pfSense Support Subscription

Author Topic: Unofficial QOTOM Hardware Topic  (Read 22901 times)

0 Members and 2 Guests are viewing this topic.

Offline johnkeates

  • Sr. Member
  • ****
  • Posts: 572
  • Karma: +51/-1
    • View Profile
Unofficial QOTOM Hardware Topic
« on: June 21, 2017, 10:13:02 am »
Introduction

Hello Everyone,

As some of you might have noticed, an administrator removed a few topics on QOTOM hardware. This isn't because pfSense forum administrators dislike them, but it's because the manufacturer has not been responding to pfSense developers or been clear on what it is they are offering when they list pfSense.

While some people might disagree with deleting or hiding topics because some upstream vendor is acting strange, this is how it is and instead of arguing about it, it's better to just move on and make sure we all know what's what.

Important stuff so everyone knows what it means:

Information on the relation between using software and selling free software: https://doc.pfsense.org/index.php/Can_I_sell_pfSense
Information on the trademarks relating to pfSense: https://www.pfsense.org/trademarks.html

This isn't because pfSense hates people! It's because pfSense equals a lot of hard work, because there are laws regarding having trademarks and defending them to be allowed to keep them, and because it's really hard to create a product that caters to everyone without degrading very quickly. We as a community can appreciate all of this, but sometimes there are commercial parties that try to find a way to abuse this, and the only way to prevent that is by setting up a few rules that apply to everyone, even to parties that have not (yet) (intentionally) cut any corners on this.


QOTOM is a Chinese manufacturer of generic PC hardware in small form factors (and somewhat industrial factors). They sell their stuff on a number of online webshops (aliexpress, Amazon), and most deliveries are of good quality. Components are name-brand and usually not fakes or rebadges of asian ripoffs. Sometimes they name their devices as 'pfSense firewalls', without asking pfSense/Negate or referring to pfSense CE in the correct way. While this by itself isn't inherently bad, it's simply not what the pfSense and Netgate people would like commercial distributors to do, as they have outlined in the past. It's not too much to ask of hardware vendors to simply follow a few guidelines to be able to deliver 'pfSense CE' boxes, as they practically get the software, and therefore the firewall as a product sales for free, without the authors getting any compensation whatsoever. While it is of course fine to just use pfSense CE on whatever you like as a user, it's different when a 'competitor' practically undercuts the income for pfSense and basically dumps support on them.

Now, with that out of the way, the QOTOM hardware itself isn't bad, and maybe the manufacturer has no malevolence in mind when selling the stuff. Most boxes you buy from them come with empty storage disks, and most of them don't sell with pfSense in the name, advertisement or documentation, so it's not exactly like they are intentionally trying to undercut Netgate. They just don't communicate at all.

More on topic

I have a few boxes running in the field as an experiment. Mostly the i3 and i5 versions with the Intel NIC's, and they work fine. All of them are fanless and using them in BIOS/CSM mode makes it possible to install the current stable pfSense CE version (based on FreeBSD 10). The betas for pfSense CE 2.4 (based on FreeBSD 11) work with the UEFI mode as well, which has a slight boot time advantage and possibly allows for more flexible booting (as you can change EFI settings from the OS, which isn't possible with CSM/BIOS most of the time).

When you buy one of the boxes, keep in mind that any version without Intel NICs or without AES-NI will probably not perform very well and will not be supported in future pfSense versions when AES-NI starts to be a requirement (there is a complete blogpost about that). I wouldn't recommend getting anything without AES-NI like the J1900 for this reason. If you are not sure what CPU it has: don't buy it. If you are sure what CPU it is, but not sure if it has AES-NI: plug the CPU in the search box at ark.intel.com and check somewhere in one of the last tables if it says it has AES.

