Nice clean build. I myself choose a old Dell optiplex SFF with a 6700k and an Intell x520 dual spf+. I run a full 10g network in my house with a 10g fiber wan capped at 3.5gb. I can push all 3.5gb with this pfsense build.
Nice build. I'd personally swap the chasis fans for something like Noctua. Also Velcro strips / cable ties instead of zipties is a good choice too. No risk of damaging the cabling. Nice job overall!
Love this setup! Just digging into advanced networking now and I'm pretty much at this exact point, half rack just installed, 10G switch ordered today and now researching router builds.
great video, but I would install a fan on your external network card to get even more performance and to extend the lifespan. because these network cards are not optimized to be passively cooled they are rather designed to have a very strong airflow in the case and the server should very probably also be quiet therefore an additional fan on the network card
BIOS setting: (Intel): After Power Failure setting to Power On (Gigabyte): Restore (on) AC Power Loss to Power On (ASUS): “Restore on AC/Power Loss” or “AC Power Recovery” or "After Power Loss" I use the intel dual sfp++ nic & intel 4 x 1GBE nic One sfp++ 10GBE is vlan trunk from switch to pfsense using DAC and use pfsense to do firewall between vlans and internet connection/s. Eventually I will link aggregate the two sfp++ ports and vlan the aggregated virtual ports at both ends however that introduces some technical considerations when upgrading as to do so is a o/s driver config hack. One way around that may be to virtualise and use the hypervisor to fan out the vlans to logical interfacess passed through to pfsense vm.
I have the exact same case but have an old old Xeon with similar intel 10 g card for truenas and unraid, a 4 port gigabit nic to supply the rest of the house. I also used 2 64 gig intel ssd in ZFS “raid 1”. I was using pfsense but shortly swapped to OPNSense. It’s on a UPS along with the switches and WAP so no dropped internet in the evening of a power outage
I used an SFF HP Prodesk wiith a Core i3.6100T as an opnsense build. It idles at 13W. It was crazy inexpensive, these old office systems are all over used sites and are ideal for server builds.
For Airflow I'd route the Cables away from the MB first, then bundle them up with a Velcro Tie. The MB itself works as a Heatsink and Radiates. You created a 'Cable Blob' right next to your RAM. Besides that I like the Project.
You had to force the 2.5 Gb/s because of the Nic you are using. Its the Intel x550 chipset and technically NBASE-T was originally not supported (2.5 Gb/s and 5 Gb/s) because those speeds are not used in an enterprise environment. If you want full auto negotiation (100/1000/2.5/5/10) go with the intel x710 cards they have full support of NBASE-T & BASE-T
Great build! I was looking for a multi gig build since a long time but everything I found was a sub gig pf sense build. Curious to know what the average power draw from this thing is?
I was wondering are their ventilation slits on topcover above the powersupply or is the cover closed. I never saw that in your video.. never mind it was visible in the beginning upon rewatching.🙂
It looks good but for a secure rack I would close up the back side of the rack mount because what good does a locking front panel do if the whole back side of it is open.
i have a build now with pfsense and an hp elitedesk 800 g3 with an i7 7700 and 32gb of junk 2400 ddr4 memory along with an X710-DA4 quad port 10G SFP+ card, two single realtek 2.5G cards (will upgrade to dual intels at some point here I think) and a quad port realtek 8125 2.5G card - have to install the realtek drivers which is a pain but you can just use the intel for WAN and 10G for LAN for the install and then changeover to the 2.5G for WAN once installed....surprisingly the realteks have been ROCK SOLID and get 2.35Gbps line rate all day long....and the SFP+ cards are DIRT cheap.....nice content I dig it, keep it up!
I'd like to know how you set up pfsense with Quantum Fiber when you do make that change. I'm on Quantum Fiber's 1gig service and am thinking about building a pfsense machine as well. Pros and cons vs something like a Dream Machine Pro SE ($499) because the cost will most certainly be higher if building with new parts?
Also using an i3-8100(T) here, but with Debian because I like to config everything myself. This is router-pc v4, the first two were Atom based (N270 -> N2800), the 3rd i3-8100T where the MB died after 3 years possibly due to passive cooling (Akasa Galileo TU3 case) and then I reused that CPU/RAM/SSD in a Shuttle barebone that's been running like a charm since. Even the old Atom-systems could handle 1Gbps symmetric fiber without a drop of sweat :) , this with DPI/etc off. Unfortunately going 10Gb isn't possible with the current system, no room for expansion cards plus faster than 1Gb isn't available yet.
