the recommendations. I think I might just go with a gigabit router for now, as there are some in the sub 100 dollar price range with ~800 Mbps throughput, and that is good enough for me :)
I have the ASUS RT-AC66U which SmallNetBuilder says has a WAN to LAN throughput of 836 Mbps but the max I get is 220~ Mbps. So just be careful with the routers available. I am currently in the process of ordering the parts to build a pfsense machine based on the C2758.
Damn. That makes me worried then about the router I am getting. How can they say it has that kind of throughput, yet you are not even getting 1/4th of that >:(
I have no idea. My hardware is either faulty or their tests are wrong. I'm using Cat6 cable and with the modem connected directly to my computer it maxed out. I've disabled/enabled every combination of the NAT/SPI/hardware acceleration in the router settings and the speed stays the same. I've also tested with stock firmware, dd-wrt, and Merlin and they're all about the same too.
I'm glad in a way because it gives me an excuse to drop $500 on pfsense gear! Haha.
-
C2758 like my previous post stated.
Would be really enough for a long time or many services running together likes, snort, squid,…..
-
I have the ASUS RT-AC66U which SmallNetBuilder says has a WAN to LAN throughput of 836 Mbps but the max I get is 220~ Mbps. So just be careful with the routers available. I am currently in the process of ordering the parts to build a pfsense machine based on the C2758.
I have pretty much the same router running Merlin and I have Rogers Cable 250/20 internet service. When I use the Rogers Cable Hitron device in Gateway mode I get speedtests of 320Mbps. But when I switch it to bridge mode and use my own router, which is an Asus RT-N66U, my speedtest drop to ~235 Mbps. So I can corroborate your results - and I am thinking of a pfSense router as well.
-
I have the ASUS RT-AC66U which SmallNetBuilder says has a WAN to LAN throughput of 836 Mbps but the max I get is 220~ Mbps. So just be careful with the routers available. I am currently in the process of ordering the parts to build a pfsense machine based on the C2758.
I have pretty much the same router running Merlin and I have Rogers Cable 250/20 internet service. When I use the Rogers Cable Hitron device in Gateway mode I get speedtests of 320Mbps. But when I switch it to bridge mode and use my own router, which is an Asus RT-N66U, my speedtest drop to ~235 Mbps. So I can corroborate your results - and I am thinking of a pfSense router as well.
Glad to hear that it's not just me. But at the same time, it's disappointing. Oh well! I just finished ordering all my parts to build my pfsense box a couple hours ago. Here's my complete parts list..
Motherboard/CPU (Supermicro A1SRI-2758F-O) http://www.amazon.com/gp/product/B00FM4M7TQ?psc=1&redirect=true&ref_=od_aui_detailpages00
SSD (SanDisk SSD 120GB) http://www.newegg.com/Product/Product.aspx?Item=N82E16820173071
6" 4-Pin Molex to SATA Power Cable http://www.newegg.com/Product/Product.aspx?Item=N82E16812200061
RAM (Kingston 8GB ECC Unbuffered SODIMM) http://www.newegg.com/Product/Product.aspx?Item=N82E16820239702
PowerSupply (150W 12V 12.5A AC-DC Power Adapter) http://www.ebay.com/itm/130478987672
Sleeved ATX 4-Pin P4 Extension Cable http://www.amazon.com/gp/product/B00E6QK5N6?psc=1&redirect=true&ref_=od_aui_detailpages00
Case (Mini-Box M350) http://www.amazon.com/gp/product/B005TX3LA4?psc=1&redirect=true&ref_=od_aui_detailpages00
HDD Mounting Bracket for M350 (for 2 extra fans) http://www.amazon.com/gp/product/B007HEN2W0?psc=1&redirect=true&ref_=od_aui_detailpages00
Fans (3x Evercool EC4015SH12BP 4-Pin PWM Fans) http://www.directron.com/ec4015sh12bp.html
Fan Screws (3x Sets of Screws) http://www.directron.com/fanscrews.htmlTotal: $593.69 Shipped
-
Cable Hitron device
This is only a smaller router, and both the Hitron in Gateway mode (with SPI/NAT) acting
as a router or in front of the ASUS what is doing also only doing SPI/NAT you will be getting
not even but mostly tends on the used hardware, better results as using a pfSense for sure.But this is owed to the circumstance that the pfSense is not only a router, it is a firewall
and firewall rules plus on top perhaps snort rules are really narrowing down the entire
throughput if not so powerful hardware will be used.So if you are using now a really big or powerful device running pfSense on, you will get better
or the same results in any or more kind of situations.- Jetway NF9HG-2930
- Intel Atom C2758
- Intel Celeron G3260
- Intel Xeon D-1540
- Intel Xeon E3-12xxv3
-
Well damn. Now I'm in quite the conundrum. I really don't want to spend more than 300 for a pfsense machine, yet I don't want to get screwed buying a 100 dollar router that lets me use 1/4th of my connection, so I should probably get a better(more expensive) one. Yet if I spend 200ish on a router I might as well make the investment in a pfsense machine that will be the best and only router I should need for as long as the hardware lasts.
