I’ve wanted to revamp my home network a little, so to get things started I got myself new x86 based firewall/router. Here’s my initial thoughts about the platform after using it for few days.
I haven’t done any major stress testing so take my opinion as “filthy casuals point-of-view”
Router is based on PCEngines APU2 platform, more specifically I have APU4D4 board. If someone is interested this is the exact package I got, plus I also got the bios flash module and SATA cable if I ever want to put regular 2.5 Sata SSD into this thing.
CPU is AMD Embedded G series GX-412TC quad core 1GHz cpu with AES-NI support. When I was looking for possible router hardware one criteria was to have AES-NI support available, not that I need it, but afaik pfSense is planing to drop support for non AES-NI CPUs in the future, if they haven’t done it already. So aes-ni was more of a future proofing the system, rather than me wanting to play with cryptography etc.
System also has 4 gigs of ram with ECC support (ram soldered, not possible to upgrade later), and 4 Intel i211AT nics. Intel network interfaces was another requirement for the hardware. While something from Realtek might work, BSD based systems like pfSense and Opnsense are bit picky about nics, and the safest route is to go with Intel.
Other notable things about this platform is it has coreboot right out from the factory, the system is purpose built for this purpose, and this thing can boot from various different storage options (SATA, SD card, mSATA and USB). Bad stuff is the only output you can get from the board is via serial port, there’s no video outputs.
I decided to get more reliable mSATA SSD instead of using SD card as boot media. SSD is only 16GB but since this is going to be quite basic firewall I don’t think I will need much more.
Empty miniPCI slots next to SSD are for wireless cards. I don’t plan to add WIFI for this because I want to be able to throw this thing under the boiler if I feel like it and not having to worry about poor WIFI performance. I will get separate WIFI access point, more about that later.
Here’s the board upside down. You can see the CPU in top right corner. The piece of aluminium next to the motherboard is the heat spreader that comes on top of the CPU.
Here’s the heat spreader on top of the CPU. There’s thermal pad on both sides of the heat spreader. The CPU is cooled passively by using the aluminum case itself as heat sink. The heat spreader is sandwiched between the motherboard and the case.
Wall mount is optional but I put the bracket on already since my plan is to mount this thing under my table at some point.
Aaand pfSense up and running!
So, what’s my first impressions?
I must say this is really neat and well made solution if someone wants to have small x86 based router and don’t want to go the Aliexpress route.
Currently I have only one grievance I’m not entirely happy, and that’s the CPU cooling. In normal use the CPU temps are around 60 °C, but when I put Steam to download a game without any bandwidth limitations CPU peaked around 73 °C. CPU usage was about 20%. Granted it’s really warm in my apartment right now, so I’ll have to do some extra testing later, but I don’t imagine the temps are going down much more from this with current cooling system. I don’t really care if CPU peaks at 70-75 °C, but what troubles me is when that happens the case is almost too hot to touch. Right under the CPU the case gets really hot.
Right now I have few bolts attached to wall mount brackets to lift the router off the table, to allow more air flow under it, since the CPU is located underside the router. I also have small table fan blowing air at the router, just testing out how much difference it would make. Currently I managed to drop the CPU temp down to 52 °C, but since there’s no cooling fins or anything I don’t think that active cooling is going to do much more here. We need to have more cooling surface.
BUT, who says we have to be satisfied with default cooling?
What’s good is PCengines provides useful information about their products on their website, for example in here they are giving quite good description of what requirements there is for third party cases and what kind of thermal pads should be used. So I might try to jerryrig some alternative cooling solution for this. I will share my results here if I ever get around trying my luck.
And now my WIFI plans an problems.
My initial idea was to repurpose my old TP-Link Archer C7 as wireless access point. Instead of using the factory firmware I’ve flashed the unit with OpenWRT 19.07.7.
However, all OpenWRT AP tutorials and guides I’ve followed have either resulted me having no WIFI, no Internet over WIFI, or simply locking me out from the entire router. Thankfully the reset button let’s me to roll back to default config.
My plan right now is to ditch the idea of using old router as WIFI access point, and instead get some entry level Ubiquiti access point like Ubiquiti UniFi UAP-AC-LITE or LR. If someone has any good tutorial “for dummies” on how to configure OpenWRT to work as basic WIFI access point I’m all ears for learning purposes, but for simplicity I’m going to stick with Ubiquiti for now.