Looking forward to the new video with the 8x8 fiber, which is exactly what I'm working with. Looking to increase NAS to NAS VPN connection speeds and the reason I'm looking at building a router. Great video!
Couple suggestions. Don't use that style of Power supply, use the style that have fans on the rear, when you put the case top on you are going to suffocate the intake fan. Second, I would have bought a motherboard with a m.2 slot on it for a 2456g ssd.
If you're so worried about "wires trapping air" (whatever that means) why on earth wouldn't you use a modular SFF power supply? For those in the back of the class, this doesn't matter one bit.
Question, do I need a graphics card adapter if I'm using an AMD CPU instead of an INTEL? I heard that AMD doesn't have an integrated graphics but I also don't want to spend money investing an intel CPU.
Good build but I would have swapped the fans out for models with 4-pin PWM connectors. Also, as others suggested: Don't cover the opening for the PSU fan. a PSU with a rear fan might have been a better choice.
I am skeptical that this hardware can actually NAT masquerade packets at line rate. So I’m excited for the follow up once you get multi gig fiber WAN. You could also test this in a lab setting with iperf if you have two 10g capable devices.
@@wojtek-33 Good to know someone tested 10Gb on the wyzse 5070. I currently rock one with OPNsense and dual 2.5GB intel 226. Glad to know I can upgrade it later down the line.
i would have gone with more overkill specially on the cpu side. Like a i3 of the 12th gen or newer since they are also cheap and low power but the single core performance has gone up a lot which can help some things in pfsense.
@@johnnyvvlog Please explain, because I would think the SSD would be a bottleneck of some type, wouldn't it? I'm still confused. I'm just confused, and I want to understand/learn
in 2024 at least put a cheap dual 2.5Gbit/s card in that spare x1 slot for the wan so you can at least have 2 useable 10Gbit/s lan ports today, better yet get a new 4 slot motherboard [MSI PRO B550M-VC WiFi ProSeries Motherboard (AMD AM4] & populate that with more dual ports for lan use.
10Gbe NIC for future proofing, i would assume. I am doing what this guy is doing right now, LAN side that is. It is nice to have a NAS that runs data transfers up to that speed. 1Gbe is too slow, or going to be too slow eventually. Price differences of 2.5/5Gbe and 10gbe isn't all that huge anymore; opting for a much higher theoretical data transfer is best. And to further say more things here; >WAN -> Whatever Plan he will be going to, past 1gbe, his pfsense machine will have likely no bottlenecks with throughput going this route for a very long time. >LAN -> Machines communicating with each other, also no throughput issues. For how much 10gbe nics are now, throwing a few more $ won't hurt anything.
@@RyzoTM I understand that, if it were the switch. But for pfsense, that is a firewall to the WAN, which, 10Gb is a future proofing exercise in the ridiculous. The other machines aren't even connected to the pfsense. And to put a 600W PSU??? Come on man.
when you have >1gig internet, 10GbE is nice so you can use what you pay for.. He's getting 8gbit internet access so why stick to 1 or 2,5gbe? Also, even if he did stick to using 1 or 2,5gbe devices in the network, the firewall can be 10gbe so it doesn't behave like a bottleneck when multiple users get through at the same time. 10Gbe is not as expensive as it used to be. Most people would be fine with regular 2,5 but if you have a NAS or faster internet, why limit yourself?
@BenState your commend is not true. The system only uses what it need so to put a higher watt psu (witch most of are better optimized then cheaper low wattage plus) does not exactly mean that the system is using more watt than if you put in a 200 watt psu for example. Putting a higher watt psu in will probably be better for efficiency
@@aRandomHomelabber Incorrect. Look at a switch mode power supply efficiency curve, and you'll see that efficiency drops off precipitously below 50% load. Please update your knowledge accordingly.
opnsense has better driver support and much better licensing - the only thing wrong with this build essentially - using the mini mb is also abit questionable since std atx is about same price and gives you more pci slot options - molex was also a big mistake and who cares about aesthetics - nobody is ever going to appreciate the aesthetics, a few cables are not going to affect airflow appreciably #forks
@@BenState OPNsense is updated way more frequently. they don't lag behind as much as PFsense does. But eventually they get there. tbh the main reason i switched to OPN is the UI and ease of use :p
OPN isn’t even on FreeBSD 14 yet. Unless you are adding needed features or security patches, why do you want your security platform updated frequently?