What to do…..
-
Well damn. Now I'm in quite the conundrum. I really don't want to spend more than 300 for a pfsense machine, yet I don't want to get screwed buying a 100 dollar router that lets me use 1/4th of my connection, so I should probably get a better(more expensive) one. Yet if I spend 200ish on a router I might as well make the investment in a pfsense machine that will be the best and only router I should need for as long as the hardware lasts.
What to do…..
A good pfSense firewall/router >>>> any consumer grade routers in the current market.
-
I really don't want to spend more than 300 for a pfsense machine,
There are many many options to do so and who is even telling you all must be done
by yours in one step!? If you start with a good basis and then hug the machines up
from time to time would not really deep kicking your bank account!Let us start at the smallest level but sufficient enough for your needs:
$200 - refurbished or eBay
Celeron G3260 @3,3GHz
Board
4 GB RAM
case & PSU$300
Jetway NF9HG-2930 Thin mini-ITX Network Motherboard for self made
Jetway NF9HG-2930 Intel Celeron Quad Core Fanless PC w/ 4X Intel LAN, 2GB, M350 4 GB LAN Ports ready to go
Jetway Intel N2930 Network PC w/ 5X Intel LAN, 2GB, JBC200F9N-E4IN-B, ADE4INLANG 5 GB LAN Ports ready to go$350
Intel Core i3 or i5 CPU based$300 - 400
pfSense Store SG-2220
Supermicro C2358 or C2558 self madeSo the most thing is that you are owning a 1 GBit/s Internet connection that must be handled proper.
The layzy consumer router is able to deliver nearly ~800 MBit/s, offering the latest WLAN standards
and also he is doing SPI/NAT but no firewall rules, and all other options that comes by pfSense by side.For sure you will be happy with both machines and perhaps when money will be at one day not the
angle point for you, you could make from the consumer router with DD-WRT some impressive WLAN
APs that are connected to your pfSense, could be. If you are only at the stage of a 100 MBit/s or 200
MBit/s Internet connection you will be able to build a pfSense machine starting at $100 - $250 that
is sufficient for all your needs.
-
I really don't want to spend more than 300 for a pfsense machine,
Trust me, you will spend more than 300 for the consumer grade routers in the foresee future.
-
Trust me, you will spend more than 300 for the consumer grade routers in the foresee future.
This could really be right! If he is willing to get a fanzy router for something around ~199 €, by changing
normally a router all 2 - 3 years it will be then during 4 years ~400 €.If he is only going to buy even a <$100 router and change all 2 years then, it would be only ~$200
in 4 years. So if a consumer router serving his needs it could be a win situation for him, but for sure
without the capabilities, options and features given by pfSense.
-
6" 4-Pin Molex to SATA Power Cable http://www.newegg.com/Product/Product.aspx?Item=N82E16812200061
You're going to need an adapter that has a female connector for the Molex. The motherboard has a male molex connector on it.
-
@BlueKobold:
I really don't want to spend more than 300 for a pfsense machine,
There are many many options to do so and who is even telling you all must be done
by yours in one step!? If you start with a good basis and then hug the machines up
from time to time would not really deep kicking your bank account!Good point. I think I will either look into one of those Jetway machines, or stick with the router I have now, and build my pfsense machine over the course of a few weeks/months. The more I think about it, the more I would much rather have a pfsense machine over a router. It just seems so much better in comparison.
Thanks for all the input :)
-
When I use the Rogers Cable Hitron device …
Beware!
Cable provider in Germany "Kabeldeutschland" only offers these el-cheapo devices. It's junk.
(Regulations over here make matters worse, but that's a different story and I don't want to open Pandora's box)
-
Hi,
I've been try to find a decent setup for the same scenario, reading in other threads I'm surprised that no one has mentioned aes-in. I've gotten the impression that it's more or less vital if you are going to run openvpn on a 1gb line without getting huge speed decline. If that is true none of the mentioned setups have this being Celeron.
Maybe I've misunderstood completely, hope so cause it would make it easier for me to find some hardware.. :)
-
spend a bit more and go supermicro c2758 in your build
-
Looks like the only board available in a reasonable price range that has multiple Intel Lan and processor supporting AES.