When I ordered mine, it was delivered in about 8 days, from aliexpress, via DHL, so that's good. The RAM was verifiable name-brand, as well as the mSATA SSD. The chassis seems like a somewhat standard model with replaceable face plates, and the side with the cooling fins has direct contact with the mobile Intel package. The thermal paste works, but cleaning it up and applying some high quality thermal paste in the right dosage shaves off a few degrees compared to the factory stuff. There is a small CR2023 battery for the RTC and possibly some BIOS memory, but I'm not sure that's still CMOS memory these days, it seems to me that Flash SPI chips retain their settings just fine. It's the kind of battery wil soldered on wires to a small micro JST connector connecting to the main board. The battery itself is then stuck on a chip using a double sided foam tape pad. If you use the thing in a high-vibration environment you might want to glue it on in a somewhat more sturdy fashion.

The firmware is mostly standard, it's an UEFI type with CSM module you can turn on if you like. Some settings for the ethernet ports can be made, as well as the standard ACPI, integrated devices and SATA settings. It's not one of those crappy mobile firmwares where you can't configure anything, it's pretty open, which is nice. At the time of the hardware release, there was no newer firmware available, but the vendor does seem to update the firmware when needed as seen with their older devices.
« Last Edit: June 21, 2017, 12:50:04 pm by johnkeates »

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 585
  • Karma: +134/-125
    • View Profile
    • Netgate
Re: Unofficial QOTOM Hardware Topic
« Reply #1 on: June 21, 2017, 10:20:58 am »
Thank you for taking initiative. Our users are free to use whatever hardware they like, it's important everyone knows that.

Rather than having many separate threads, please post all QOTOM related posts on this topic.

Thank you!
Need help fast? Commercial support: https://www.netgate.com/support/

Offline bingo600

  • Full Member
  • ***
  • Posts: 119
  • Karma: +12/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #2 on: June 21, 2017, 12:27:26 pm »
Introduction
As some of you might have noticed, an administrator removed a few topics on QOTOM hardware.
Ahh ... So that's where my two posts went.  (/dev/null)
Thanx John for making a QOTOM thread that might survive  ;)

/Bingo
« Last Edit: June 21, 2017, 12:34:59 pm by bingo600 »
pfSense 2.4.1

QOTOM-Q355G4 Quad Lan.
CPU  : Core i5 5250U
Ram : 8GB Kingston DDR3LV 1600
LAN  : 4 x Intel 211
Disk  : 240G Toshiba Sata SSD

Offline bingo600

  • Full Member
  • ***
  • Posts: 119
  • Karma: +12/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #3 on: June 21, 2017, 12:29:13 pm »
I just received my 2'nd QOTOM-Q355G4 , and thought i would start a hardware thread for this excellent box.
I bought mine on the QOTOM store on AliExpress.


My first box was ordered w. 8GB Ram , and a 64GB mSATA module.

Specs: (The datasheet is attached)

QOTOM-Q355G4 Quad Lan.
CPU  : Core i5 5250U
Ram : 8GB Kingston DDR3LV 1600
LAN  : 4 x Intel 211
Disk  : 240G Toshiba Sata SSD

The ram installed from factory was Kingston KVR16LS11/8
I removed the 64GB mSATA , and installed a Toshiba A100 240GB SATA SSD , the SATA & Power  cable is already inside the box.

The 2'nd box was a barebone , i'll get a Kingston KVR16LS11/8 , and use the 64GB mSATA for that one.

Connecting the Q355G4 to the TV via HDMI , and a USB keyboard. And i was up and running in no time.

Press <DEL> to enter the bios.

Change the Powerfailure setting to : Automatic power on after powerfailure.
Use the Lan LED test along with the mac addresses , to find out witch mac address  matches witch physical port.
That will come in handy when configuring the interfaces later in the install.

I tried to set the Boot method to Legacy , but then pfsense 2.40 Beta crashed on install.
Changed back to UEFI+Legacy , and pfsense was installed around 4 minutes later.