@@tedsanft7420 opnsense is just better fork - better licensing is big, better driver support is big and updates are critical for a security platform - that should go without saying
Being a Firewall, and being an SSD as your primary drive, enjoy it when it fails in 6 months due to SSD failure, constant writing to it is going to make it's lifespan much LESS than a platter drive would give.....my firewall with a HDD lasted 10 years before I needed to replace it's drive, the SSD I tried gave out after 12 months. More modern does NOT always mean BETTER.
I have had my ssd for 8 yrs on my router and 12 on my server, and both are perfectly fine. I think you might have many of the standard problems people forget about and store on ssd. I use ramdisk for logs, disable recording access times on fs and it works beautifully.
Nice clean build. I myself choose a old Dell optiplex SFF with a 6700k and an Intell x520 dual spf+. I run a full 10g network in my house with a 10g fiber wan capped at 3.5gb. I can push all 3.5gb with this pfsense build.
Nice build. I'd personally swap the chasis fans for something like Noctua. Also Velcro strips / cable ties instead of zipties is a good choice too. No risk of damaging the cabling. Nice job overall!
Love this setup! Just digging into advanced networking now and I'm pretty much at this exact point, half rack just installed, 10G switch ordered today and now researching router builds.
I am about to build my first PsSense machine and was researching the parts when I found this video. Great build! Thank you!
I used that same case for my TrueNAS build. It's still working great!
How much did it cost you all in?
Nice build, I personally would replace the case face with some better motherboard controlled noctua fans for just noise control
great video, but I would install a fan on your external network card to get even more performance and to extend the lifespan.
because these network cards are not optimized to be passively cooled they are rather designed to have a very strong airflow in the case and the server should very probably also be quiet therefore an additional fan on the network card
BIOS setting:
(Intel): After Power Failure setting to Power On
(Gigabyte): Restore (on) AC Power Loss to Power On
(ASUS): “Restore on AC/Power Loss” or “AC Power Recovery” or "After Power Loss"
I use the intel dual sfp++ nic & intel 4 x 1GBE nic
One sfp++ 10GBE is vlan trunk from switch to pfsense using DAC and use pfsense to do firewall between vlans and internet connection/s.
Eventually I will link aggregate the two sfp++ ports and vlan the aggregated virtual ports at both ends however that introduces some technical considerations when upgrading as to do so is a o/s driver config hack. One way around that may be to virtualise and use the hypervisor to fan out the vlans to logical interfacess passed through to pfsense vm.
I have the exact same case but have an old old Xeon with similar intel 10 g card for truenas and unraid, a 4 port gigabit nic to supply the rest of the house. I also used 2 64 gig intel ssd in ZFS “raid 1”. I was using pfsense but shortly swapped to OPNSense. It’s on a UPS along with the switches and WAP so no dropped internet in the evening of a power outage
I used an SFF HP Prodesk wiith a Core i3.6100T as an opnsense build. It idles at 13W. It was crazy inexpensive, these old office systems are all over used sites and are ideal for server builds.
Does it support multi gig bandwidth loads ?
For Airflow I'd route the Cables away from the MB first, then bundle them up with a Velcro Tie. The MB itself works as a Heatsink and Radiates. You created a 'Cable Blob' right next to your RAM. Besides that I like the Project.
You had to force the 2.5 Gb/s because of the Nic you are using. Its the Intel x550 chipset and technically NBASE-T was originally not supported (2.5 Gb/s and 5 Gb/s) because those speeds are not used in an enterprise environment. If you want full auto negotiation (100/1000/2.5/5/10) go with the intel x710 cards they have full support of NBASE-T & BASE-T
This is nice, what if you wanted to add more 10Gb ports? How could you do that in a build like this?
Do you have a total drive out cost for this?
Great build! I was looking for a multi gig build since a long time but everything I found was a sub gig pf sense build.
Curious to know what the average power draw from this thing is?
I was wondering are their ventilation slits on topcover above the powersupply or is the cover closed. I never saw that in your video..
never mind it was visible in the beginning upon rewatching.🙂
It looks good but for a secure rack I would close up the back side of the rack mount because what good does a locking front panel do if the whole back side of it is open.
i have a build now with pfsense and an hp elitedesk 800 g3 with an i7 7700 and 32gb of junk 2400 ddr4 memory along with an X710-DA4 quad port 10G SFP+ card, two single realtek 2.5G cards (will upgrade to dual intels at some point here I think) and a quad port realtek 8125 2.5G card - have to install the realtek drivers which is a pain but you can just use the intel for WAN and 10G for LAN for the install and then changeover to the 2.5G for WAN once installed....surprisingly the realteks have been ROCK SOLID and get 2.35Gbps line rate all day long....and the SFP+ cards are DIRT cheap.....nice content I dig it, keep it up!
