pfSense Build 2.0

19 inches of...hardware.
Post Reply
User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1098
Joined: 02 Jan 2006, 17:00
18
Location: Mississippi, U.S.A.

pfSense Build 2.0

Post by Stavros »

This forum needs some love. So I'm going to post this here since it is going in my 6U rack I'll put it here.

Part 1: Hardware Review
First let's review my previous build:

Hardware:
  • Intel Xeon E3-1260L 45W TDP LGA155 - $36 Ebay
  • Silverstone Tek Super Slim Profile CPU Cooler - 21.99 Amazon
  • Intel DQ77KB LGA 1155 Mini-ITX Motherboard - $45 Ebay
  • 8GB 2x4GB DDR3 PC3-10600 1333MHz 204PIN SODIMM - $19.99 Ebay
  • TCSUNBOW MSATA Mini PCIe 120GB - $25.99 Amazon
  • Genuine E1G44HTBLK INTEL I340-T4 QUAD PORT NIC - $44.99 Ebay
  • T POWER UL Listed (19v 65w-90w) Ac Adapter - $19.99 Amazon
  • iStarUSA D Value D-118V2-ITX 1U Rackmount Mini-ITX Server Chassis - $51.99 Ebay
  • Noctua NF-A4x10 PWM (2x) - $27.90 Amazon
  • Electop 4 Pack Case Fan Y Splitter, PWM Cable 4 Pin 1 to 2 Converter (4 pack) - $8.99 Amazon
Section 2: Lessons Learned
Originally I wanted this box to do a lot: route, VLAN,IDS/IPS, adblock (via pfblockng). It did everything I asked of it, though the only thing I never got around to was setting up IDS/IPS vis suricata. Now I don't really care about IDS/IPS. I really just want a stable router as I've run into another issue: overheating. I'm not sure why it's over overheating. I'm not sure if dust has gotten in the HSF (I've blown it out) or the Intel NIC card is too hot. The chassis I chose in retrospect isn't that great as it doesn't have great thermals. And if I'm going to rebuild I certainly don't want 40mm fans running at full speed.

So what are my goals this build:
  1. Thermals
  2. Loudness
  3. Power draw
Part 3: Build Planning
In this iteration I've decided to take a radical departure. Instead of using a traditional CPU/Motherboard combo I've opted for an Intel SoC (System on a Chip). I'm looking at the ASROCK J4125B-ITX and ASROCK J5005-ITX, although I"m leaning towards the J4125B-ITX as it has a larger PCIe connector leaving me with more NIC options. Both of these are 10W CPUs. Since the J4125B was released in Q4'19 and the E30-1260L was released Q2'11 I wanted to compare performance to see how much performance I'm sacrificing. Here's the Passmark comparison. Surprisingly only a 26.4% difference. Passmark rates the E3-1260L 2.4Ghz as 4080 and single core as 1424, where the J4125 rates at 2984 and single core at 1169 (a 17.9% difference). I believe the E3-1260L surpasses so much in the top mark as it has hyperthreading where the J4125 does not have hyperthreading.

As far as SSD and Memory go I'm planning on using a traditional SATA Crucial BX500 200GB SSD and 16GB Crucial DDR4-2400 17CL SODIMM kit. I have to brag because I got them both for $8 a piece. A savings from retail of roughly $85.

As far as chassis, PSU and NIC go I'm not sure. I'm considering upping to a Rosewill RSV-Z2700U since I have 2Us free in my 6U network rack. Though I do want to add sliding rails for easier access. Also for NIC I'm considering going to an i350-T4. I'd love to put an x540-T2 in it but I don't know if the motherboard can handle it. I'd love to be ready for >1GB internet, but more than likely it'll be time to rebuild by the time that happens.

Edit 7/19/22:
So after much wracking of brains I decided on a chassis and power supply. I picked an Athena Power RM-1U100DM and paired it with a SuperMicro PWS-201-1H. I got the Chassis for $138 from Newegg and the PSU for $64 from Ebay. I could have gotten the PSU from UK for $20 cheaper, but I didn't want to wait 2 weeks for shipping.

This should put my build at roughly $350. I was hoping to keep it under 300, but considering what a an equivalent NetGate pfsense appliance costs it's still a good deal. I think the chassis I picked this time should be better since it has 4 40mm fans (I know it's not going to be super quiet), but the PSU should be pretty quiet.

The NIC should be in by Thursday. The J4125B-ITX should be in on Monday. The PSU should be in sometime between Sat, Jul 23 - Wed, Jul 27. Not sure when the chassis should be in. I also bought some half height brackets for the NIC.

Edit: 7/26/22
The Supermicro PSU does not work with this chassis. Two problems: 1) The psu does not fit the chassis. None of the holes to screw in the PSU line up. It looks like it's designed only to work with Supermicro chassis. 2) The power cable (20 pin) doesn't reach to the motherboard.