The Q355G4 have a real db9 comport on the front (use null-modem cable) , that can be a real lifesaver.
Remember to enable serial console in the web gui.

NOTE I received a note in my "Barebone unit" : Do NOT use Corsair or Crucial Ram , they will make the system unstable.

/Bingo
« Last Edit: June 21, 2017, 01:22:14 pm by bingo600 »
pfSense 2.4.1

QOTOM-Q355G4 Quad Lan.
CPU  : Core i5 5250U
Ram : 8GB Kingston DDR3LV 1600
LAN  : 4 x Intel 211
Disk  : 240G Toshiba Sata SSD

Offline johnkeates

  • Sr. Member
  • ****
  • Posts: 572
  • Karma: +51/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #4 on: June 21, 2017, 12:32:20 pm »
I just received my 2'nd QOTOM-Q355G4 , and thought i would start a hardware thread for this excellent box.
I bought mine on the QOTOM store on AliExpress.

Did they ship it with a blank SSD or some Windows preinstall? Or did they actually put pfSense on the SSD (which anyone would wipe and reinstall anyway - nobody trusts Chinese pfSense  ;D )

Offline bingo600

  • Full Member
  • ***
  • Posts: 119
  • Karma: +12/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #5 on: June 21, 2017, 12:39:35 pm »
Did they ship it with a blank SSD or some Windows preinstall? Or did they actually put pfSense on the SSD (which anyone would wipe and reinstall anyway - nobody trusts Chinese pfSense  ;D )

I have no idea , as i removed it from the first one before booting at all. I installed a SATA SSD instead.
And i'm still waiting for my 8GB Ram for the 2'nd, where the 64GB mSATA will be installed.
Hope to get the ram tomorrow or friday.

If you're really interested i could give it a boot before wiping & installing pfSense 2.4

Edit (2017-07-01) : I did a boot from the QOTOM delivered 64GB flash , it contained an English Win7 (Non Genuine)
After 5 min usage,  i installed pfSense 2.4.0 Beta on top of it.

/Bingo
« Last Edit: July 01, 2017, 10:53:10 am by bingo600 »
pfSense 2.4.1

QOTOM-Q355G4 Quad Lan.
CPU  : Core i5 5250U
Ram : 8GB Kingston DDR3LV 1600
LAN  : 4 x Intel 211
Disk  : 240G Toshiba Sata SSD

Offline johnkeates

  • Sr. Member
  • ****
  • Posts: 572
  • Karma: +51/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #6 on: June 21, 2017, 12:44:04 pm »
Did they ship it with a blank SSD or some Windows preinstall? Or did they actually put pfSense on the SSD (which anyone would wipe and reinstall anyway - nobody trusts Chinese pfSense  ;D )

I have no idea , as i removed it from the first one before booting at all. I installed a SATA SSD instead.
And i'm still waiting for my 8GB Ram for the 2'nd, where the 64GB mSATA will be installed.
Hope to get the ram tomorrow or friday.

If you're really interested i could give it a boot before wiping & installing pfSense 2.4

/Bingo

I'm mostly interested to see if they actually copy pfSense on to it or something else. I quickly checked mine and it had chinese windows 7 on it (unactivated). It said somewhere on one of their sites they ship all boxes with an unlicensed Windows 7, but they also list pfSense somewhere, and when talking with a few pfSense people in various places some vendors that don't communicate at all do actually copy pfSense on the boxes they sell, so I was curios how often that happens with Qotom. Heck, maybe they even stopped doing it  :P But I don't know and my chinese isn't good enough to ask them.  ;D

If it's not a big hassle for you to test it, please do. Otherwise, we'll just wait for someone else to report more on this.

By the way, how are your ports arranged? Mine were igb3, igb1, igb0, igb2 for some reason. You'd expect them to go 0123 or 3210, not mixed, but that could also be due to the way the driver enumerates them, or maybe they are actually wired up that way to the controllers.

