At that point why not look up openwrt device support and get something used?
1 Like
A pi may be a risk as far as AES goes:
A low, low risk way to play with this will be scavenge somebody’s secondhand/end of life/etc. laptop and spin up pfsense with a $10 USB nic as a second port. Boot from USB stick if you have to.
You’ll even get ghetto uninterruptible power due to the battery in the laptop… 
1 Like
OpenVPN performance depends on so much more than just AES. There’s other kinds of VPN; L2TP/IPSec and Wireguard can typically run at higher speeds with less CPU used. But they’re usually harder to configure (IPSec) or not widely supported (Wireguard, due to IP assignment)
…and gcm vs cbc
Yeah, but if you can get AES acceleration, you can run AES on L2TP/IPSEC (IPSEC can use different ciphers, AES is one of them; i’m using it) a lot quicker. The AES acceleration is like a 30x speed up (on intel at least).
So, if I’m looking at old ~i3/i5 desktops (I definitely saw one around 4000 series), is there a certain period/generation where common consumer-grade CPUs started having AES acceleration?
How much power would an older i3/i5 desktop system typically draw at idle? Do OEM (Dell, especially) motherboards typically work fine in Linux/with pfsense?
Hit and miss, check ark.intel.com. Support got better with sandy bridge but not all chips have it.
Or go AMD, even the Sempron 2650 has AES. I’ve seen that one with a board for less then 40,- bucks on German ebay. Any stick of DDR3, any PSU, any drive and a proper NIC. And you’re done.
1 Like
I had the chance to check one of the shops with used computers and laptops yesterday. I took pictures of the stickers for memory’s sake, I can post them if they sound interesting to you guys, but they’re more functional than they are aesthetic, just pictures of laptops and labels on cluttered shelves.
These are from the “damaged” section, the clerk told me most of them have a problem with the battery or the screen, neither of which should be a problem for me since I just want these to be a router.
ASUS EEEPC 1201N with an Atom 330, 2G RAM - 1500 (~$49.14 USD)
HP 2133 with a Via C7-M(?), 2G RAM - 1500 (~$49.14 USD)
Lenovo Y530 with a T5800, 2G RAM - 1800 (~$58.97 USD)
Acer 5742ZG with a P6200, 4G RAM - $2000 TWD (~$65.52 USD)
Acer Aspire 595829(?) with a T4200, 4G RAM - $2000 TWD (~$65.52 USD)
Acer H20G(?) with a T7300(?), 2G RAM - $2000 TWD (~$65.52 USD)
Lenovo G450 with a T4500, 4G RAM - $2000 TWD (~65.52 USD)
Do any of these seem like sensible purchases for a router? I didn’t think to check for blue USB ports while I was there, but I assume that most of these only have USB 2.0, since they’re mostly Windows 7-era machines. Would USB 2.0 limit my network speeds if I was using adapters?
I also saw a shop selling ASUS mini-pcs, although they’re something like 5 times as expensive as these laptops.
PN40 (N4100, 4G RAM and a 120GB SSD) - $10900 TWD (~$357.07 USD)
VC66 (i3-7100, 8G RAM and a 1TB HDD) - $11900 TWD (~$389.83 USD)
I think buying a dedicated router and having to pay shipping/import taxes would probably be better value than these, for a router.
All the CPUs on that list up there are super ancient, I was hoping for an ivybridge or newer. If they’re good other than the screen, sure might as well use them for $50; but you’ll likely need a power brick, they likely come with an hdd if any storage at all, your nics are bound to be on usb 2.0 dongles which sucks a bit, and the batteries are likely to cause you more hassle than they’ll be worth - it’s not much more compact than a micro ATX tower case that you can put your plant on top. It’s not more convenient than a small sbc + vlan capable 5 port gigabit switch (worth ~$20) that you can both screw into the underside of your desk and have a hell of a router/switch for ~$50-70
I made this list for you to use as a frame of reference…
You could bring this list on a piece of paper, or in a notebook, and a pen to Guanghua Digital Plaza or Guanghua Electronics Plaza, or look at local online shops and see how well you do in comparison, and do some +/- math.
When looking at second hand stuff in the shops, the 2c/4t 3000G at 3.5GHz from the list below is roughly like an i7-920 (4c/8t nehalem at 2.66) or roughly like an i5-2500k (4c/4t sandybridge at 3.5) except new cpu uses less power.
For the list I took the cheapest case with a PSU, cheapest ~240/250 GB SSD (that’s remotely reputable, even if no dram), cheapest 16G ram (speed doesn’t matter as long as it’s compatible) and a 4 port PCIe x1 realtek gigabit nic (that probably can’t do 8Gbps aggregate traffic but it’s cheap and you get some extra ports,… so whatever but 2ports would work fine as well)
| Type | Item | Price |
|---|---|---|
| CPU | AMD Athlon 3000G 3.5 GHz Dual-Core Processor | $50.00 |
| Motherboard | Gigabyte GA-A320M-S2H Micro ATX AM4 Motherboard | $58.98 @ Newegg |
| Memory | GeIL EVO POTENZA 16 GB (2 x 8 GB) DDR4-2400 Memory | $46.99 @ Newegg |
| Storage | Crucial BX500 240 GB 2.5" Solid State Drive | $31.99 @ Adorama |
| Case | Apex TM366BK MicroATX Mid Tower Case w/300 W Power Supply | $46.99 @ Newegg |
| Wired Network Adapter | Syba SI-PEX24042 PCIe x1 1000 Mbit/s Network Adapter | $5.99 @ Amazon |
| Prices include shipping, taxes, rebates, and discounts | ||
| Total | $240.94 | |
| Generated by PCPartPicker 2019-11-25 01:51 EST-0500 |
2 Likes
@risk The 3000G is a crazy value for low end desktop as well as any kind of network appliance. It should work on A320 but you’ll have to make sure that the BIOS is up to date. Here is the main thing I would change about that build. (I know you just went for the cheapest and that might be fine but … )
| Type | Item | Price |
|---|---|---|
| Wired Network Adapter | Intel Pro 1000 Quad | $20,- @ ebay |
These adapters will work until the end of time itself. … Maybe not that long but you get what I mean. 
They are built to a different standard because they are meant to survive years and years of constant full load. These are server cards after all.
If you want to cut down on price you can reduce the amount of memory. A single 8GB stick should be fine, dual 4GB would obviously get you slightly more performance on paper but would make it harder to upgrade later on.
And the drive can be whatever, honestly. Once booted the system pretty much lives in RAM anyway.
1 Like
Long thread, but I can say, having a virtual pfsense instance acting as my public-facing router works quite well. It allows you to decide on the underlying hardware you wish to host it on as well.
I’m not a fan of how difficult it is to perform PCI-passthrough, and I’m not sure if Hyper V will allow an Ethernet interface passthrough instead, but I would recommend the latter.
To add a ‘wireless interface,’ I’d probably recommend buying an AP and plugging that into one of the ports. You can get good Intel quad port NIC cards for ~$50.
I can probably make it out to Guanghua again next week, maybe this coming weekend. But last time I was out there I learned that a lot of the shops in and aruound Guanghua are affiliated with coolpc, and their website has their current prices: https://www.coolpc.com.tw/evaluate.php
It’s not too difficult to sort through if you can’t read Chinese (I can’t read any of the Chinese on there), but it doesn’t look like they have the 3000G, unfortunately. If one of the largest carriers doesn’t have it, it’s not very likely that anyone else has it either.
Just recalled another site, and they don’t have it: https://www.autobuy.tw/3c/cate_12817