I'd like to know how you set up pfsense with Quantum Fiber when you do make that change. I'm on Quantum Fiber's 1gig service and am thinking about building a pfsense machine as well. Pros and cons vs something like a Dream Machine Pro SE ($499) because the cost will most certainly be higher if building with new parts?
Also using an i3-8100(T) here, but with Debian because I like to config everything myself. This is router-pc v4, the first two were Atom based (N270 -> N2800), the 3rd i3-8100T where the MB died after 3 years possibly due to passive cooling (Akasa Galileo TU3 case) and then I reused that CPU/RAM/SSD in a Shuttle barebone that's been running like a charm since. Even the old Atom-systems could handle 1Gbps symmetric fiber without a drop of sweat :) , this with DPI/etc off. Unfortunately going 10Gb isn't possible with the current system, no room for expansion cards plus faster than 1Gb isn't available yet.
Why u didnt used pico psu?
How the energy consumption? Asking cuz i saw you put a 600W power supply. A Qnap 10g router is 37w max.
What's the power draw? I saw some Chinese computers with Intel N100 that only draw 10-15w, and I'm curious about the i3-8100.
To clarify is this a 2u Startech or Rosewill case? The video states Startech but the the parts list incudes Rosewill. Thank you!
What for such a big case
Looking forward to the new video with the 8x8 fiber, which is exactly what I'm working with. Looking to increase NAS to NAS VPN connection speeds and the reason I'm looking at building a router. Great video!
Couple suggestions. Don't use that style of Power supply, use the style that have fans on the rear, when you put the case top on you are going to suffocate the intake fan. Second, I would have bought a motherboard with a m.2 slot on it for a 2456g ssd.
That case has a cutout specifically for the PSU fan on the lid. I have a very similar design case. It works fine.
Sweet, Some of the previous ones didn't.@@KamotzII
If you're so worried about "wires trapping air" (whatever that means) why on earth wouldn't you use a modular SFF power supply? For those in the back of the class, this doesn't matter one bit.
Question, do I need a graphics card adapter if I'm using an AMD CPU instead of an INTEL? I heard that AMD doesn't have an integrated graphics but I also don't want to spend money investing an intel CPU.
Just as an fyi, the thermal paste that comes with the noctua cooler would be as good as what you used if not better.
Nice pfsense router build
Good build but I would have swapped the fans out for models with 4-pin PWM connectors. Also, as others suggested: Don't cover the opening for the PSU fan. a PSU with a rear fan might have been a better choice.
I am skeptical that this hardware can actually NAT masquerade packets at line rate. So I’m excited for the follow up once you get multi gig fiber WAN.
You could also test this in a lab setting with iperf if you have two 10g capable devices.
@@wojtek-33 Good to know someone tested 10Gb on the wyzse 5070. I currently rock one with OPNsense and dual 2.5GB intel 226. Glad to know I can upgrade it later down the line.
@@wojtek-33 Out of curiosity which 10Gb card are you running in it?
@@wojtek-33 nice I have a few of those and a connectx4. Good to know they work
Nice build.
Don't do a circle with thermal paste, or you might trap air bubbles. Just one dollop, or X, not a circle.
i would have gone with more overkill specially on the cpu side. Like a i3 of the 12th gen or newer since they are also cheap and low power but the single core performance has gone up a lot which can help some things in pfsense.
Have you seen what pfsense uses? Fall.
i would like to asked 1 question if possible. would the 2.5 ssd limit the bandwidth of the fiber
The SSD has nothing to do with the network speed. It's just there to store and boot the OS.
@@johnnyvvlog Please explain, because I would think the SSD would be a bottleneck of some type, wouldn't it? I'm still confused. I'm just confused, and I want to understand/learn
@@crandall903 the bandwidth never goes through the ssd. It's only there to boot from. Everything else happens in working memory which the SSD is not.
@@johnnyvvlog so its based off ram like cacheing?
