Totally new to PFSense, home build need advice
-
My estimate based upon data from https://blog.pfsense.org/?p=1866 :
If (SG-2220 @84 Bytes/packet == 123 kpps) or (C2758 @84 Bytes/packet == 270 kpps) then
Alix @84 Bytes/packet == 17 kpps; Apu1 @84 Bytes/packet == 72 kpps; Apu2 @84 Bytes/packet == 90 kpps -
Thanks for all the replies
to clarify a few things:
I'd like to keep it under $300 with the ideal sweet spot being anywhere around $200.I do have a i5-6500 i could use but i think it would be overpowered and a power hog.
On Amazon I saw A1SRI-2558F-O with an atom C2558 included for $260ish, so that would put me only a little over budget with everything else.
I wanted to eventually use squid to cache game patches when I have multiple friends over for game night, It would be cool to be able to cache that so as they roll in they can get the patch downloaded super fast. SC2 has pretty much weekly patches and we have 4-6 players every friday. Also I would like to cache GIS data for working at home so I can speed things up without having to manage the files locally.
More Q's:
Is 8gb a good balance of price and performance or overkill? maybe 4?
How important is ECC?
What form factor PSU for a Mini ITX case? ATX is cheap and will probably fit but they all seem way overpowered or low quality/efficiency. -
I might getting one of this. Let me know what you guys think? Thanks.
http://www.amazon.com/Fanless-pfSense-Firewall-2-16Ghz-Pre-Loaded/dp/B0124G9S64/ref=sr_1_1?s=pc&ie=UTF8&qid=1457736096&sr=1-1&keywords=725407180123
http://www.jetwaycomputer.com/NF9VT.html
-
I might getting one of this. Let me know what you guys think? Thanks.
http://www.amazon.com/Fanless-pfSense-Firewall-2-16Ghz-Pre-Loaded/dp/B0124G9S64/ref=sr_1_1?s=pc&ie=UTF8&qid=1457736096&sr=1-1&keywords=725407180123
http://www.jetwaycomputer.com/NF9VT.html
Jetway N2930 board ~$205
- external PSU ~$15
- M350 case ~$50
- 2 x 4 GB RAM Crucial ~$40
- Crucial mSATA SSD 120 GB ~$90
- Compex WLE200NX 802.11 a,b,g,N ~$25
- 2 x Pigtail & 2 x 9dB antenna ~$15
in total = $440 cash
- with WiFi
- more RAM
- more SSD capacity
- 100% pfSense compatible
- enough to run pfSense & Snort & Squid & SquidGuard & pfBlocker-NG & WiFI AP + Captive Portal
But ok, the named above APU2C4 by @Derelict is able to get here in Germany for something around
Board ~180 €
Case & wall mount ~20 €
PSU ~10 €
mSATA ~80 €
WiFi card ~25 €
~320 € and it does the job also nice for the 150/150 it could really be a good choice or alternative. -
Jetway N2930 board
Celeron N2930 doesn't have AES-NI support. In case of OpenVPN this is crucial. Maybe N2930 may handle 128Mbs of AES-256-CBC, however at very high cost, like power consumption, heat and performance. Note that OpenVPN is single threaded so it may utilize up to one core. Just a warning. If You're looking for OpenVPN and security You just have to have AES-NI, even with the cost of performance.
I wholeheartedly recommend something like Celeron N3150. It is slightly slower (4 cores, 1,6Ghz), however it has excellent AES acceleration support.
Just to give You an example of openssl speed test aes-265-cbc
withouth AES-NI:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256 cbc 25745.51k 28867.65k 29877.67k 75324.42k 76382.21kload average: 0,6
with AES-NI:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 40691.94k 164077.18k 1016619.75k 2500160.95k 42008576.00kload average: 0,2
Difference (for 8k blocks) is like 500 times faster. Yes, 500 times faster with AES NI.
I have very good experience with Gigabyte GA-N3150N-D3V board with this processor. I built my router with VPN in mind and i'm very happy. Drawbacks though, this board has Realtek NICs, however for me they works just fine, zero problems. A plus is that this board has full-size PCI so it's possible to put some cheap intel card and go with it if somebody likes it.
-
Celeron N2930 doesn't have AES-NI support.
For sure and now? As I am informed AES-NI will actually support only AES-GCM but not AES-CBC
and OpenVPN is only using AES-CBC! And the starting point to get a strong enough hardware for
the following parts are not only based on OpenVPN alone.-This is intended to be my home router
-I get 150/150 Mbps from my ISP
-I want to run Open VPN with dynamic DNS to point to my dynamic IP.
-I also want it to be capable enough to comfortably run snort and run squid caching to an SSD.
-I intend to connect an AP for AC wireless, so I'm thinking I need an Intel 4x NIC.In case of OpenVPN this is crucial. Maybe N2930 may handle 128Mbs of AES-256-CBC, however at very high cost, like power consumption, heat and performance.
