PFSense ITX build

[Z3R0 CHANC3]

Budget (including currency): whatever

Country: US

Games, programs or workloads that it will be used for: Minimal logging, VPN support, split tunneling

Other details (existing parts lists, whether any peripherals are needed, what you're upgrading from, when you're going to buy, what resolution and refresh rate you want to play at, etc): 

Parts:

Intel E1G44ETBLK 82576GB Gigabit Quad Port PCI-E x4 Server Adapter - DELL HM9JY (already have)

i3-8100T
Noctua NH-L9i
Prime H310I-Plus
Crucial Ballistix 2x4GB 
Team MP33 128GB M.2 NVME
SeaSonic 300W SFX

 

https://pcpartpicker.com/list/MwQT9G

 

I know it's pretty overkill for my needs. Most of the pfsense boxes you can buy use Atom processors, though I did see one that used a laptop or SOC i5. This i3 is a 35w part so I'm ok with that. What I like about this is that it uses normal memory instead of SODIMMs, and seems like the parts are readily available. I'd certainly be open to an AMD solution but I wasn't seeing parts in stock that were lower TDP, used AES-NI, or both.

 

There aren't a lot of current builds out there for this kind of thing. I'm seeing a lot that use obsolete server parts, but either those parts are no longer available, or they've gone up in price so much that it just doesn't make sense compared to current consumer stuff.

 

I'm going to throw this in the smallest Silverstone HTPC style case I can, because they're fairly cheap and will fit on a closet shelf. I have a 200mm fan exhausting from that closet into my master bedroom closet so it stays quite cool. Even with the fan running at roughly 25% speed. I'm pretty happy with that solution.

 

 

I also have a stack of 750GB laptop drives that I might make an unraid server with...but that's a separate build. Thanks for the feedback.

[Electronics Wizardy]

10 minutes ago, Z3R0 CHANC3 said:

Noctua NH-L9i

thats way overkill, stock cooler is more than enough

 

10 minutes ago, Z3R0 CHANC3 said:

in stock that were lower TDP

ignore tdp, it doesn't matter here. Idle power is what youcare about. And in that case, all modern cpus are pretty much the same. Just remove all the extra things you can to save power.

 

11 minutes ago, Z3R0 CHANC3 said:

There aren't a lot of current builds out there for this kind of thing. I'm seeing a lot that use obsolete server parts, but either those parts are no longer available, or they've gone up in price so much that it just doesn't make sense compared to current consumer stuff.

dell r210ii are pretty common picks, there about 100 bucks used, pretty quiet, and more than enough horse power.

 

 

 

what bandwidth are you working with? Id be tempeted to get a nuc or simmilar, even lower power.

[Z3R0 CHANC3]

Yeah but even that Noctua isn't very expensive...but I didn't think the 8100T came with a cooler.

 

I'm not using a 1U chassis just because of the depth. Some of those Silverstone cases are only 9" or so deep.

 

Right now I'm at 300/30 speeds but Gigabit is available here, though I'm still hoping that ATT gets fiber to my neighborhood.

[Electronics Wizardy]

48 minutes ago, Z3R0 CHANC3 said:

Yeah but even that Noctua isn't very expensive...but I didn't think the 8100T came with a cooler.

 

Im pretty sure it has a stock cooler.

 

Also is the 8100t cheaper? Might as well get a 8100 or 9100 if there near the same price.

 

48 minutes ago, Z3R0 CHANC3 said:

I'm not using a 1U chassis just because of the depth. Some of those Silverstone cases are only 9" or so deep.

Id still look for a nuc or simmilar

 

49 minutes ago, Z3R0 CHANC3 said:

Right now I'm at 300/30 speeds but Gigabit is available here, though I'm still hoping that ATT gets fiber to my neighborhood.

yea that will easily route gig fibre. I got att gig fiber, its nice, but have fun with their router box.

[Z3R0 CHANC3]

4 hours ago, Electronics Wizardy said:

Id still look for a nuc or similar

That just isn't much of an option, to be honest. Yeah there are some out there, but trying to find a good one.... well that's tough.

1. CPU - many aren't great, and the biggest reason I want to do this is to NOT have VPN slowdowns. I could just flash my router but I know exactly what kind of speeds I'll end up with-less than half of my potential speed.