Image
Image
Image

I was able to spin up the 4x 40mm fans to see how loud they are and honestly they aren't that loud. This is going to be about as quiet as my current build. The HSF on the old build was the loudest part (especially when the fan is unbalanced and makes a clicking sound).

So I eneded up changing it out with a Flex PSU, specifically a FSP Group FSP250-60FAG. It's a desktop PSU designed for small form factor cases which also happens to work for 1U cases. That actually makes my build slightly cheaper and in line with my previous build. The PSU I got for 23.99 bringing the grand total to about $305.

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1098
Joined: 02 Jan 2006, 17:00
18
Location: Mississippi, U.S.A.

Re: pfSense Build 2.0

Post by Stavros »

Issues with this build
This build has been a test in patience. So I last left off with the PSU not fitting. I got the new Flex PSU (250 Watt) and it fits in the case perfectly. So I plugged in the RAM, NIC, connected to HDMI and...mothing. Borrowed a VGA cable from a friend and still nothing. I ended up buying a motherboard speaker/beeper to see what the beep code would do (if anything I wasn't willing to rule out bad MOBO). After installing the motherboard speaker I got three long beeps with one stick and nothing with the other, but still no video. So, I ordered some more (2x 8GB Crucial Memory). And waited some more.

Well, turns out the RAM I got for $8 is bad. Some times the good deals are too good to be true. So for about $45 I got another pair of SODIMM DDR4 RAM. The memory is new memory kit is going through a 4 pass Memtest86 battery. I'm not sure if I want to run Prime95 on the CPU though I know it wouldn't hurt.

So when it comes to MiniITX custom builds, ALWAYS get a motherboard speaker/beeper otherwise you will never know what the beep code is and troubleshooting without any sort of guidance is impossible. Even with the beep code I had to do a lot of google as the ASRock book doesn't have an error code appendix. And the best I came up with was someone saying three long beeps is "possibly a memory error". So one ding against the J4125B-ITX.

Next update will be tidying up and installing pfsense.

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1098
Joined: 02 Jan 2006, 17:00
18
Location: Mississippi, U.S.A.

Re: pfSense Build 2.0

Post by Stavros »

Problems, Problems and More Problems
This project has become a huge pain in the ass. So I got new RAM and installed it. I installed pfSense, however I kept running into issues. Booting and rebooting would hang. I think it has something to do with UEFI BIOS. I still can't nail down a reason. Then I decided I'd install OPNsense and see if it worked however I ran into the same issue.

So I built my pfsense box with a DQ77KB and a Xeon E1260L. This board is EOL and I ran into an issue where the Heatsink fan would spin and stop. It was not sufficiently cooling the HSF for the 1260L. To throw another kink in this intel, in it's infinite wisdom decided to remove all EOL drivers from its website. I managed to find a forum post that backed up all of the latest drivers for it and managed to update it. That appeared to solve the HSF problem.

So now I'm in a quandry. I don't know if it's worth doing this anymore. So here's my thought process and I want someone to chime in. I originally wanted three things Thermals, Loudness and Power draw. I'm not sure if dropping down to an embedded CPU would actually net me any savings. I would however like to eliminate heatsink with fans. That way if any fan goes out on the new build I just replace an 80mm case fan. As far as loudness goes it's about as quiet as the current pfsense box with just 4 80mm fans (which isn't that loud at all).

Also a little bit of research I'm unsure a J4125 would be able to do line speed WireGuard VPN. I know it's powerful enough for VLANs, but if I add anything like IDS then I'm not sure it'll be powerful enough. So I'm debating on shelving this project and running on the pfsense until I absolutely need to or go back to the drawing board and go with a low powered CPU (not embedded) but something like a AMD Ryzen 5 4600GE (comparison). Definitely want something low power enough that it only needs a heatsink without fan.

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1098
Joined: 02 Jan 2006, 17:00
18
Location: Mississippi, U.S.A.

Re: pfSense Build 2.0

Post by Stavros »

I give up. I've had hell with the Asrock J4125B-ITX board. It would boot and sometimes on reboot it would hang or go into a boot loop. To make it worse there have been no BIOS updates since the initial on Asrock's site. I think instead I'm going to support the opnsense project and buy an Opnsense appliance. Could I take my time and build something cheaper? Of course! Why don't I? Well, have you tried looking for 1U cases with front facing ports that are network depth? (With the exception of a SuperMicro server it's impossible. But if I'm paying that much I might as well support the project.) Trying to find the proverbial needle in a haystack is not what I want to do anymore. Instead I think I'd rather buy an opnsense appliance and basically never have to worry about it for the next 20 years. Or until multi-gig internet becomes common. I've got my eye on the Opnsense DEC3850.

Post Reply