Hearing about some big changes coming to pfSense n version 2.5 - some good, some not so much.
pfSense would always run on almost any platform. Now nanoBSD is being removed and we need a 64-bit CPU. IMHO, the real pain-point is the requirement for AES-NI. I use a J1900 Quotom, which rumor has it is the target of these changes to force the purchase of pfSense hardware, that will be road kill.
My J1900 is barely pushing 15% CPU utilization and doing AES in software is totally viable....ecept I won't be given a choice.
So..... in preparation of version 2.5 what platform should I be looking into? I really need OpenVPN client but otherwise very basic needs....
I'm in the same boat. I've been running pfSense on Atom CPUs for the past 8-9 years; none of which support AES-NI. I never ever have more than one OpenVPN connection (me) into my network at a time, but the Atom chips handle that adequately in software.
I have an old LGA 1155 Supermicro server that I had planned to use, which currently has a 35w i3 CPU in it, but that doesn't support AES-NI either (nor do most i3 & Pentium CPUs). Apparently, I can get a Xeon CPU for +/- $150, which does have support, but that's a little more than I want to spend.
My current plan is to find a used LGA 1155 i5 CPU for cheap, to use in the Supermicro mobo. If I'm not mistaken, just about any i5 should support AES-NI (trust, but verify), so I suspect that any such equipped $20 box from the Goodwill Store, should still be a good foundation for pfSense.
If you are looking for an embedded solution, my recollection is that the AMD Geode SOCs have AES-NI support.
The AES-NI requirement is quite the annoying addition. Will be moving to a hyperthreaded pentium from a J1900 to meet the requirement, annoying as it is.
Hm, Opnsense is pretty good. As it is a fork of pfsense, but they've streamlined it pretty well, and the UI is easy and friendly on the eyes. Also SME Server - based on CentOS is another nice router software, it's very simple and easy to use. Also has simple: traffic shaping, squid proxy, ect as needed.
You should be able to use an LGA 1150 or newer cpu if you can find one. I'm using an i3-4130T. Intel Ark is show AES-NI support on 4th generation i3 cpu's.
There are small low power (and silent) embedded CPU boards available with AES-NI which are not that much more expensive than the J1900 boards, like the AsRock J3160TM-ITX or the AsRock J3455-ITX, though for these you're limited to a RealTek NIC and only a 1x PCI slot.
There are also a number of similar boards based around the Intel Celeron N3050 (Dual) and Celeron N3150 (Quad), or a newer generation with the Celeron N3060 and N3160. If I remember correctly some have 4x PCI which is considerably better if you want to have a dual or quad Intel NIC PCI card.
The cheapest board that i can find with dual lan is GA-N3150N-D3V . There are some jetway boards like JNF596-3150 and Jetway NF591-3150 but all of them have realtek cards.
Yeah I agree. He's already got the J1900, so best to wait until we are nearing the discontinuation of 2.4 support before making a purchasing decision. Who knows, maybe some new boards have come out which fits the bill perfectly (dual Intel NIC's, plenty of PCI expansion etc.) or the boards we are taking a look at in this thread have become cheap/available on the second hand market.
Of course there are other router OS's, like the one Ubiquiti have based their firmware on, though the name escapes me at the moment. But who knows, they might go down the same path before we know it.
i ordered a g4400T pentium skylake processor . will need to order a board probably tomorrow for it. 35W skylake processor supports AES-NI , so it should be ok for pfsense. current sempron 145 is doing well , so the dual core should be fine.
I've been running on a Core 2 Duo, since I had it in SSF, but it looks like I'll be needing to switch to one of my extra i5-2400 processors to keep updated. I think RAM will be my main issue, and space, I don't think I've got room for a Mini-Tower where it's sitting right now.
I have a working 2500 sandy bridge tower I'm not using at the time. It just stinks going from a nice baytail drawing 15w on a pico power supply and no fans to a 45w draw idle tower making some noise.
I just built my first custom router, and tried out a couple distros. Pfsense was alright, and some things were easier to configure in it than other distros, but some things were also harder too. I settled on IPfire as it has just about everything pfsense has, it makes OpenVPN and tor extremely easy (if you want either of those things), and has far superior driver support than pfsense, so more hardware you might happen to want to use would be supported, especially on the wifi side of things. The dev's are also decent people and not ego inflated dicks like the devs at pfsense.
I just built a new pfsense router after using the GFiber network box for a year as it was brand new installation and wanted to find any bugs in the network before adding another variable.
AMD A10-8750B FM2+ APU
Built-in graphics
Gigabyte FM2+ mini-itx MoBo 1 Realtek GB Nic
a Dell 4 port GB nic (igbx based chipset)
8GB DDR3 1866 RAM
and this chews through my 1GB GFiber connection with OpenVPN, Proxy/AV, Suricata @ 8% CPU utilization.
