Advice for a pFSense mini-PC?

Oh? First I’ve heard of it. Nothing on Google yet.

Was discovered quite a while back. Synology upgraded the warranty of their machines by a year or so to keep selling them. There are so many of these out in the wild, it’s not even funny. Lot of those might blow up over the rest of the year.

I think it started here:

https://www.anandtech.com/show/11110/semi-critical-intel-atom-c2000-flaw-discovered

But I don’t know how widespread the problem is.

1 Like

Netgate hardware. Gold subscription included 100% supported hardware.

Would anyone be willing to toss together a build list for a $250 ITX pfSense router?

Netgate hardware is very expensive and unless you go for the really shockingly expensive devices, also can’t handle high-bandwidth OpenVPN.

$250? you can get a old xeon server for under $50 on craigslist to do the same thing. if you want to learn how to build it…

Perhaps he doesn’t want a 4U behemoth sounding like a helicopter taking off next to his cable modem in the living room?

2 Likes

Actually it will be next to my desktop and I have a symmetrical 1gig fiber to the home connection. No shitty cable modem to worry about. Just a CAT5 jack to plug into.

I don’t want to kill my power bill. It needs to be as quiet as possible while costing as little as feasibly possible. I’ll be doing buffer bloat mitigation, stateful packet filter firewall, VLANs, a VPN for VLAN tagged traffic (all other traffic will pass through WAN).

The ones I mentioned that have aes-ni yes. That’s symetrical (bidirectional) they do about 650 unidirectional.
Aes-ni by itself can do about 3GB/s on those, but OpenVPN requires doing more than just crypto.

They can do more with multiple sessions but tail latencies start to suck.

Specifically, I’ve tested (and still own) the asrock n3150-itx and j3160tm-itx. They’re still working fine for me.


This is probably all you need for a sub $250 build:
https://pcpartpicker.com/list/mFkN6s

You could get a better PSU probably and maybe you can find a less obnoxious case.

If you don’t have a VLAN switch or need more bandwidth add a nic .

1 Like

Nice, still can’t hit a gigabit but much better than I had heard.

I would suggest going mini-ITX, with a much smaller case. And while you can use a VLAN switch I just don’t feel right about that on my edge router and would insist on a second NIC.

I was unable to get anywhere close to $250 on a mini-ITX build with new parts that I would actually want in my house. Would need to pick up an intel NIC from eBay too.

https://pcpartpicker.com/list/YkMh3b

I Mean using a VLAN switch for VLANs. Not for Trunking with a single NIC. The router pfSense + VLAN switch doing VLAN tagging of traffic etc. Set it up so that the VPN traffic is only what is VLAN tagged for the VPN. Everything else passes over the standard WAN.

See, this is what I have put together based on Intel

https://pcpartpicker.com/list/g7WkJ8

It still runs me ~$425 and that is shrinking it as much as possible and cutting corners per se.

Quad core i3 8th gen. 4GB of RAM

Yep, I don’t see how you can do it with new parts. That’s why I would go with one of those mini PCs you listed or even better, a Qotom from Aliexpress.

https://www.aliexpress.com/item/Pfsense-Hardware-Qotom-Barebone-Mini-PC-Nano-itx-Core-i7-4500U-Fanless-Mini-Computer-X86-Router/32799048185.html

?? https://www.aliexpress.com/item/HYSTOU-Fanless-Industrial-Mini-PC-Win10-Core-i3-i5-i7-2-Intel-82583V-Gigabit-NICS-6/32683017003.html?spm=2114.10010108.1000014.2.72cd1eadB88wF8&scm=1007.13338.98644.000000000000000&scm_id=1007.13338.98644.000000000000000&scm-url=1007.13338.98644.000000000000000&pvid=3017ee46-1217-4e3f-b6da-96a319603b28&_t=pvid:3017ee46-1217-4e3f-b6da-96a319603b28,scm-url:1007.13338.98644.000000000000000

The i3 5005U with 8GB/32GB No wifi for $300?

In terms of what to put together…


PCPartPicker part list / Price breakdown by merchant

CPU: AMD - Ryzen 3 2200G 3.5GHz Quad-Core Processor ($94.99 @ SuperBiiz)
Motherboard: Biostar - X370GTN Mini ITX AM4 Motherboard ($77.08 @ Newegg)
Case: Cooler Master - Elite 110 Mini ITX Tower Case ($38.99 @ SuperBiiz)
Total: $211.06
Prices include shipping, taxes, and discounts when available
Generated by PCPartPicker 2018-05-31 18:36 EDT-0400

^ + Those options. But there are other mini ITX cases.

^Those look even better if you just want to get a barebones instead. Looks like it would be less work + cost. Really because the mini PC cases are expensive overall.

The one you built has no storage or memory, and the prebuilt ones only have a single NIC.

Yes that i3 would work fine, although I’d go for one with four NICs just for the hell of it. Make sure the CPU sports AES-NI before buying. The older atom celerons like the 1900 don’t.

That isn’t an atom celeron… its a Celeron U Skylake chip.

And yes if you follow all the links you will see the storage and memory, because the prices are cheaper than the cheapest available at pcpartpicker.

https://www.aliexpress.com/store/product/XCY-Fanless-Mini-PC-Windows-10-4GB-RAM-Celeron-J1800-J1900-3205U-3755U-2-LAN-2/537726_32839916971.html?spm=2114.10010108.1000023.2.792f2d9foOhcIj

^Dual NIC and cheap.

None of those CPUs support AES-NI.