Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2 3 ... 8

Author Topic: Ronski's Pfsense router build  (Read 8788 times)

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2309
Ronski's Pfsense router build
« on: November 26, 2016, 08:58:22 PM »

I have for a long time been wanting something with a better firewall than a bog standard router, and having seen Chrysalis build decided to build a Pfsense router myself.

I've decided to use a Qotom QOTOM-Q190G4-S02 Mini PC, which has 4 Intel LAN ports, the S02 version will take a 2.5" SSD, the S01 version is slightly smaller, and only takes an Msata drive

Purchased from Amazon, cost is 130.90 + 16 shipping
I've also ordered 8GB of memory, 4 should of been plenty, but at 30 it was not much more than 4GB.
I have a 80GB Intel SSD which is spare, so will be using this as storage.

There's a thread on the PFsense forums with quite a lot of useful info.

I've never used Unix/Linux before so this might be a bit of a learning curve, hopefully it will all go well.

Edit.

Install guide is here, which I documented as I went along with a lot of help from Chrysalis and others.

When taking the case apart make sure you undo the screws on the base, not the sides. Only minor problems I've noticed is the Sata cable is very tight against the side, and when installing the drive, hopefully it will be OK. I also had to use a USB lead to plug my USB thumb drive into as there are only two ports and they are close together.

Some pictures of the hardware.










« Last Edit: December 10, 2016, 11:21:21 PM by Ronski »
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4951
Re: Ronski's Pfsense router build
« Reply #1 on: November 27, 2016, 12:59:15 AM »

yeah at 30 thats a nice find, mine was 24 and the 8 gig for the same brand was 41, but I think 8 gig for 30 is a good find. :)  Rest looks good also. :)

I suggest following what I posted regarding ssd alignment and trim. :)
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Chunkers

  • Reg Member
  • ***
  • Posts: 312
  • Brick Wall head-banger
Re: Ronski's Pfsense router build
« Reply #2 on: November 27, 2016, 05:05:51 AM »

This is cool, I think @Chrysalis and @skyeci have a lot to answer for ...

I like your choice of unit, 4 LAN intel LAN ports, 2Ghz quad core and 8 Gb RAM with only 10W power consumption seems almost too good to be true!  I like how it has a VGA out so you don't need to faff around with serial comms like I will with the APU2 I have bought.

Look forward to seeing how you get on, as far as I am concerned the more people using pfSense on here, the more likely I will be able to get some help!

I have never installed the FreeBSD flavour of Unix before either but I have installed Linux on lots of different things and have generally found it to be really easy, easier than Windows even, due to its wide compatibility and tolerance of old / legacy hardware and the abundance of helpful people on forums  ;) .

Good luck, keep us posted!

Chunks
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4951
Re: Ronski's Pfsense router build
« Reply #3 on: November 27, 2016, 06:08:07 AM »

Is the apu2 serial out only?

Mine has dual hdmi, I never went with the apu2.

In terms of overall value, ronski I would say has picked the best unit tho assuming of course it actually works, on mine I have already removed the wireless card (which by the way is not  detected by pfsense), so if I add the intel nic's the mini pcie is already empty ready for use. Also the bios on my unit is enterprise stuff, lots of options I typically only have seen on server motherboards.

If I had found ronski's unit first before finding mine, would have I ordered it? I was specifically looking for a aesni cpu, but given the price and the inclusive 4 intel lan ports I think I would have done.  I did a bench on my unit which I posted the results in my thread, and even with aesni disabled its more than a dozen times faster than high end consumer routers on the market, and this unit ronski picked has more raw horsepower than mine.

Both units are significantly faster than the apu2 tho, so I am no longer feeling bad I skipped on the apu2 especially as I can simply add a mini pcie to get native intel ports, as serial access only would bug me.
« Last Edit: December 02, 2016, 04:42:28 PM by Chrysalis »
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Chunkers

  • Reg Member
  • ***
  • Posts: 312
  • Brick Wall head-banger
Re: Ronski's Pfsense router build
« Reply #4 on: November 27, 2016, 07:26:50 AM »

Is the apu2 serial out only?

Yep, so you need to add the cost of a null modem cable / serial interface if you don't have already, plus its faffy

In terms of overall value, ronski I would say has picked the best unit tho assuming of course it actually works, on mine I have already removed the wireless card (which by the way is not  detected by pfsense), so if I add the intel nic's the mini pcie is already empty ready for use. Also the bios on my unit is enterprise stuff, lots of options I typically only have seen on server motherboards.

