Pfsense/opnsense build

[Memer2424]

 

These are the specs for the pfsens/opnsense build I want to make, I know it is very OP.  I just really want to future proof this for future pcie 4.0 support.

What kind of networking card should I get for now, I have gigabit internet, I am just wondering if I should get an i350-t4v2 or stick with the intel pro 1000 cards?

If so please provide links to genuine cards that are 4 port and at least gigabit, also pfsense/opnsense I do not think support Realtek.

[Electronics Wizardy]

No need for gen 4, esp for the ssd, get a cheap sata drives, or 2 for HA in raid 1

 

Get the newer i350 if your not going 10gbe.

 

Id probably get a i3 or pentium here, might as well save the money.

[Memer2424]

One thing I forgot to mention, this will be acting mostly as a vpn server.

Also the gen 4 ssd, is for very fast boot times/ caching.  The real reason I picked the gen 4 is so that if I make a change to the config file, that I can reboot it with a backup quickly.

[Alex Atkin UK]

16 minutes ago, Electronics Wizardy said:

No need for gen 4, esp for the ssd, get a cheap sata drives, or 2 for HA in raid 1

 

Get the newer i350 if your not going 10gbe.

 

Id probably get a i3 or pentium here, might as well save the money.

My specs (i5-7200U) from what I can gather are about the minimum for Gigabit OpenVPN.  So I'd probably not go below an 8th gen i3.

 

Definitely agree there is zero use for PCIe4 though, were only just getting to the point where FreeBSD can even handle 10Gbit never mind anything faster.

[Alex Atkin UK]

4 minutes ago, Memer2424 said:

One thing I forgot to mention, this will be acting mostly as a vpn server.

Also the gen 4 ssd, is for very fast boot times/ caching.  The real reason I picked the gen 4 is so that if I make a change to the config file, that I can reboot it with a backup quickly.

I've never seen a notable difference in bootup between any SSD, its almost entirely CPU and general OS initialisation bound, not storage.

 

Caching is less and less practical now almost all sites are https only, it requires dirty hacks to cache that which adds its own security issues (you can't tell if you've made a secure connection to the destination with these hacks enabled).

[Electronics Wizardy]

3 minutes ago, Memer2424 said:

One thing I forgot to mention, this will be acting mostly as a vpn server.

Also the gen 4 ssd, is for very fast boot times/ caching.  The real reason I picked the gen 4 is so that if I make a change to the config file, that I can reboot it with a backup quickly.

What are you caching? From my experince web caching really doesn't help much, esp since you have a gig connections.

 

gen 4 ssd won't boot any faster than a sata ssd, id get 2 cheaper sata ssds here.

[Memer2424]

I was thinking of caching windows updates, since I have 11 computers, but if gig is enough then 2 sata maybe the way to go.  I just want to make sure that this router is good for like 15-20 years.  I understand that I would probably need to change the network card out in the future.  If I go for 10 gig what would you recommend, that is rj45 that is also 4 port?

[Alex Atkin UK]

1 minute ago, Memer2424 said:

I was thinking of caching windows updates, since I have 11 computers, but if gig is enough then 2 sata maybe the way to go.  I just want to make sure that this router is good for like 15-20 years.  I understand that I would probably need to change the network card out in the future.

I don't think its practical to do that on pfsense/OPNsense, sadly.

[Memer2424]

4 minutes ago, Alex Atkin UK said:

I don't think its practical to do that on pfsense/OPNsense, sadly.

I think so, it is a squid proxy thing, also which would you recomend pfsese,opnsense, or windows server 2019 as a router.  I have a copy of genuine windows server 2019.

[Electronics Wizardy]

9 minutes ago, Memer2424 said:

I was thinking of caching windows updates, since I have 11 computers, but if gig is enough then 2 sata maybe the way to go.  I just want to make sure that this router is good for like 15-20 years.  I understand that I would probably need to change the network card out in the future.  If I go for 10 gig what would you recommend, that is rj45 that is also 4 port?

Yea I wouldn't bother with windows update caching. Window should already pull updates from other systems on the network, and with a gig connection the cache will the the same speed as the internet.

 

4 minutes ago, Memer2424 said:

I think so, it is a squid proxy thing, also which would you recomend pfsese,opnsense, or windows server 2019 as a router.  I have a copy of genuine windows server 2019.

WIndows server is a bad router. Id much rather go with something like untangle here if you want another option.

 

 

[Alex Atkin UK]

5 minutes ago, Electronics Wizardy said:

Yea I wouldn't bother with windows update caching. Window should already pull updates from other systems on the network, and with a gig connection the cache will the the same speed as the internet.

I've never once seen that actually work, even if I update one PC then immediately update the other, it ALWAYS pulls it from the Internet.  Its quite annoying actually as I've double checked its enabled on all PCs.

 

Like you said though, with Gigabit Internet I'd consider it kinda pointless unless you have a data cap.

[Memer2424]

The real reason I need to switch is because I  made a horrible decision on getting a LRT214  in 2015 that crashes the router when using the vpn and only getting about 15 mbits up and down through it.  That is the real reason, I am hoping that I will have a pfsense router that will last for at the very least 10 years.  I am tired of the consumer router crap, and even small business crap.  Also with the 2 ssd drives, why raid 1 have you guys ever have a ssd fail?

[Electronics Wizardy]

14 minutes ago, Memer2424 said:

The real reason I need to switch is because I  made a horrible decision on getting a LRT214  in 2015 that crashes the router when using the vpn and only getting about 15 mbits up and down through it.  That is the real reason, I am hoping that I will have a pfsense router that will last for at the very least 10 years.  I am tired of the consumer router crap, and even small business crap.  Also with the 2 ssd drives, why raid 1 have you guys ever have a ssd fail?

Yea I have multiple dead ssds. Raid 1 would be a much better way to spend the budget than getting a gen 4 nvme drive. That speed would be wasted.

 

Id personally get something like a dell r220/r230 here. There pretty cheap used, easily fit in a rack, and have good nics built in.

 

How much vpn bandwidth do you need?

 

I still think the hardware is way overkil, I have gotten gig routing on first gen i3s before, so it really doesn't take that much power.

[Memer2424]

all of the bandwidth with probably 5 concurrent( yes i mean 200 mbps up and down for each) clients, no rack, needs to be quiet, I am using full tunnels instead of split.  I went with a slim case to make sure that it fits in a triangle spaced closet that has to be no longer than 6.5 feet and no wider than about 1 foot. This is a small closet, that holds an nvr, a ups, phone stuff and alarm stuff.  Also my budget is extremely flexible.  I want high availability that will last a very long time.  I am a computer science student that is also very interested in security, so i will most likely use suricata on this machine as well.

[Electronics Wizardy]

13 minutes ago, Memer2424 said:

all of the bandwidth with probably 5 concurrent( yes i mean 200 mbps up and down for each) clients, no rack, needs to be quiet, I am using full tunnels instead of split.  I went with a slim case to make sure that it fits in a triangle spaced closet that has to be no longer than 6.5 feet and no wider than about 1 foot. This is a small closet, that holds an nvr, a ups, phone stuff and alarm stuff.  Also my budget is extremely flexible.  I want high availability that will last a very long time.  I am a computer science student that is also very interested in security, so i will most likely use suricata on this machine as well.

Yea then the only changes id make is

 

Using the stock cooler, those low profile artic coolers are about as good, and this cpu won't be under heavy load here anyways.

 

Get 2 cheaper ssds, speed won't matter, but raid 1 is nice to have.