Might have to save up a couple of extra months considering the lowest price I've found in my region is around 400$… So the complete setup will be around 500$..
-
I've been try to find a decent setup for the same scenario, reading in other threads
You can surely do so, but then also please have a dedicated look or overview to the challenges
that must be reach or the needs that should be fitted right!!!!
A home set up with SPI/NAT and 50 Mbit/s and on top perhaps one IPSec VPN tunnel would be
never the same as a home setup with 1 GBit/s Internet link and Snort, Squid, SquidGuard, DPI,
many OpenVPN tunnels and must be running like hell by achieving 100 MBit/s OpenVPN throughput!I'm surprised that no one has mentioned aes-in.
This is brand new and with the years it could be a really show stopper likes QuickAssist will be
perhaps also! At this time no one really knows how many it speeds up the VPN part, but if the
developer team, the admins here in the forum and many long time forum users would be guess
this would be a really urgent point it could be sometimes in the future the point!I've gotten the impression that it's more or less vital if you are going to run openvpn on a 1gb line without getting huge speed decline. If that is true none of the mentioned setups have this being Celeron.
As explained above things often changes and this not by setting hard borders easily to see and watch out
by everyone! Mostly this borders and changing are floating over from one point or status to another.A Celeron G3260 @3,3GHz and running this speed on one core at the WAN environment would
be perhaps better, if no VPN stuff is integrated, then an 4 or 8 core Atom CPU, but in the future
I really thing for the entire rest of the system it would be good to have more then one or two CPU
cores and over a more longer or shorter time it will be the best because the WAN Interface will be
also able to use more CPU cores. So going to be future proof, with a 2,4GHz CPU with 4 or 8 Cores
and AES-NI will be at this point for sure the best you can do and if Intel QuickAssist will be also on
board it would be better.Maybe I've misunderstood completely, hope so cause it would make it easier for me to find some hardware..
This is more or less also pointed to the way of usage, running services, needed throughput,
speed of Internet connection and lat but not least to the running field (private or business).spend a bit more and go supermicro c2758 in your build
Sure at this days this would be really on of the best choices compared to the price,
electric usage and delivered power.Might have to save up a couple of extra months considering the lowest price I've found in my region is around 400$… So the complete setup will be around 500$..
Likes here in Germany where I am living, something around 700 € I have to pay for a ready to go C2758
box from Supermicro in the mini ITX format. But related to the circumstance that the power of the
C2758 SoCs is really huge and the miniPCIe options from the Alix APU boards are really good, it might be
sounding likes advertisement, but the SG-xxxx units from the pfSense Store are looking then super to me!
-
Thanks for the reply!
I completely changed focus, got my hands on a fujitsu esprimo E710. Will just get another ethernet card and start rocking. The format is of course as convenient as a mini-itx, but it does fit in my server cabinet. :)
-
Hi,
Just wanted to update if someone accidently reads this thread. I ended up with changing from my espirio desktop to a small form computer built specifically for vpn by a Swedish vpn provider. They did add their custom UI on top of pfsense, started to mess things up so I reinstalled with a clean pfsense instead. Works great and has hardware support up to 600mbit.
I'm in no way affiliated with these guys, just like the product. It can be found at https://www.ovpn.se/en/box.
-
That ovpn.se hardware is great - the CPU doesn't even have AES-NI support which surely makes it an outstanding dedicated VPN device…
http://ark.intel.com/de/products/71995/Intel-Celeron-Processor-1037U-2M-Cache-1_80-GHz
And antenna-placement (right next to each other) will improve wireless diversity to the max.
-
I got a Mini-PC from Qotom off eBay. Only dual LAN but they may have models with more LAN ports or it does have a miniPCIe slot, you could add more ports that way.
Great unit
-
Quad Core Celeron N3150
-
4GB Kingston RAM
-
32GB mSata SSD - SanDisk
Exact model I brought
http://www.ebay.com.au/itm/262461544164?_trksid=p2057872.m2749.l2649&ssPageName=STRK%3AMEBIDX%3AITI just got it and about to install PfSense on it. It's cheap enough I can buy a spare for when and if the hardware faults.
Worth a look.
Willo
-
-
That ovpn.se hardware is great - the CPU doesn't even have AES-NI support which surely makes it an outstanding dedicated VPN device…
http://ark.intel.com/de/products/71995/Intel-Celeron-Processor-1037U-2M-Cache-1_80-GHz
And antenna-placement (right next to each other) will improve wireless diversity to the max.Performance wise it does pretty ok. Check https://wiki.openwrt.org/doc/howto/benchmark.openssl
And regarding the antennas, you are absolutely correct. However I use a wireless AP so doesn't bother me.