Found this on arstechnica forum discussing the QOTOM unit :

Quote from: Some Random Dude
Also, I've used the Qotom system mentioned in the article. Specifically, I've used the Qotom Q190G4. Beware that while it's advertised as having a mini PCI-Express on-board expansion slot for a wireless card, it actually has a plain mini PCI slot. Consequently, the Q190G4 is not suitable for use as a high performance wireless router.

If I had found ronski's unit first before finding mine, would have I ordered it? I was specifically looking for a aesni cpu, but given the price and the inclusive 4 intel lan ports I think I would have done.  I did a bench on my unit which I posted the results in my thread, and even with aesni disabled its more done a dozen times faster than high end consumer routers on the market, and this unit ronski picked has more raw horsepower than mine.

Both units are significantly faster than the apu2 tho, so I am no longer feeling bad I skipped on the apu2 especially as I can simply add a mini pcie to get native intel ports, as serial access only would bug me.
Yep, when I add the pennies up I think I would have been better getting a QOTOM unit as it seems much more powerful than an APU2 unit and just as power efficient - I am pretty sure the APU2 will more than meet my needs however.

Chunks
Logged

skyeci

  • Reg Member
  • ***
  • Posts: 956
Re: Ronski's Pfsense router build
« Reply #5 on: November 27, 2016, 10:33:12 AM »

Serial interface on the apu2 works fine and you only need it on the first install, but handy of course in case something totally fails. I used a 9 cable from amazon. Usb stick serial install etc..
Never seen the cpu more than 23% so far on the odd chance  it actually gets any stress  ;D
Logged
Sky Fibre Pro -  billion 8800nl v1 (bridge mode) + PFSENSE (APU2C4) 2.4.0 with ipv6 , AC-88U WAP- ECI cab, G.INP disabled as of 8th April 2016

http://www.mydslwebstats.co.uk user upload ID skyECI (using a pi3)

d2d4j

  • Reg Member
  • ***
  • Posts: 544
Re: Ronski's Pfsense router build
« Reply #6 on: November 27, 2016, 11:56:30 AM »

Hi

I hope you do not mind, but as we use pfsense along with other firewalls/systems I thought I would show you some stats from 1 of our installations (certain details have been deleted) as below

Many thanks

John

This Month (to date, does not include this hour, starting at day 01):

Bandwidth

In 329490 MBytes
Out 4146200 MBytes
Total 4475690 MBytes

Last Month:

Bandwidth

In 424860 MBytes
Out 5274777 MBytes
Total 5699637 MBytes
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2309
Re: Ronski's Pfsense router build
« Reply #7 on: November 27, 2016, 07:06:07 PM »

@Chrysalis I will certainly follow your advice. Hopefully everything will arrive OK, and be OK, always a possibility something may be iffy on these lower than the norm priced items.

I will also do some benchmark tests but you'll have to explain how.

The trouble I've found with Linux, from my Android experience and what my brother says is that it might as well be written in Chinese (commands and string just seem to be random characters), and what people have often written on forums assumes the reader knows what they are on about.

Memory should be here tomorrow, but the PC is estimated to arrive on 9 December, still gives me plenty of time to watch the rest of those videos and read up and get stuff ready.

I'm not planning on putting a wireless card in it, I may just rely on my AC AP which is in the loft or get another AP for downstairs if coverage is not good enough, at the moment my modem/router also has wi-fi so coverage is good.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2309
Re: Ronski's Pfsense router build
« Reply #8 on: December 02, 2016, 01:13:48 PM »

The memory arrived Monday,  and the Qotom PC arrived this morning. It was shipped from the Netherlands so no import duty.it looks good and feels solid, and even has a uk power cable.

I'll post some pictures as things progress.

Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2309
Re: Ronski's Pfsense router build
« Reply #9 on: December 03, 2016, 09:33:15 PM »

@Chrysalis I have PFsense installed and I'm looking at the options screen, the one with options 1 to 16.

ok some information for those using pfsense with an ssd.

The pfsense devs are using an old way to configure partitions, in short they -

dont enable trim
dont align partitions to 4k alignment
and they also enable SUJ which I think is best disabled on an ssd.

to fix the alignment follow this guide https://forum.pfsense.org/index.php?topic=86139.0
if you try to do it all manually pfsense will rewrite the partitions, but I have confirmed the above guide does lead to a 4k aligned partition.

Now this is what I mean about it might as well be in Chinese, you say follow the guide, but all the link basically says is to run a couple of commands, it doesn't say when or where?
Actually it says he did that before using advanced install, which would make sense but not where or how?

