What's new

Flexible, Powerful Router. What's best for me?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Weggy

Regular Contributor
Hi,

I'm looking for a little guidance/reinforcement on purchasing/building a new router. My goals are as follows:

- I'd like to run pfSense. Why? Because I believe it provides me with total control and flexibility for now and in the future.
- I need the hardware to be able to perform 900Mbps+ via WireGuard (256-bit). This is because my WAN is 900Mbps and I'd like to fully utilise that via a VPN (PIA)
- Ideally the hardware is compact (ish) and quiet. I do NOT have room for a "Dell RS210 ii" for example. I was considering this but my rack is slimline and I can't really change that. Neither do I want to have a full stack PC running.
- Ideally the power consumption is as low as possible.

My current favourite option (that could change) right now is the "Protectli Vault FW6B" (https://protectli.com/product/fw6b/). It's performs well, its compact, quiet. BUT, it is expensive, so I want to ensure it's the right choice.

Thoughts and help appreciated
 
If you have enough space for your router/firewall, the best price/performance option is Small Form Factor (SFF) business PC from eBay. Gen 3/4 Intel i5 with 8GB RAM and 500GB HDD are available as low as $100, HP/Dell/Lenovo. They are quiet, very reliable and have standard low-profile slots for NIC's upgrade. You can start with 1x extra GbE NIC (they all have 1x built-in Intel NIC) and upgrade to multiple 2.5GbE NIC's later. The quad-core desktop CPU has plenty of power to run whatever you want. Most come with i5-3470 CPU, up to 3.6GHz with AES-NI support. Expected power consumption when running pfSense is about 40W average. You can disable Intel Turbo Boost in BIOS to save some power, it won't affect the performance much. $200 budget is good enough for such DIY project.
 
Looking in the UK I'm not finding much (ebay.co.uk). Can you see any ideal examples from different brands which might server as perfect examples of what you mean? I'm a little wary of second hand goods, I'm probably being overcautious.

Out of interest I thought I'd see how much a new Mini PC might cost. I seemed to manage to build one for around £375. What are your thoughts on it's spec's and running pfSense?
Case - £82 - SUGO MINI-ITX COMPACT COMPUTER CUBE BLACK CASE - SST-SG14B
Motherboard - £128 - Z590M PHANTOM GAMING 4 (SOCKET LGA 1200) DDR4 MICRO ATX MOTHERBOARD
CPU - £75 - CORE I3-10105F 3.70GHZ (COMET LAKE) SOCKET LGA1200 PROCESSOR
RAM - £40 - VENGEANCE LPX 8GB (2X4GB) DDR4 PC4-19200C16 2400MHZ DUAL CHANNEL KIT - BLACK (CMK8GX4M2A2400
GPU - £0 - Integrated
PSU - £40 - CV SERIES CV450 450W 80 PLUS BRONZE POWER SUPPLY (CP-9020209-UK)
SSD - £0 - (Spare Drive) Kingston 240GB
NIC - £10 - (Second additional slot, first slot on motherboard) GIGABIT PCI EXPRESS NETWORK ADAPTER (TG-3468)
Total Cost - £375~

The Protectli I was looking at was the FW6B which has a Intel Core i3-7100U @ 2.40GHz. cpubenchmark gives this a scores of:
Cross-Platform Rating: 5002
Single Thread Rating: 1387
CPU Mark: 2696

While the above build has a Intel Core i3-10105F @ 3.70GHz. cpubenchmark gives this a scores of:
Cross-Platform Rating: 16464
Single Thread Rating: 2697
CPU Mark: 9170

So I would assume it blows it out the water when it comes to VPN throughput to? But it does have a much higher Max TDP of 65W compared to 15W. But I guess that won't be that high all the time, not sure what the ideal wattage will be.
 
Last edited:
Can you see any ideal examples from different brands

Use i5 8GB SFF as search criteria, HP Elite or Dell Optiplex are the most common. Refurbished units usually come from banks/businesses, some are in like new condition. Get one of those, clean it if needed, add single or multi-NIC Intel low profile card and you are good to go. Even older i5-3470 quad core has enough power to run >500Mbps on OpenVPN and Gigabit for WireGuard, as well as full Gigabit IPS/IDS.
 
Soooo I bought a Protectli Vault FW6B :D

I couldn't ignore the compactness and low power combine with great performance. For a house with everything netowkring in a small cupboard under the stairs with no ventilation. It just seems the ideal pick for me.
 
Use i5 8GB SFF as search criteria, HP Elite or Dell Optiplex are the most common. Refurbished units usually come from banks/businesses, some are in like new condition. Get one of those, clean it if needed, add single or multi-NIC Intel low profile card and you are good to go.

Quick Tip...


Patrick over there has been reviewing quite a few of the SFF machines, both refurb and new...
 
Tiny PC's are plenty fast, but most are limited to single GbE NIC and no expansion slots. Router on a stick or USB Ethernet are options. USDT PC's are better fit, some have Mini PCIe slot inside (for the Wi-Fi module), but the NIC's selection for Mini PCIe is limited, all Realtek. The case needs to be hacked/modified to fit the second NIC. SFF are best, usually cheaper and with standard slots, everything low-profile fits there. No modifications required. I have tried them all, including Thin Client PC's, but like @Weggy my final choice was a multi-NIC fanless appliance.
 
