Netgate SG-3100 vs DYI pfSense Build
By - Antonioxsuarez
What is your connection speed and how fast do you want the VPN to run? Your throughput needs will determine what hardware would suit best.
While possible, running PoE directly from your NICs is not the normal way of doing it. Using a switch or injectors is the normal way of supplying PoE. Also bridging ports in in software is a giant waste of CPU power. You should not have multiple non-switched router ports on the same LAN subnet.
I get about 980mbps down without a vpn. With my vpn I get \~145mbps down which I think is sufficient for when I am using it. I use Steam a lot, so I'm constantly deleting and downloading big games, that's usually when I get off vpn. But then when I'm browsing the web I'll turn it on. Okay so I guess the injector is my best bet. And I'm really sorry I'm still a noob but that last sentence hurt my brain, ELI5?
An SG-3100 will *route* 1 Gbps, but just barely. It won't do anywhere close to 1 Gbps in a VPN and even 145 Mbps is a struggle. It also will be severely limited in speed if you run Suricata. A PC based router for around the same $ will be far more powerful, but be slightly less power efficient.
> And I'm really sorry I'm still a noob but that last sentence hurt my brain, ELI5?
Some routers including most home routers have built in switches. That means LAN traffic between the ports never actually hits the router's CPU, the switch ASIC handles that and is massively more efficient at doing so.
A PC with multiple network interfaces is not a switch. ALL traffic has to go through the CPU. So if you have multiple ports on the same LAN segment has to be processed by the CPU which is a giant waste of processor. Let CPUs do routing, let switch ASICs do switching.
Thank you for that explanation, I completely understand now. Can you give any hardware recommendation for a router based pc for that price range, or guide me to where I might find such recommendations?
I see a lot of people buying a HP T730 thin client for DIY pfSense builds. You can put a x4 width PCI-E card in them. I have a T730 with a dual gigabit NIC.
They’re pretty beefy, I’ve installed ESXi hypervisor on it and I plan to run pfSense as a VM with a few containers on the same box.
I’m not sure how much they are in your part of the world (I’m in the UK) but I’m pretty sure it’s a lot cheaper than $399.
So I've seen a couple of videos on pfsense builds and I'm leaning towards getting:
Motherboard: Gigabyte GA-B75TN
CPU: Intel E3-1260L 2.40Ghz Quad-Core (supports AES-NI)
Though I'm hoping to find a motherboard that has dual gigabit lan nic as I only need one for WAN and one for LAN (to the switch). But that also doesn't require a 24-pin power cable, I prefer an external battery brick to power it.
If you're just running this at home and you're going pfSense, you are SOOOO much better off finding any 5-6 year old desktop and running it on that. You can find an old Dell Optiplex or similar HP/Lenovo for probably <$50 and a 4-port gigabit NIC for less than $20 on craigslist. Install pfSense on that an you're golden. $399 is pretty damned high.
edit: I should not I run an all-Unifi setup at home -- USG, US-8 switch, UAP-Lite AP, with some dumb switches thrown in for good measure.
You are forgetting the power consumption factor though..
I'm not forgetting it. It's going to take a LONG time for a desktop with a 65W tdp chip to cost more than the $400 initial cost Netgate router.
Depends on your power bills.
In Australia that device uses about 2c/hr in power alone.
So under 2.5years to recoup that cost. And 65w is a pretty lowball figure for total system power draw, with a couple of NICs.