Netgate SG-1000 microFirewall

Author Topic: Unofficial QOTOM Hardware Topic  (Read 38563 times)

0 Members and 2 Guests are viewing this topic.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 841
  • Karma: +60/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #195 on: October 07, 2017, 08:00:04 am »
I think about ordering a Q330G4 with i3 4005u CPU. I want to route all my internet traffic over my VPN provider by openvpn.

Could this system reach 80-90mbit if you look at VPN performance?

Yes.

Offline ssbarnea

  • Newbie
  • *
  • Posts: 14
  • Karma: +2/-0
    • View Profile
Qotom i5-5250U vs i7-4500U and OpenVPN performance
« Reply #196 on: October 07, 2017, 11:44:28 am »
I am about to build my first pfsense router and I am not sure if I should go for Qotom i5-5250U or i7-4500U model

Based on their spec these are the diffs:
I7:  Intel Core i7-4500U Processor 4M Cache, up to 3.00 GHz
I5:   Intel Core i5-5250U Processor 1.7GHz,dual core

Price wise it seems that i7 would cost an ~42 USD and the big question is what would be the impact on the expected OpenVPN throughput.

Any other pros/cons?

Offline zin105

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #197 on: October 07, 2017, 12:14:36 pm »
Anyone tried Suricata? My box just stops responding on all interfaces after a while. Can't ping it or anything. Console still responds.

I'm using Suricata, no problems. How heavy did you configure it? AFAIK if you have a big WAN pipe and you try to suricata the crap out of it, any desktop-class system will bork. I'm using it with 8GB RAM and a 64GB SSD, with a remote syslog server.

Did you configure it with Legacy or Inline mode?

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 841
  • Karma: +60/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #198 on: October 07, 2017, 12:23:42 pm »
Anyone tried Suricata? My box just stops responding on all interfaces after a while. Can't ping it or anything. Console still responds.

I'm using Suricata, no problems. How heavy did you configure it? AFAIK if you have a big WAN pipe and you try to suricata the crap out of it, any desktop-class system will bork. I'm using it with 8GB RAM and a 64GB SSD, with a remote syslog server.

Did you configure it with Legacy or Inline mode?

Inline

Offline zin105

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #199 on: October 07, 2017, 02:44:06 pm »
Anyone tried Suricata? My box just stops responding on all interfaces after a while. Can't ping it or anything. Console still responds.

I'm using Suricata, no problems. How heavy did you configure it? AFAIK if you have a big WAN pipe and you try to suricata the crap out of it, any desktop-class system will bork. I'm using it with 8GB RAM and a 64GB SSD, with a remote syslog server.

Did you configure it with Legacy or Inline mode?

Inline

https://imgur.com/kTuDktz

That's what I got when using Inline. The system didn't crash but it didn't respond to any traffic.

I have a 300mbit connection and I was doing very heavy torrenting + VPN traffic (not from the pfSense box itself).

Are you using pfSense version 2.3 or 2.4? I read that Inline depends a lot on having good NIC drivers so I'm thinking 2.4 maybe works better.

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 841
  • Karma: +60/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #200 on: October 07, 2017, 08:18:10 pm »
Anyone tried Suricata? My box just stops responding on all interfaces after a while. Can't ping it or anything. Console still responds.

I'm using Suricata, no problems. How heavy did you configure it? AFAIK if you have a big WAN pipe and you try to suricata the crap out of it, any desktop-class system will bork. I'm using it with 8GB RAM and a 64GB SSD, with a remote syslog server.

Did you configure it with Legacy or Inline mode?

Inline

https://imgur.com/kTuDktz

That's what I got when using Inline. The system didn't crash but it didn't respond to any traffic.

I have a 300mbit connection and I was doing very heavy torrenting + VPN traffic (not from the pfSense box itself).

Are you using pfSense version 2.3 or 2.4? I read that Inline depends a lot on having good NIC drivers so I'm thinking 2.4 maybe works better.

You need to configure igb better, it's running out of space.

Offline zin105

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #201 on: October 08, 2017, 04:22:35 am »
You need to configure igb better, it's running out of space.

Any tips? My /boot/loader.conf.local has:
Code: [Select]
kern.ipc.nmbclusters="1000000"
hw.igb.num_queues="1"

MBUF Usage was at like 2-3% and RAM usage at 15-20% when it happened.

