Hello! I’m currently running pfSense on a Celeron G3900 based system with additional used Intel nic. It runs really great but it’s a bit too big (ATX board) and power hungry. I would like to know if Supermicro X11SBA-LN4F would be a good option for a basic user with 600up/30dl Mbps or should I aim for something else? Would it even support pfSense?
I have an asrock n3150 board, with a 2.5" ssd/pico psu it draws 7W idle , 19W under heavy load test.
I’ve tried pfsense, but it was sluggish compared to basic out of the box archlinux install, probably because of the nic drivers.
Anyway, I’d recommend a mATX ryzen build these days. It costs the same, maybe an extra $10 a year in power, it’s slightly bigger but can be a lot faster
Thanks for the reply. But still, I’d like something mini-ITX based with passive cooling.
Btw what do you mean by saying it was sluggish? It couldn’t handle your connection or was the webgui a bit slow?
Sluggish == couldn’t route more than 200 Mbps of traffic and was pegging 100% of a core to do that. Disabling pf made it go up to 300.
Linux was doing a gig with basic firewalling and htb/fq_codel at <5% load. Over on Linux, it can just about saturate my connection (360Mbps) with OpenVPN.
At the end, I just shrugged and gave up on pfSense.
Offloading issue?
Since you’re switching things up, it might be worth looking at OPNsense. I’ve only just started testing it, but I’m liking it so far.
Disabling offloading brought it down further, probably not.
I asked around in various pfSense communities and was told I should stop using my network card (built-in to the motherboard) and buy an Intel nic (extra cash, doesn’t fit into a tm-itx case) – not helpful. I tried stock FreeBSD to see if it’s anything having to do with pfSense itself, and had the same issue.
Edit: maybe I should do a step by step how to install Debian onto a flash drive and enable routing and nat, most folks don’t care about more. … There’s plenty out there, but something tuned to this forum audience might be helpful.
Yeah, that makes sense then. Finicky drivers are one of the downsides of FreeBSD, especially for NICs and HBAs.
VyOS is debian-based and is arguably a very suitable out-of-the-box pfsense replacement. It was forked from Vyatta (Ubiquiti EdgeOS was also forked from Vyatta).
I’ve used EdgeOS (Ubiquiti) and VyOS . They do have that single short config “commit” workflow that network enginees like.
But I don’t think that shoe-horning configuration for various independently designed services into a single format makes sense. (e.g. OpenWRT tries to do this with uci as well / it’s just cost prohibitive to maintain in the long run).
It’s great for Cisco, juniper, Ubiquiti, pfSense / anywhere where you want to have a strictly defined configuration space that you want to map to features that you want to support.