Netgate Store

Author Topic: Small build... again...  (Read 1449 times)

0 Members and 1 Guest are viewing this topic.

Offline someuser08

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Small build... again...
« on: January 12, 2018, 03:41:28 am »
First post, but I have been lurking here for a little while. Its all started when I tried running openvpn client on one of the consumer grade routers and realized how little performance it's actually got. Even with the fastest encryption method (BF128) I was only able to reach 30mbps. So I started searching for an alternative solution which led me here.

My current connection is 80/20(no plans for a faster connection atm) and I would like to be able to max that out with openvpn client. All internet traffic will be routed through that. Budget is a constraint in a way that I would love like to spent as little as possible, but still achieve fully what I need.

I started looking at j3355 boards first (surely it will do what I need and has aes-ni for the future). I could not find any with dual intel LAN (yet alone with quad which ideally I would like to have). I thought, OK, i340-t4 can be had cheaply from eBay and almost went this route when I realized I can't fit this in small cases like m350 which is another constraint that I have (it can't really be much larger than a regular router as it goes in a small cabinet underneath my fish tank :) )

Next I looked at ready made J1800 box from Aliexpress. It has 4 Intel lan ports and is only $90 for barebone. I prefer this over J1900 due to better single core performance. I read quite a bit about performance and still not convinced it can push through 100mbps over VPN consistently but then again - I'm not sure I need 256 bit encryption and weaker ciphers can almost double the throughput of openvpn. Another reservation is obviously absense of hardware AES...

And lastly I found 3855U solutions which are similar to J3355 in a way that they don't have dual LANs. I started thinking - may be there is a USB 3.0 to gigabit LAN adapter that is supported by pfSense.

Any thoughts or recommendations? Or is there some other hardware that could be had cheaply that would fit into small cases?  Thank you.

Offline JohnnyFiama

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Small build... again...
« Reply #1 on: January 12, 2018, 05:26:09 am »
Another reservation is obviously absense of hardware AES...

That will be an issue for both OpenVPN performance and perhaps most critically future releases of pfSense. 

https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html

...starting with v2.5 all CPU's must support AES-NI!

Offline someuser08

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Small build... again...
« Reply #2 on: January 12, 2018, 08:55:43 am »
I know. I looked at N3150/N3160 systems but all reasonably priced ones have realtek NICs. So what is worse - not having AES-NI or not having Intel NICs?

Offline Grimson

  • Sr. Member
  • ****
  • Posts: 475
  • Karma: +68/-10
    • View Profile
Re: Small build... again...
« Reply #3 on: January 12, 2018, 09:23:42 am »
I know. I looked at N3150/N3160 systems but all reasonably priced ones have realtek NICs. So what is worse - not having AES-NI or not having Intel NICs?

Spend a few more bucks and avoid both.

Offline someuser08

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Small build... again...
« Reply #4 on: January 12, 2018, 09:34:34 am »
May be I'm not looking at the right things, but at the moment "a few bucks" actually translates into 2-3 times more. As I said I can get J1800 barebone for $90 and N3150 for $100. But ideal configuration of N3150+i211 from jetway would be $300+

Offline Grimson

  • Sr. Member
  • ****
  • Posts: 475
  • Karma: +68/-10
    • View Profile
Re: Small build... again...
« Reply #5 on: January 12, 2018, 09:44:04 am »
https://store.netgate.com/MBT-2220-system.aspx
https://store.netgate.com/MBT-4220-system.aspx

If you want good hardware you have to spend some money, especially if it needs to be small form factor with low power consumption.

Offline someuser08

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Small build... again...
« Reply #6 on: January 12, 2018, 10:00:47 am »
Those are definitely not good value for money. If I was going to spend that much I would just get something by jetway or shuttle and not bother with atom based devices...

Offline Grimson

  • Sr. Member
  • ****
  • Posts: 475
  • Karma: +68/-10
    • View Profile
Re: Small build... again...
« Reply #7 on: January 12, 2018, 10:04:17 am »
Lol. Good luck then.

Offline JohnnyFiama

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Small build... again...
« Reply #8 on: January 12, 2018, 05:54:54 pm »
I know. I looked at N3150/N3160 systems but all reasonably priced ones have realtek NICs. So what is worse - not having AES-NI or not having Intel NICs?

Spend a few more bucks and avoid both.

Couldn't agree more with this sentiment!

For what its worth - I've had really good experience with Qotom devices, they're reasonably priced for what they offer and more than sufficient for your throughput requirements.  But, still more expensive than the $90 or so you've mentioned in earlier posts.

Offline someuser08

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Small build... again...
« Reply #9 on: January 13, 2018, 03:34:02 am »
Yes, qotom and minisys devices look interesting and definitely cheaper than netgate ones... This exactly kind of advice I was looking for, thanks  :)

Offline SammyWoo

  • Full Member
  • ***
  • Posts: 208
  • Karma: +9/-4
    • View Profile
Re: Small build... again...
« Reply #10 on: February 09, 2018, 10:27:13 pm »
If you are going to stay with pFsense, largest support base, you have no choice but go with something AESNI-ready and that means dump Bay Trails. Rather than looking for a kludgy Ethernet dongle, I like the one-LAN-port solution with VLAN, (second port rides on a virtual port) assuming you already have a VLAN-capable ethernet switch. Nick's Hardware on youtube has an excellent video how to configure this, otherwise I don't really know how much cpu u need, I don't run VPN.

Offline VAMike

  • Sr. Member
  • ****
  • Posts: 436
  • Karma: +70/-11
    • View Profile
Re: Small build... again...
« Reply #11 on: February 10, 2018, 11:56:08 am »
Forget the J1900. A J3355 motherboard has much better performance and still runs under $60. Then get a case with a riser to mount your quad port card horizontally above the motherboard. Done.

A cheaper option depending on your location may be an APU2.

johnkeates

  • Guest
Re: Small build... again...
« Reply #12 on: February 10, 2018, 12:03:43 pm »
That connection definitely will do great on an APU2.