What's new

New Router + UTM

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I've been looking for a 2.0 GHz, AES-IN processor (laptop class for efficiency), 4G RAM, 32G SSD, preferably fanless. Used or new, sub $200.

Qotom/Protectli are the most common choices for ready-made commercial product. All other Thin Client/SFF/USDT options are DIY. Both options have pros and cons, it's completely up to you to decide. What you are looking at can do VPN speeds up to what most commercial VPN services offer.

pfsense.org notes NIC card quality is important and strongly recommends Intel over other mfgs.

Yes, especially of you are building a corporate server to run pfSense on. For home applications up to Gigabit speeds and nothing really extremely critical Realtek 8111 series NICs are fully supported in FreeBSD and run good enough without creating any issues. Intel NICs are preferable, but not mandatory.

I plan to run most devices (home office/household) through the VPN

Many people start with this same idea (including me), then change the plans later based on user experience. The reasons why I personally do not run VPN Client on the router anymore are explained in this post:

https://www.snbforums.com/threads/c...er-to-asus-rt-ac86u-ac2900.62304/#post-556363
 
So, even just ballpark, any idea on how fast you want to be able to go with this thing, and what services you're looking to run apart from the ordinary stuff (NAT, FW, DHCP, DNS, etc.)?

On the technical side, I have no idea, literally. I think all I have is 'ordinary stuff'. I know what my ISP is delivering, and what devices are used. That's about it. From user standpoint, there's the 'family' factor...no down time and same web surfing speeds.
 
Last edited:
On the technical idea, I have no idea, literally. I thing all I have is 'ordinary stuff'. I know what my ISP is delivering, and what devices are used. That's about it. From user standpoint, there's the 'family' factor...no down time and same web surfing speeds.

My advice to you is to get an RT-AC86U/RT-AX88U home router. No matter what happens to the idea of VPN Client on the router, at least you have usable piece of equipment. What you are going to use this x86 router box for if you find pfSense, Untangle, Sophos, whatever you decide to test... is exactly not what you expected it to be?
 
Well, I was initially looking into upgrading my router to a newer ASUS, based on past experience. But CNET recommended mesh routers, especially if you have dead spots, which I do. After further reading, I decided I wanted to take advantage of ethernet backhaul, which led me to ASUS AC86U aimesh with merlin. But aimesh is buggy and user forum and Amazon reviews weren't kind to this router, so, after additional reading, and a tad more cash, I decided a router with POE and APs was the ticket. Then some 'How To' blog noted VPN providers have device limits which led me to x86 routers w/APs which would give me more customization than I could shake a stick at. But poorly spec'd x86 boxes may under perform using OpenVPN, which led me to look for x86 routers with laptop class 2.0 GHz processors for efficiency that support AES-IN and have 4G RAM, 32G SSD and intel NICs for good measure. So after all this, <joking> you think I should go back to the ASUS router? <joking/>

I knew I was going down a rabbit hole as soon as I started considering replacing router firmware, and yes, I have thought that putting together a pfsense box might not be the holy grail that I seek. But I'm the type that likes to know all my options. Regardless, I have learned a lot and appreciate the help found on this forum and others.
 
You are way over thinking this. Pretty much any modern Intel CPU that supports AES-NI will handle your basic pfSense requirements. Do your shopping based on price and power usage. Unless you are rockin' true symmetric 1Gbps with IPS enabled, you probably won't even phase the CPU much. I'm on an older i5 (3rd gen?) with no issues, and I have several co-workers running on 1-2 year old Celeron boxes with 1Gbps Internet as well.

There is no single correct answer here on what you should buy. There are just so many options out there.
 
I'm on an older i5 (3rd gen?) with no issues...

If this older i5 CPU is a desktop version (like the one in my router), it's actually stupid fast for pfSense. I'm using it just because I have nothing else to use it for and it runs at 1.6GHz to keep the box cool and quiet. Full speed 4 physical cores at 3.8GHz can process busy corporate network traffic. I don't need that, of course, and I don't have 10Gbps ISP/NICs/Network.
 
Mine is a HP Elite 8300 SFF with an i5-3570 which runs at a max of 3.4GHz. I have never confirmed if power management works under Sophos XG or not. Even if it were running at max speed, it has half the power usage of my previous x86 box. Now making me go on the google hunt to see if the XG supports anything....and again re-considering a flip over to pfSense or OPNSense, but I have so many hours invested in getting my FW setup exactly how I want it.
 
Mine is a HP Elite 8300 SFF with an i5-3570

Same here, HP 8300 USDT with i5-3570. This CPU has Turbo up to 3.8GHz (2 cores) and 3.6GHz (4 cores). Intel SpeedStep is working on a hardware level, so with no load the CPU goes down to 1.6GHz anyway, but to prevent unnecessary power draw and heat I have disabled Turbo in BIOS and locked it down to 1.6GHz via PowerD in pfSense. With fans on minimum the CPU temp doesn't go over 42C.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top