Was meant as a respons to @Shadowbane, sorry for wrong respons thread 
I sure will, i am on the same time scheduele as you tho 
And for Michael's build he linked to it here 
For reference, this is my headless 5350 box. I bought it a while ago as a "kit" from newegg. replace the DVD drive for a network card and its pretty much the same setup.
3 Likes
Looks like ill need to consider a new build some time down the line then as mine doesnt have AES-NI
What circumstances does it benefit having AES-NI exactly?
3 Likes
Hi Eden. I am not technically inclined to answer this unfortunately. I linked a reddit discussion in this reply where the main reply i cite is this one from reddit, where a developer at Netgate (who fund PfSense) discuss the decision.
3 Likes
Hey, thanks for the reply. I was not aware of the difference between AES hardware acceleration and AES new instructions, however, I am none the wiser as to what pfsense would use either for, aside from VPN connections. The original Netgate article (which spawned the discussion here) does not go into any detail as to what it might be, hence the link to the Netgate employee on reddit who tries to explain in more detail, alas, in a language I am not technically inclined to understand.
1 Like
From what I can gather from the article link in this topic AES hardware acceleration and new instruction sets have to do with hardware instead of software to encode and decode VPN traffic and the new instructions for AES I alow the the assignment of VPN traffic more securely. Basically from what I can understand from the article, it will make Pfsense more secure.
4 Likes
Well... sh*t... I just got in and setup PFsense at home on one of those amazon/ebay j1900 boxes- thought I did good ensuring it was 64bit as PFsense is also going to get rid of supporting 32bit. Can't ever win haha.
I remember years back researching a pfsense build and saw cards listed to optimize encryption but now I'm not finding any of this- I guess it has to be native on the chip?
4 Likes
Yeah, I've got a feeling this isn't going to wind up happening. The thread is a classic example of customer revolt. They'd be extremely ill-advised to proceed with this. Honestly though, you can set up your DHCP server to configure the gateway to be a VM on a server and have that server tunnel all the traffic.
2 Likes
Thankfully I have an ESXi box at home, so this is an option.
1 Like
So I can't help myself and started google'ing but am not getting far, what intel processors that support AES-NI fit the FCBGA1170 socket?
- Edit, found two that look do-able
http://ark.intel.com/products/91831/Intel-Celeron-Processor-N3160-2M-Cache-up-to-2_24-GHz
That 3845 looks pretty good. Technically, I think they want 2.4GHz for gig, but that's not a bad system.
im considering a 6100t i3 (35W cpu) and a board for it that supports ddr3 (mainly cause i have a bunch of it). i have a case and such already.
1 Like
There is also the older N3150 (or N3050 if you're cool with dual), or the Pentium N3700, all from 2015. I don't know, maybe you can save a couple bucks by going a bit older. (But then again, if you got the proper machinery to mount BGA, maybe money isn't a concern hehe)
The Pentium G3258 does not have AES NI according to Intel ARK:
The G4400 however does have it:
2 Likes
Yeah, I didnt really look it up, just kinda assumed. I guess the g3258 is a bad idea anyway since its actually more expensive than the g4400.
1 Like
Good catch! Thanks!
I'm really aiming for a SoC build, for the form factor. I'm aiming for something that's about the size of a conventional router/ap combo unit. That's the only problem with the i3 system.
Derp. Well for now I'll just have to run VPN via VM, and maybe a few years down the line justify a whole new build.
Remember this is two years down the line, if, as @SgtAwesomesauce speculates, it will even bear to fruition at all. So lots of time to consider what to do. Your current box will be able to push VPN for now anyway, unless you have ridiculously high bandwidth.
1 Like
Take a look at my AMD 5350 builds case. Its obviously bigger than most combo units but still a really small footprint.