@@johnnyvvlog dose size matter like is 4gb good for fiber or 8 gb enough
Taken any power measurements?
in 2024 at least put a cheap dual 2.5Gbit/s card in that spare x1 slot for the wan so you can at least have 2 useable 10Gbit/s lan ports today, better yet get a new 4 slot motherboard [MSI PRO B550M-VC WiFi ProSeries Motherboard (AMD AM4] & populate that with more dual ports for lan use.
Are you talking about a switch? A router only needs 2 ports.
$160 a month? Damn, internet in the US is tough
yoooooo if youhave the toyota pickup i give you a great offer.
What on earth are you doing to need a 10Gb pfsense?
Are you some kind of 10Gb gatekeeper?
@@tab8k not an answer
10Gbe NIC for future proofing, i would assume. I am doing what this guy is doing right now, LAN side that is. It is nice to have a NAS that runs data transfers up to that speed.
1Gbe is too slow, or going to be too slow eventually. Price differences of 2.5/5Gbe and 10gbe isn't all that huge anymore; opting for a much higher theoretical data transfer is best.
And to further say more things here;
>WAN -> Whatever Plan he will be going to, past 1gbe, his pfsense machine will have likely no bottlenecks with throughput going this route for a very long time.
>LAN -> Machines communicating with each other, also no throughput issues.
For how much 10gbe nics are now, throwing a few more $ won't hurt anything.
@@RyzoTM I understand that, if it were the switch. But for pfsense, that is a firewall to the WAN, which, 10Gb is a future proofing exercise in the ridiculous. The other machines aren't even connected to the pfsense. And to put a 600W PSU??? Come on man.
when you have >1gig internet, 10GbE is nice so you can use what you pay for..
He's getting 8gbit internet access so why stick to 1 or 2,5gbe?
Also, even if he did stick to using 1 or 2,5gbe devices in the network, the firewall can be 10gbe so it doesn't behave like a bottleneck when multiple users get through at the same time.
10Gbe is not as expensive as it used to be. Most people would be fine with regular 2,5 but if you have a NAS or faster internet, why limit yourself?
Opnsense > Pfsense
why?
@@noobienoob8977pfsense isn't getting community updates like opnsense
Running a 600W PSU on a a machine that'll pull 100W max. Not good for efficiency. Such a weird build.
What
@@aRandomHomelabber what dont you understand?
@BenState your commend is not true. The system only uses what it need so to put a higher watt psu (witch most of are better optimized then cheaper low wattage plus) does not exactly mean that the system is using more watt than if you put in a 200 watt psu for example. Putting a higher watt psu in will probably be better for efficiency
@@aRandomHomelabber Incorrect. Look at a switch mode power supply efficiency curve, and you'll see that efficiency drops off precipitously below 50% load. Please update your knowledge accordingly.
opnsense has better driver support and much better licensing - the only thing wrong with this build essentially - using the mini mb is also abit questionable since std atx is about same price and gives you more pci slot options - molex was also a big mistake and who cares about aesthetics - nobody is ever going to appreciate the aesthetics, a few cables are not going to affect airflow appreciably #forks
citation on the driver support? whats wrong with teh CE ?
@@BenState OPNsense is updated way more frequently. they don't lag behind as much as PFsense does. But eventually they get there.
tbh the main reason i switched to OPN is the UI and ease of use :p
@@ledoynier3694 nothing to do with the the claim of drier support. define lag behimd? lag behind what?
OPN isn’t even on FreeBSD 14 yet. Unless you are adding needed features or security patches, why do you want your security platform updated frequently?
@@tedsanft7420 opnsense is just better fork - better licensing is big, better driver support is big and updates are critical for a security platform - that should go without saying
That was ALOT of thermal paste...
And drew an air bubble in - yack!
2u? LOL, 1u or bust, nerd.
Being a Firewall, and being an SSD as your primary drive, enjoy it when it fails in 6 months due to SSD failure, constant writing to it is going to make it's lifespan much LESS than a platter drive would give.....my firewall with a HDD lasted 10 years before I needed to replace it's drive, the SSD I tried gave out after 12 months. More modern does NOT always mean BETTER.
This is bs. I run my router with an ssd for almost 2 years now
I have had my ssd for 8 yrs on my router and 12 on my server, and both are perfectly fine. I think you might have many of the standard problems people forget about and store on ssd. I use ramdisk for logs, disable recording access times on fs and it works beautifully.
Could put in 2, as most motherboards will have at least 2 slots, and set them as a mirrored/raid1 array