??? What is here high cost? It is using only 7,5 Watt and this might be not really many compared
to the ability to set up pf, Snort, Squid & SquidGuiard, pfBlocker-NG together.Note that OpenVPN is single threaded so it may utilize up to one core. Just a warning. If You're looking for OpenVPN and security You just have to have AES-NI, even with the cost of performance.
If I am personally looking for security i went with AES-NI and IPSec AES-GCM and get perhaps
x4 or x5 of the normal rate. And that is then a super result in my eyes.I wholeheartedly recommend something like Celeron N3150. It is slightly slower (4 cores, 1,6Ghz), however it has excellent AES acceleration support.
You can not only compare Cores against because not each CPU core is like the other one.
One Intel Xeon E3 or E5 CPU Core should not be compared against the Intel Atoms lower end
CPU Cores and vice versa. The N2930 is well performing and running pfSense in my eyes but
perhaps with the newer APU2C4 this could be changed now.I have very good experience with Gigabyte GA-N3150N-D3V board with this processor. I built my router with VPN in mind and i'm very happy. Drawbacks though, this board has Realtek NICs, however for me they works just fine, zero problems. A plus is that this board has full-size PCI so it's possible to put some cheap intel card and go with it if somebody likes it.
The N2930 comes with 4 Intel ports and I was only answering the post from @nib01.
Because he gets less for $440 then the things I named above all in all for $429, but with double the RAM,
SSD size, and plus WiFi on top and also Intel Ports but the M350 as case. Not more and not less. -
@BlueKobold:
Celeron N2930 doesn't have AES-NI support.
For sure and now? As I am informed AES-NI will actually support only AES-GCM but not AES-CBC
and OpenVPN is only using AES-CBC! And the starting point to get a strong enough hardware for
the following parts are not only based on OpenVPN alone.If so, AES-NI only support AES-GCM but not AES-CBC which is openVPN would only be the most important for me on this purpose.
I would love to see a list of mini-itx board with AES-NI supported, and uses external power supply only (like the Jetway N2930).
Thanks.
-
http://www.amazon.com/dp/B0179S50UU/ref=twister_B01C9TKBO4?_encoding=UTF8&psc=1
"Usually ships within 3 to 6 weeks." …. but it could be earlier than that based on my experience with Amazon FireTV purchase. Maybe 1 or 2 weeks times. You can try your luck if you're not urgent.
Just another 3150 pfsense board , check out the comments there :
http://www.amazon.com/Asus-Motherboard-Mini-DDR3-N3150I-C/dp/B0167OVET8/ref=sr_1_fkmr0_1?s=pc&ie=UTF8&qid=1457922285&sr=1-1-fkmr0&keywords=asus+n3150+mobo**UPDATED : I pasted in the wrong thread. Sorry. I opened multiple tabs. **
my post above is meant for -> https://forum.pfsense.org/index.php?topic=107997.0
-
http://www.amazon.com/dp/B0179S50UU/ref=twister_B01C9TKBO4?_encoding=UTF8&psc=1
"Usually ships within 3 to 6 weeks." …. but it could be earlier than that based on my experience with Amazon FireTV purchase. Maybe 1 or 2 weeks times. You can try your luck if you're not urgent.
This actually a great board with all the features except the internal power supply, it would been perfect an external PS DC input on this board.
-
I think the celerons are not that cost effective. I am not impressed with the jetway solutions. After doing more research I think the performance/cost sweet spot is around $400-500.
I'm looking at the:
C2750D4I with 8gb ddr3 ecc for total of $415
or
E3C236D2I with I3-6300 or e3-1225-v5 and 8gb of ddr4 ecc for a total of $450 or $543I think these are both overkill right now actually but they give me a lot more flexibility especially the 1151 socket which I already own cpus for and I think they will do more then I need for the next couple years and will be good with any network upgrades I throw at it. I choose 8gb because its only $10 more and 8gb sticks are better to have in the long run.
I'm gonna use one of the bigger desktop style mini ITX cases so any PSU will do but it's hard to find good ones under 500W. Still looking.
-
@BlueKobold:
Celeron N2930 doesn't have AES-NI support.
For sure and now? As I am informed AES-NI will actually support only AES-GCM but not AES-CBC
and OpenVPN is only using AES-CBC! And the starting point to get a strong enough hardware for
the following parts are not only based on OpenVPN alone.If so, AES-NI only support AES-GCM but not AES-CBC which is openVPN would only be the most important for me on this purpose.
I would love to see a list of mini-itx board with AES-NI supported, and uses external power supply only (like the Jetway N2930).
Thanks.
I don't mind if you ask questions in my thread, but please don't hi-jack it for your own build. In fact, you would probably get more responses tailored to your build if you just make your own thread anyway.