EDIT: I added:

Code: [Select]
hw.igb.rxd=4096
hw.igb.txd=4096

It's too early to call it "fixed", but I have never been able to run Inline mode for this long.
« Last Edit: October 08, 2017, 08:37:28 am by zin105 »

Offline Panja

  • Full Member
  • ***
  • Posts: 259
  • Karma: +9/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #202 on: October 08, 2017, 06:44:59 am »
I just made the decision to order one!

Qotom Q355G4, 8GB ram, 64GB ssd and no wifi.
 
Qotom Q355G4 - 8GB ram - 64GB ssd
pfSense v2.4.2-p1
TP-Link TL-SG108E
2x TP-Link Archer C7: LEDE Reboot 17.01.4

Offline GPz1100

  • Jr. Member
  • **
  • Posts: 40
  • Karma: +1/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #203 on: October 08, 2017, 10:27:12 am »
Looks like all models are back in stock at amazon!

Offline Brutos

  • Newbie
  • *
  • Posts: 24
  • Karma: +3/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #204 on: October 08, 2017, 12:39:47 pm »
I have had such bad luck with these Qotom boxes, I bought two back in March J1900 both freeze and lock up if i install pfblockerng or try to add a black list to squidguard.

They work perfectly with sophos and opnsense, so strange. Now I am put off Qotom and I probable will just build a new box instead of buying of of these.

Has anyone been running pfblockerng or squid/squidguard on their Qotom without issues?
« Last Edit: October 08, 2017, 01:04:32 pm by Brutos »

Offline zin105

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #205 on: October 08, 2017, 02:17:48 pm »
I have had such bad luck with these Qotom boxes, I bought two back in March J1900 both freeze and lock up if i install pfblockerng or try to add a black list to squidguard.

They work perfectly with sophos and opnsense, so strange. Now I am put off Qotom and I probable will just build a new box instead of buying of of these.

Has anyone been running pfblockerng or squid/squidguard on their Qotom without issues?

I'm running pfBlockerrNG without issues atleast. Have you done anything to tune your NICs? I made a post above with some settings you can try.
« Last Edit: October 08, 2017, 03:46:18 pm by zin105 »

Offline kaiguy

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #206 on: October 08, 2017, 10:25:28 pm »
Has anyone been running pfblockerng or squid/squidguard on their Qotom without issues?
No problems here with pfblockerng, with a bunch of ipv4 lists and DNSBL enabled for ad blocking.

Offline kaiguy

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Qotom i5-5250U vs i7-4500U and OpenVPN performance
« Reply #207 on: October 08, 2017, 10:30:47 pm »
I am about to build my first pfsense router and I am not sure if I should go for Qotom i5-5250U or i7-4500U model

Based on their spec these are the diffs:
I7:  Intel Core i7-4500U Processor 4M Cache, up to 3.00 GHz
I5:   Intel Core i5-5250U Processor 1.7GHz,dual core

Price wise it seems that i7 would cost an ~42 USD and the big question is what would be the impact on the expected OpenVPN throughput.

Any other pros/cons?
I have the i7 and for my usage it's overkill. 2 PIA OpenVPN connections in a gateway group and I'm saturating my 350mbps download. Not sure what your line speed is, but pretty sure an i5 would have been more than fine for me.

Offline Kai_null

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #208 on: October 08, 2017, 11:51:39 pm »
The QOTOM box I purchased had its mSATA SSD fail 13 days after installation. 

Purchased here:
( https://www.amazon.com/gp/product/B01AAKGH88/ref=oh_aui_detailpage_o09_s00?ie=UTF8&psc=1 )

Feeling a bit grumpy.  32G SSD was only about 15% used, should have had lots of extra cells to move around in.

Was about a 100 clients with pfBlockerNG + Squid + expanded log files.

Offline Waqar.UK

  • Full Member
  • ***
  • Posts: 160
  • Karma: +2/-1
    • View Profile
Re: Unofficial QOTOM Hardware Topic
« Reply #209 on: October 09, 2017, 12:39:14 am »
The QOTOM box I purchased had its mSATA SSD fail 13 days after installation. 

Purchased here:
( https://www.amazon.com/gp/product/B01AAKGH88/ref=oh_aui_detailpage_o09_s00?ie=UTF8&psc=1 )

Feeling a bit grumpy.  32G SSD was only about 15% used, should have had lots of extra cells to move around in.

Was about a 100 clients with pfBlockerNG + Squid + expanded log files.

Was the SSD branded?