Would this make a decent PFSense box? (Superbiiz 1150 ITX pre-build barebones)

[XavierMace]

Should be about the same, save for the hard drives. All my recent upgrades have been primarily efficiency upgrades. My first build, many years ago had a DL580G5 and a couple of DL380G5's, plus the storage system. The rack was pulling 1,400w constant from the wall even with minimal load. V2 got the full load down to 800w. My current setup is basically the 3rd build and the rack is down to 200w constant at this point, 410w once a month when I power the second SAN on to replicate. Even with the low price of electricity here in AZ, my last rebuild will pay for itself in electricity savings in a year.

All that was a round about way of saying I wouldn't buy a rack server just to be a pfSense box. You'll eat through your savings in a year due to the electricity usage even if you live in an area with cheap electricity.

 

[sdifox]

Should be about the same, save for the hard drives. All my recent upgrades have been primarily efficiency upgrades. My first build, many years ago had a DL580G5 and a couple of DL380G5's, plus the storage system. The rack was pulling 1,400w constant from the wall even with minimal load. V2 got the full load down to 800w. My current setup is basically the 3rd build and the rack is down to 200w constant at this point, 410w once a month when I power the second SAN on to replicate. Even with the low price of electricity here in AZ, my last rebuild will pay for itself in electricity savings in a year.

All that was a round about way of saying I wouldn't buy a rack server just to be a pfSense box. You'll eat through your savings in a year due to the electricity usage even if you live in an area with cheap electricity.

Oh it's not just a pfsense box, it's my dev environment, Plex server, DC etc etc

 

[XavierMace]

I was referring to Gen's suggestion of an R610 just for pfSense.

 

[sdifox]

I was referring to Gen's suggestion of an R610 just for pfSense.

D'accord

 

[GoodRevrnd]

I grabbed one of these because it included pretty much everything you could possibly want for a home box at a reasonable price. https://www.amazon.com/gp/product/B06XPG8WW6/ref=oh_aui_detailpage_o03_s00?ie=UTF8&psc=1

However, I haven't sat down to set it up and actually figure out pfsense yet...

 

[VirtualLarry]

Well, this has acquired slightly more urgency. Gigabit FIOS has come to my CO. (Ok, I placed an order immediately for it, but I don't actually have it yet.)

My current setup has the VZ router as immediately internet-facing, and my Asus router handling my LAN.

I don't know if the Asus router can handle a 1Gbit/sec connection, when doing CPU-based software routing.

I was thinking of getting the Linksys WRT3200ACM router. You can get them refurb on ebay for ~$120.

They have a 1.8Ghz dual-core (ARM?) CPU, and accept third-party firmware.

Or this ZBox barebone mini-PC. Dual gig ethernet, three display outputs, takes 2.5" SSD and DDR3L SO-DIMMs:
https://www.newegg.com/Product/Product.aspx?Item=N82E16883218075

 

[sdifox]

Zbox is better

What are you doing with the router exactly?

 

[mnewsham]

Well, this has acquired slightly more urgency. Gigabit FIOS has come to my CO. (Ok, I placed an order immediately for it, but I don't actually have it yet.)

My current setup has the VZ router as immediately internet-facing, and my Asus router handling my LAN.

I don't know if the Asus router can handle a 1Gbit/sec connection, when doing CPU-based software routing.

I was thinking of getting the Linksys WRT3200ACM router. You can get them refurb on ebay for ~$120.

They have a 1.8Ghz dual-core (ARM?) CPU, and accept third-party firmware.

Or this ZBox barebone mini-PC. Dual gig ethernet, three display outputs, takes 2.5" SSD and DDR3L SO-DIMMs:
https://www.newegg.com/Product/Product.aspx?Item=N82E16883218075

That ZBox's CPU SHOULD manage gigabit throughput without too much difficulty. However if you want to start messing with VPNs then it's throughput is going to fall to around 100-150Mbps.

