cheap pfsense hardware w/aes-ni?

Jannis Jacobsen

Active Member
Mar 19, 2016
350
72
28
42
Norway
Considering building a pfsense or opnsense box for home use.
500/500 fiber connection.
would like decent performance with suricata, vpn ++

Been looking at the mbt-4220 system for $199, but they don’t ship to Norway, and I’m not sure how much vpn performance I’d get.
2Gb ram is also not much, if I were to run various plugins.

-j
 

zer0sum

Active Member
Mar 8, 2013
388
142
43
I don't use Suricata/VPN right at this moment, but I can max out my 1G link with a standard sort of config...

upload_2018-12-10_13-33-26.png
 

nthu9280

Well-Known Member
Feb 3, 2016
1,588
440
83
San Antonio, TX
OpenVPN speed will be limited to 130mbps. CPU was about 50% on both cores during the VPN test. Then you have additional load due to surricata. Simple routing of 1gbps is not a problem.

The linked thread should have the metrics.
 
  • Like
Reactions: Jannis Jacobsen

zer0sum

Active Member
Mar 8, 2013
388
142
43
It's really hard to beat the T620 plus and a HP NC365T quad port NIC :)

I paid just under $100 for both delivered in days from Ebay. Really impressed so far!
 

mstone

Active Member
Mar 11, 2015
505
117
43
42
How about an pcEngines APU2 board - dead stable - PC Engines apu2 system boards.
I used to recommend these, and bought quite a few, but their ongoing inability to deliver a stable firmware update has made me throw in the towel. For a long time I just told people that if it was stable for them out of the box then just go with it, but don't ever expect any promised features or bug fixes to materialize. Now I've decided that level of support is just not good enough to keep rewarding (after literally 4 years of hoping they'd get their act together).
 

Jannis Jacobsen

Active Member
Mar 19, 2016
350
72
28
42
Norway
Oh, I’m also not sure if pfsense is what I’ll use.
I have been looking at pfsense, opnsense, sophos utm, untangle homepro.
Sophos is kinda interesting, but not sure if 50 ip’s will be enough.
Untangle sounds nice, but It’s a bit «unknown» here in Norway.

any input to make it easier/harder to choose? :)

-j
 

ullbeking

Active Member
Jul 28, 2017
395
33
28
41
London
It's really hard to beat the T620 plus and a HP NC365T quad port NIC :)
I'm seriously thinking about a combination like this too. But I have a couple of questions first that perhaps you'd know the answer to:
  1. Why the HP NC365T quad-port NIC? Doesn't the T620 PLUS already come with four NIC ports? Or was this additional made to expand the thing to eight ports? (In which case this would indeed be awesome.)
  2. Is the additional HP NC365T using the same model of controller as the on-board NIC's?
  3. Would an Intel quad-port NIC would work well?
  4. What are you using it for? (pfSense vs OPNsense, what sort of configuration, how much RAM and SSD's, etc?)
Thanks!!

ullbeking
 

Jannis Jacobsen

Active Member
Mar 19, 2016
350
72
28
42
Norway
I'm seriously thinking about a combination like this too. But I have a couple of questions first that perhaps you'd know the answer to:
  1. Why the HP NC365T quad-port NIC? Doesn't the T620 PLUS already come with four NIC ports? Or was this additional made to expand the thing to eight ports? (In which case this would indeed be awesome.)
  2. Is the additional HP NC365T using the same model of controller as the on-board NIC's?
  3. Would an Intel quad-port NIC would work well?
  4. What are you using it for? (pfSense vs OPNsense, what sort of configuration, how much RAM and SSD's, etc?)
Thanks!!

ullbeking
1. this is hp branded intel card afaik, no, no quad port default, some had a fiber card
2. no,intel based
3. see 1 and 2

-j
 

ullbeking

Active Member
Jul 28, 2017
395
33
28
41
London
1. this is hp branded intel card afaik, no, no quad port default, some had a fiber card
2. no,intel based
3. see 1 and 2
Ahhh, thank you @Jannis Jacobsen, that clarifies a lot for me. When I looked at the rear view here: https://www.servethehome.com/hp-t620-plus-thin-client-and-firewall-vpn-appliance/ I thought that those four NIC ports were stock, on-board Ethernet ports.

Now I've wrapped my head around it a bit more and I realize that the "PLUS" designation means that you get the x4 PCI-e slot in which one may install a 4-port NIC... so this means the photo in that link already had non-stock hardware installed. And therefore, getting a "PLUS" instead of a non-PLUS, is pretty much mandatory for the use cases we're discussing here. Have I got this right?
 

WANg

Well-Known Member
Jun 10, 2018
794
438
63
Ahhh, thank you @Jannis Jacobsen, that clarifies a lot for me. When I looked at the rear view here: https://www.servethehome.com/hp-t620-plus-thin-client-and-firewall-vpn-appliance/ I thought that those four NIC ports were stock, on-board Ethernet ports.

Now I've wrapped my head around it a bit more and I realize that the "PLUS" designation means that you get the x4 PCI-e slot in which one may install a 4-port NIC... so this means the photo in that link already had non-stock hardware installed. And therefore, getting a "PLUS" instead of a non-PLUS, is pretty much mandatory for the use cases we're discussing here. Have I got this right?
Well it's not just a PCIe slot.
HP makes 2 models of the t620 thin client. The t620 (left) and the t620 Plus (right)




The stock t620 is a thin client with a dualcore AMD Jaguar based APU (GX217GA), 2 RAM slots, 2 displayports and mSATA. The t620 Plus has a quadcore AMD Jaguar APU (GX420CA), 2 RAM slots, 2 displayports, mSATA, and a PCIe 2.1 x4 slot typically used to house an optional AMD FirePro 2270 video card (practically worthless) providing an extra 2 displayports. The t620 is what you buy if you need to drive 2 2560x1600 screens, and the t620 Plus is what you'll buy if you need to drive 4. If you want 6, that's t730 territory.

So to summarize, t620 gets you a dualcore APU, t620 Plus gets you a quadcore APU and a PCIe 2.1 x4 slot.
 
  • Like
Reactions: ullbeking