Looking in the UK I'm not finding much (ebay.co.uk). Can you see any ideal examples from different brands which might server as perfect examples of what you mean? I'm a little wary of second hand goods, I'm probably being overcautious.

Out of interest I thought I'd see how much a new Mini PC might cost. I seemed to manage to build one for around £375. What are your thoughts on it's spec's and running pfSense?
Case - £82 - SUGO MINI-ITX COMPACT COMPUTER CUBE BLACK CASE - SST-SG14B
Motherboard - £128 - Z590M PHANTOM GAMING 4 (SOCKET LGA 1200) DDR4 MICRO ATX MOTHERBOARD
CPU - £75 - CORE I3-10105F 3.70GHZ (COMET LAKE) SOCKET LGA1200 PROCESSOR
RAM - £40 - VENGEANCE LPX 8GB (2X4GB) DDR4 PC4-19200C16 2400MHZ DUAL CHANNEL KIT - BLACK (CMK8GX4M2A2400
GPU - £0 - Integrated
PSU - £40 - CV SERIES CV450 450W 80 PLUS BRONZE POWER SUPPLY (CP-9020209-UK)
SSD - £0 - (Spare Drive) Kingston 240GB
NIC - £10 - (Second additional slot, first slot on motherboard) GIGABIT PCI EXPRESS NETWORK ADAPTER (TG-3468)
Total Cost - £375~

The Protectli I was looking at was the FW6B which has a Intel Core i3-7100U @ 2.40GHz. cpubenchmark gives this a scores of:
Cross-Platform Rating: 5002
Single Thread Rating: 1387
CPU Mark: 2696

While the above build has a Intel Core i3-10105F @ 3.70GHz. cpubenchmark gives this a scores of:
Cross-Platform Rating: 16464
Single Thread Rating: 2697
CPU Mark: 9170

So I would assume it blows it out the water when it comes to VPN throughput to? But it does have a much higher Max TDP of 65W compared to 15W. But I guess that won't be that high all the time, not sure what the ideal wattage will be.

Intel i3 with Z590? Hell no.
Go with
CPU: Ryzen 5600G
MB: ASUS TUF GAMING B550-PLUS
SSD: Nvme(Gen3) with DRAM.
 
Qotom makes nice fanless, mini PCs with multiple NICs (generally Intel-based). I use one for dev purposes here, with 4 built-in Intel NICs. In North America they are sold both by Newegg and Amazon.
 
Thanks for all the suggestions and help but yep I bought a "Protectli Vault FW6B".

I have to say this device is amazing, I'm really pleased with it. I'm running pfSense but its the performance mixed with the compact, noise (silent, no fans) and low power draw that's a massive thumbs up. I'm running my OpenVPN and getting speeds that match my ISP (WAN) speeds of 900Mbps.
 
Tiny PC's are plenty fast, but most are limited to single GbE NIC and no expansion slots. Router on a stick or USB Ethernet are options. USDT PC's are better fit, some have Mini PCIe slot inside (for the Wi-Fi module), but the NIC's selection for Mini PCIe is limited, all Realtek.

On a different tack...

MacMini - onboard ethernet is broadcom based, and use a thunderbolt to ethernet adapter for the other interface... I've got an older 2012 Mini with a quad core i7 sitting on the shelf -- OSX should be able do the NAT and FW out of the box - gigabit connection shouldn't be a problem there...
 
On a different tack...

MacMini - onboard ethernet is broadcom based, and use a thunderbolt to ethernet adapter for the other interface... I've got an older 2012 Mini with a quad core i7 sitting on the shelf -- OSX should be able do the NAT and FW out of the box - gigabit connection shouldn't be a problem there...

I had a 2012 i5 mini I trialled opnsense on - the cpu is a lacking on single core speed ( and cores ) if you’re wanting to run suricata/sensei and have gigabit internet access, and whilst the Broadcom ethernet is ok ( the tb2 ethernet is also Broadcom ) it’s not well supported for netmap

It’s back running as a general purpose linux box now and I’m using an i7-6700 instead
 
I had a 2012 i5 mini I trialled opnsense on - the cpu is a lacking on single core speed ( and cores ) if you’re wanting to run suricata/sensei and have gigabit internet access, and whilst the Broadcom ethernet is ok ( the tb2 ethernet is also Broadcom ) it’s not well supported for netmap

I suppose if you're running on FreeBSD (OPNSense is FreeBSD), then driver issues with your packages (Zenarmor (ex-sensei) needs NetMap), which isn't well supported outside of the Intel drivers...

I would leave it running on OSX, driver issues there aren't an issue... and one can still do the suricata thing if one wants, which practically speaking, for most home networks and even small business networks is overkill...

I don't run it on my pfSense box... and I don't do Snort either.
 
Do not run router on a stick for a firewall device. It is bad security. You have already allowed physical access to the inside of your network by doing this. Only use router on a stick for inside network routers.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top