 

2. Network support: dual NIC (minimum), or a PCI-E slot for the NIC I already have, or an M.2 breakout to connect a nic, outside of the case, which looks jank AF.

 

3. Or getting everything I need and spending $600+ when I can do a better box for less with off the shelf stuff.

 

 

So I can sort through hundreds of NUC/SOC setups, potentially spend even more money, or spend $400ish now on a system that is definitely overkill...but who cares, if the price is right.

[Z3R0 CHANC3]

4 hours ago, Electronics Wizardy said:

yea that will easily route gig fibre. I got att gig fiber, its nice, but have fun with their router box.

I'm assuming they convert from fiber before the router?

[Electronics Wizardy]

4 minutes ago, Z3R0 CHANC3 said:

I'm assuming they convert from fiber before the router?

yup, you get a ont. But then thta connects to their router with 802.1x, so you can't just plug your router in. You need their router to do auth.

 

7 minutes ago, Z3R0 CHANC3 said:

That just isn't much of an option, to be honest. Yeah there are some out there, but trying to find a good one.... well that's tough.

1. CPU - many aren't great, and the biggest reason I want to do this is to NOT have VPN slowdowns. I could just flash my router but I know exactly what kind of speeds I'll end up with-less than half of my potential speed.

 

2. Network support: dual NIC (minimum), or a PCI-E slot for the NIC I already have, or an M.2 breakout to connect a nic, outside of the case, which looks jank AF.

 

3. Or getting everything I need and spending $600+ when I can do a better box for less with off the shelf stuff.

 

 

So I can sort through hundreds of NUC/SOC setups, potentially spend even more money, or spend $400ish now on a system that is definitely overkill...but who cares, if the price is right.

How about this guy? https://store.netgate.com/SG-3100.aspx

offical pfsense support, and ready to use.

 

Or go more diy with this guy

 

https://www.amazon.com/Pfsense-Q330G4-I3-4005U-4Gigabit-Firewall/dp/B074XNYHL4/ref=sr_1_7?dchild=1&keywords=mini+pc+router&qid=1590285032&s=electronics&sr=1-7

 

ALso, do you need pfsense, There are other options like untange and opnsense, that I like more.

[Z3R0 CHANC3]

6 minutes ago, Electronics Wizardy said:

yup, you get a ont. But then thta connects to their router with 802.1x, so you can't just plug your router in. You need their router to do auth.

 

How about this guy? https://store.netgate.com/SG-3100.aspx

offical pfsense support, and ready to use.

 

Or go more diy with this guy

 

https://www.amazon.com/Pfsense-Q330G4-I3-4005U-4Gigabit-Firewall/dp/B074XNYHL4/ref=sr_1_7?dchild=1&keywords=mini+pc+router&qid=1590285032&s=electronics&sr=1-7

 

ALso, do you need pfsense, There are other options like untange and opnsense, that I like more.

My Linksys router (WRT3200) has a an ARM processor, dual core at 1.8Ghz. And it falls on it's face with VPN enabled. I'm not married to pfsense but nobody online is talking about this stuff, it seems. Nothing current, anyway.

[Electronics Wizardy]

Just now, Z3R0 CHANC3 said:

My Linksys router (WRT3200) has a an ARM processor, dual core at 1.8Ghz. And it falls on it's face with VPN enabled. I'm not married to pfsense but nobody online is talking about this stuff, it seems. Nothing current, anyway.

wht vpn bandwidth do you need?

 

You can compare a cpu like there, there is much more than core cound and clock speed.

 

why not try the router oses on a vm?

[Z3R0 CHANC3]

I'm really not asking for alternatives to the build I want to do, but thank you. I do appreciate the feedback.

[Electronics Wizardy]

1 minute ago, Z3R0 CHANC3 said:

I'm really not asking for alternatives to the build I want to do, but thank you. I do appreciate the feedback.

If you still wnt itx, Id probalby get a non t sku, use the stock cooler. Probalby get a 16gb optane m.2(faster + cheaper + probably more reliable).

 

Also just saying, if you already have a server, you can run the vpn on that for much more speed.

[Z3R0 CHANC3]

Appreciated. Though I don't already HAVE a server, I do need one (ok I'll be honest, WANT one). It may make more sense to run a VM on a server and kill two birds with one stone. That may turn out to be the genius suggestion that I hadn't really even considered.