If you you need better VPN throughput then you'd want to start looking at desktop i3's and others with high single core performance.

 

[sdifox]

That ZBox's CPU SHOULD manage gigabit throughput without too much difficulty. However if you want to start messing with VPNs then it's throughput is going to fall to around 100-150Mbps.

If you you need better VPN throughput then you'd want to start looking at desktop i3's and others with high single core performance.

It does have aes-ni.

 

[mnewsham]

It does have aes-ni.

That's fine, and it still caps out at about 150Mb/s with OpenVPN. There is only so much a 1.1GHz quad core can do. Especially when it's capped at 6w.

OpenVPN if I remember correctly is primarily single core performance, so if you really want good throughput you need very good (3.5Ghz+) single core. AES-NI at this point is frankly assumed.


https://forum.pfsense.org/index.php?topic=115673.0

Here the results:

Intel Celeron N3150 4x1.6GHz -TDP 6W -CPU Mark 1642 -Single Thread 456
3200/27,5 = 116 Mbps OpenVPN performance (estimate)

Intel Celeron J1900 4x2GHz -TDP 10W -CPU Mark 1881 -Single Thread 528
3200/36,5 = 88 Mbps OpenVPN performance (estimate)

AMD A10-7300 APU 4x1.9GHz -TDP 19W -CPU Mark 3032 -Single Thread 1017
3200/12,5 = 256 Mbps OpenVPN performance (estimate)

Intel i7-4500U 2x1.8GHz -TDP 15W -CPU Mark 3795 -Single Thread 1578
3200/10,7 = 299 Mbps OpenVPN performance (estimate)

Intel i7-4790S 4x3.2GHz -TDP 65W -CPU Mark 9631 -Single Thread 2261
3200/9,6 = 333 Mbps OpenVPN performance (estimate)

Intel Celeron J3355 2x2GHz -TDP 10W -CPU Mark 1333 -Single Thread 884
3200/10,9 = 293 Mbps OpenVPN performance (estimate)

If you're not concerned about good VPN throughput then don't worry about it. Since 100-150mbps is good enough for most people when using a VPN.

 

[sdifox]

That's fine, and it still caps out at about 150Mb/s with OpenVPN. There is only so much a 1.1GHz quad core can do. Especially when it's capped at 6w.

OpenVPN if I remember correctly is primarily single core performance, so if you really want good throughput you need very good (3.5Ghz+) single core. AES-NI at this point is frankly assumed.


https://forum.pfsense.org/index.php?topic=115673.0



If you're not concerned about good VPN throughput then don't worry about it. Since 100-150mbps is good enough for most people when using a VPN.

I cant fathom people needing more than 100mbps on vpn. Not sure there is even timeline on multi threaded openvpn yet.

 

[mnewsham]

I cant fathom people needing more than 100mbps on vpn.

Different strokes for different folks.

I can see someone who works from home a lot, or does occasional large projects at home that need to be sent to your office, or a remote office you might not go to in person (so just driving a hard drive over wouldnt be feasible) . Having 300-500mbps through a VPN instead of 100mbps could save you hours, and if you do these kinds of things often enough, this could end up being a significant time saver.

Obviously this a niche use case, and why I said

If you're not concerned about good VPN throughput then don't worry about it. Since 100-150mbps is good enough for most people when using a VPN.

 

[mv2devnull]

Finally remembered, where I saw the tun-mtu option's effect:
https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux

 

[sdifox]

Different strokes for different folks.

I can see someone who works from home a lot, or does occasional large projects at home that need to be sent to your office, or a remote office you might not go to in person (so just driving a hard drive over wouldnt be feasible) . Having 300-500mbps through a VPN instead of 100mbps could save you hours, and if you do these kinds of things often enough, this could end up being a significant time saver.

Obviously this a niche use case, and why I said

People like that can also afford proper hardware. Also, they tend to just vpn in as terminal.