Offline bingo600

  • Full Member
  • ***
  • Posts: 119
  • Karma: +12/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #7 on: June 21, 2017, 12:51:40 pm »
My ports was like this

Code: [Select]
Mac   Phys port   BSD name
-----------------------------
xx6F    1          igb0

xx70    4          igb1

xx71    2          igb2

xx72    3          igb3

But i think the "Blink lan led" feature along with the mac-addres listed in the bios was nice , easy to map mac to phy-port

Wonder if FreeBSD sorts by Mac-addy , or ??

/Bingo
« Last Edit: June 21, 2017, 12:55:56 pm by bingo600 »
pfSense 2.4.1

QOTOM-Q355G4 Quad Lan.
CPU  : Core i5 5250U
Ram : 8GB Kingston DDR3LV 1600
LAN  : 4 x Intel 211
Disk  : 240G Toshiba Sata SSD

Offline johnkeates

  • Sr. Member
  • ****
  • Posts: 572
  • Karma: +51/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #8 on: June 21, 2017, 12:53:59 pm »
My ports was like this

Code: [Select]
Mac   Phys port   BSD name
-----------------------------
xx6F    1          igb0

xx70    4          igb1

xx71    2          igb2

xx72    3          igb3

But i think the "Blink lan led" feature along with the mac-addres listed in the bios was nice , easy to map mac to phy-port

/Bingo

Thanks! And yes, that blink LED feature is really handy. I do know that most Intel NIC's have some sort of mii-tool or ethtool commands to do that as well. You can have them blink a pattern from the CLI so you know what port is what according to the OS. I wonder if that would be something that can be added to the pfSense GUI, it's easy to detect if the driver supports it, and all it would need to do is run the command to start blinking and then run the command to stop blinking once you're done.

Offline bingo600

  • Full Member
  • ***
  • Posts: 119
  • Karma: +12/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #9 on: June 21, 2017, 01:00:52 pm »
I wonder if that would be something that can be added to the pfSense GUI, it's easy to detect if the driver supports it, and all it would need to do is run the command to start blinking and then run the command to stop blinking once you're done.

I think you need to know the Phy &  MagJack in order to do this (control the leds).
So if the FreeBSD driver (OS) doesn't support this access, i'd not expect pfSense to go that "low-level" , would make some nasty driver or hardware dependencies.

/Bingo
pfSense 2.4.1

QOTOM-Q355G4 Quad Lan.
CPU  : Core i5 5250U
Ram : 8GB Kingston DDR3LV 1600
LAN  : 4 x Intel 211
Disk  : 240G Toshiba Sata SSD

Offline johnkeates

  • Sr. Member
  • ****
  • Posts: 572
  • Karma: +51/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #10 on: June 21, 2017, 01:04:51 pm »
I wonder if that would be something that can be added to the pfSense GUI, it's easy to detect if the driver supports it, and all it would need to do is run the command to start blinking and then run the command to stop blinking once you're done.

I think you need to know the Phy &  MagJack in order to do this (control the leds).
So if the FreeBSD driver (OS) doesn't support this access, i'd not expect pfSense to go that "low-level" , would make some nasty driver or hardware dependencies.

/Bingo

I was actually having a quick look at the igb manpage just now:

Code: [Select]
     Make the identification LED of igb0 blink:

   echo f2 > /dev/led/igb0

     Turn the identification LED of igb0 off again:

   echo 0 > /dev/led/igb0

Offline bingo600

  • Full Member
  • ***
  • Posts: 119
  • Karma: +12/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #11 on: June 21, 2017, 01:13:37 pm »
Ahh well spotted  ;)

Then it might be "easy" to do.
And easy to spot if the port has no cable in it.