Could you perhaps give some clearer instructions for a complete noob to this please and the following, assume I know nothing  :)

Quote
The commands to enable trime and disable soft updates journaling are.  (assuming the ssd is on ada0, which it will be if its the only sata device)

Code: [Select]
tunefs -t enable /dev/adas0p1
tunefs -j disable /dev/adas0p1

Less important is to have the swap on a swapfile not partition as the partition wont utilise trim, but I think its unlikely a pfsense box with at least 4 gig of ram will even use the swap.

bottom of this page is a couple of commands to make the swapfile http://www.wonkity.com/~wblock/docs/html/ssd.html

so

Code: [Select]
mkdir /usr/swap (although can be put anywhere you like)
Code: [Select]
dd if=/dev/zero of=/usr/swap/swap bs=128k count=16384 (2 gig swap)

add these 2 lines to /etc/fstab

Code: [Select]
# Device        Mountpoint      FStype  Options                         Dump    Pass#
md99            none            swap    sw,file=/usr/swap/swap,late     0       0

then after run
Code: [Select]
swapon -aL

I will post those pics at some point.
« Last Edit: December 03, 2016, 09:36:44 PM by Ronski »
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4951
Re: Ronski's Pfsense router build
« Reply #10 on: December 04, 2016, 12:15:33 AM »

ok will do tomorrow.

for the 4k alignment tho you will need to reinstall pfsense, as that has to be done prior to completing the install.
the trim enable can be done anytime but if you dont do it before you reboot after installation to set it requires booting the system up from the rescue disk, as you cannot toggle trim when its mounted.

I also just noticed the fstab is not enough to auto mount the swap file so I need to look into that and will edit the guide.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2309
Re: Ronski's Pfsense router build
« Reply #11 on: December 04, 2016, 10:48:20 AM »

@Chrysalis,  Thanks, I'll look forward to it.

I need to update my switch as it only has 16 ports, so have been using the ports on the existing router.

Would the Netgear JGS524E-200EUS ProSAFE 24 Port Web Managed (Plus) Gigabit Ethernet Switch be a good choice?

At this moment in time I don't think I need a managed switch, but cost and power usage is not much more than say a Netgear GS324-100EUS 24-Port Gigabit switch.

When you start looking there are so many model's and choices, and thats just in the Netgear range  :-\
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4951
Re: Ronski's Pfsense router build
« Reply #12 on: December 05, 2016, 07:13:31 PM »

Sorry got tied up and right now am feeling pretty tired.

Basically when you boot pfsense from the usb stick, choose to boot to single user mode.
After thats done run the commands he provided on the shell.
When the commands have been ran typing exit if I remember correctly will cause it to boot into the installer, but if I dont remember correctly, then just reboot again and boot it normally into the installer, when at the installer you want to choose skip as much as possible on the partitioning questions, eventually you wont be able to skip anymore and then you choose the ssd partition, it will rerun partition commands, but wont completely wipe what has been set and you should end up with a 4k aligned partition.

After the installer has finished, there should be an option where you can exit to the shell, if you do that then you can run the command to enable trim.  After thats ran type reboot to reboot.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2309
Re: Ronski's Pfsense router build
« Reply #13 on: December 05, 2016, 07:30:49 PM »

Thanks for the info, how can I check if I have a correctly aligned partition?

Found these links, but not much info

https://forum.pfsense.org/index.php?topic=44955.0

Actually there's some info on the following page, and from that I think I can work out if it's 4k aligned.

https://dan.langille.org/2013/01/25/aligned-versus-not-aligned/

You really would think that the Dev's of Pfsense would build in 4k alignment and have trim enabled, any idea why they haven't?
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4951
Re: Ronski's Pfsense router build
« Reply #14 on: December 05, 2016, 07:39:06 PM »

I asked and I got a vague answer telling me to chill its been fixed in the next version of pfsense. :)

pfsense doesnt even use GPT yet either.

However gpart can be used to check if its aligned, here is what mine looks like so you can compare, you basically want to see starting sector of 504 for the partition

[2.3.2-RELEASE][admin@pfSense.localdomain]/usr/local/pkg: gpart show ada0
=>       63  117231345  ada0  MBR  (56G)
         63        441        - free -  (221K)
        504  117230904     1  freebsd  (56G)
« Last Edit: December 05, 2016, 07:47:39 PM by Chrysalis »
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab
Pages: [1] 2 3 ... 8