/Bingo
pfSense 2.4.1

QOTOM-Q355G4 Quad Lan.
CPU  : Core i5 5250U
Ram : 8GB Kingston DDR3LV 1600
LAN  : 4 x Intel 211
Disk  : 240G Toshiba Sata SSD

Offline chudak

  • Jr. Member
  • **
  • Posts: 94
  • Karma: +2/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #12 on: June 21, 2017, 04:30:59 pm »
I just received my 2'nd QOTOM-Q355G4 , and thought i would start a hardware thread for this excellent box.
I bought mine on the QOTOM store on AliExpress.

Did they ship it with a blank SSD or some Windows preinstall? Or did they actually put pfSense on the SSD (which anyone would wipe and reinstall anyway - nobody trusts Chinese pfSense  ;D )

I asked them to pre-install pfSense and they did.

Offline chudak

  • Jr. Member
  • **
  • Posts: 94
  • Karma: +2/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #13 on: June 21, 2017, 04:34:00 pm »
Did anybody try those boxes run PIA VPN (https://www.privateinternetaccess.com/) ?

So far my download speed performance was 20x slower.

Offline jgiannakas

  • Jr. Member
  • **
  • Posts: 51
  • Karma: +15/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #14 on: June 21, 2017, 05:24:26 pm »
Did anybody try those boxes run PIA VPN (https://www.privateinternetaccess.com/) ?

So far my download speed performance was 20x slower.

I've been using the i5 version with 4GB ram and 32GB SSD for a little over two weeks. I've set it up as follows with my symmetrical 1Gbps fibre to premise connection:

  • Open VPN (4x) servers to access my LAN from various devices using a Synology as a backend Radius authentication server
  • Open VPN client to PIA, using 4x connections clustered as Tier 1 in a single gateway group. This is the only way I've found to max out transfer speeds to PIA
  • Packages running include PfBlocker for Geo blocking of ports and DNS blocking of ads, DNS server (unbound), light touch snort on the WAN. Im not using Squid as there is no benefit in doing so at a home network with a super fast connection

With the above I have observed:
  • full gigabit throughput on the LAN to WAN (~900mbps using speedtest.net)
  • about 450-500mbps to the internet via the PIA gateway. I noticed doubling of performance up until the 4x clients where the CPU started maxing out.
  • about 200-300mbps on my OpenVPN servers running on PFsense as standalone instances
  • As a side benefit my R7000 router can now hit 700-750mbps via wifi AC to my MacBook Pro on both WAN (speedtest.net) and LAN (to Synology). Before it would struggle to keep this speed at a sustained rate. I've also observed that the R7000's switching ability is a bit sub-par, it would limit my LAN to LAN transfer to about 650mbps via wired connections despite hitting 700+ over Wifi AC. I've added a separate Netgear switch (NETGEAR GS308) and now things are back to normal hitting 940+mbps on LAN to LAN and sustaining the same 700-750mbps from Wifi to LAN & WAN
  • Power consumption is at 10-15Watts under normal use. My 2x Synology 2 bay NAS's, R7000 router, APC UPS, Powerline adaptor and the Qotom box all tally up to about 90 watts under normal use

Mods done:
  • 2x 12mm fans placed over the box, running at their slowest speed to keep it cool (AC Infinity MULTIFAN S7, Quiet Dual 120mm USB Fan). Without them in the recent UK heatwave (32+C) the box would hit 60C at moderate load
  • Removed the power button to prevent me from pressing it accidentally if the unit was moved

The unit has been reliable so far and my typical home load (15+ devices) are barely getting it to go over 5-10% CPU even with 10-20mbps constant streaming put through it (fireTV streaming amazon content). When pushing it I hit about 20-30% and am almost hitting 70-80% if downloading through the PIA gateway group. However as the speeds are very quick most downloads are done in minutes so it idles back quite quickly.

In terms of disk use I'm at 6% of 32GB and in terms of memory at ~10-15% of 4GB. So there is little to no need to go any higher in disk and RAM unless you are behind a slow connection and need to use Squid. In which case, might as well go with the i3.
« Last Edit: June 21, 2017, 05:32:09 pm by jgiannakas »