So glad to have clicked on this video. I run OpenWRT on similar and wasn't pleased with the CPU's in the "newer" generations of these boxes that I was looking at to upgrade my 1Gbe ports to 2.5Gbe or 10Gbe. This and the Atom C3558 and/or C3758 SoC's sound awesome and perfect for my next upgrade! Thanks for the detailed explanation of SoC w/integrated ports vs. adding the adapters to an older model CPU. Awesome walkthrough, especially dealing with the serial console.
I agree that the replacement fans somehow sound "better" and give the impression of a higher-end bit of networking gear. The fans it came with sound like fans. The replacement fans sound like they belong in an impressive computer set-up in a movie. The control room in Jurassic Park comes to mind, or some gleaming, glass-walled server room in a skyscraper belonging to a slightly malevolent megacorporation.
"Cheap"... Not in the EU in my opinion. For 450€ plus Customs and shipping I could build a much more powerful server with 8 cores/threads and throw pfsense in a VM on 4 dedicated cores plus a dual sfp+ and a Quad Gigabit card. 🤔 alongside with other stuff in parallel.
my Synology DS415+ died as a result of the atom bug. Managed fix it and use it as a backup by installing a 100ohm resistor. Intel should have been made to reimburse people for the hassle THEIR issue caused.
They replaced mine and revoked my warranty. I had time left on mine, they RMA'd it, it's the same hardware, but without the warranty. Basically a ticking timebomb.
I bought a defective already 100 Ohm modded (probably done by Synology on warranty), the degrading continues, and then a 100 Ohm resistor isn't enough. I managed to start it sometimes, I don't remember which resistor I ended up using, the unit was a nightmare, every time I fixed it and it booted every time then I moved it to position to where I wanted it and it refused to boot. also if the clock battery is dead it refused to boot
This was incredibly valuable information. I have a similar device I wish to install pfSense. I also appreciate the "Framework in the wild" assisting you in the installation process! Thanks again!
That board is really interesting. It even has a PCIe Port and a lot of connectivity. There also is a slightly different model with HDMI and VGA connectivity. But I think you can add a cheap mPCIe to VGA card (A server GPU on a really small board) to it. The VGA port can be screwed on to the back where there are cutouts for a VGA port.
If all computers and other systems were SFP enabled then you could use fiber optic connections plus the appropriate SFP modules throughout your network.
I could although that is only really suitable for connections within a rack - most of my network cabling runs through the walls where CAT6 is much more practical. Most of the devices connected are also only ever going to support a copper connection (TVs, ames consoles, printers.etc) so there would be limited places where I could actually deploy fibre. Thankfully the CAT6 runs I have are all well under 55m long so can easily run 10 Gigabit connections so fibre isn't required.
Thats fantastic that you got such a new CPU. The older C2000 Atom chips had serious failure issues - something about silicon breakdown after enough running hours. It plagued a pile of standalone NAS units (like various QNAP models). It seems like they got the issue sorted out for the C3000 series though! :)
I just got a surplus Dell Optiplex SFF desktop, swapped out the Core i5 with a Xeon & upgraded the ram to 16GB, put an SSD in it, used the onboard 1Gbps nic & added a PCIe 1Gbps nic. Running Pfsense. I think the total cost was $300 USD.
$220 shipping. It better come in proper wooden crate. I was looking at their motherboards a few days ago and I remember that 4x2.5G + 6 SATA board with N5105. That looked like a good deal but in the end I went with a 8x2.5G+10G switch for $120 and kept my old atom with a network card.
Strange, my shipping was only around £35 and looking at the US it seems to be around $32 - suspect it might be something to do with shipping to certain locations unfortunately.
Seavo motherboard - they contract manufacture for MANY OEMs - generally really good quality. I am sure there will be documentation somewhere detailing the connectors
Excellent video from the server and I read a lot of negative comments compared to mikrotik advantages of the BKHD Intel Atom C3558 you can install Bind dns squid cache vanish among others to improve the performance of your local network without having to install another external server.
I don't know why but I just found that boot and then BIOS over serial really cool! 😂🤓 BTW not sure if you're planning any upgrades but a mobile M.2 module and SIM would be cool to see.
I was definitely pretty surprised, last time I used a machine that required a serial console was some old SunFire SPARC servers so this was my first time using an x86 machine without a video output. I almost wish it was more common - so much easier to just hook up a laptop rather than needing to dig out a monitor and keyboard!
There is a common plastic sheet material that can be formed to cover open frame PSUs and IEC connectors to protect you from exactly this sort of error.
I spotted when I worked somewhere on enterprise support after the move to USB that we still needed serial devices for some command and control systems and switch/router config. They had a habit of powering down through being subject to power management. It was hard to find the right ones that either didn't have their own power management or it was configurable so we could turn it off.
"serial can't send color-information" That's really easy. Putty uses a Terminal-Emulation that understands ANSI-Sequences starting with the Escape-Character 27. There are more chanters added to a sequence to realize not only colors. These technique is used in nearly any Linux Distribution when showing terminal emulation.
It's quite good to see a meanwell power supply in one of these things. I have a few of these devices and the one thing I really hate is that Proxmox doesn't support console terminal for instalation. So I end up having to install Debian first then Proxmox.
To be fair, I've always installed Debian first then Proxmox, Proxmox' official installer gives you a weird partition layout that cause ugly issues in the future.
I'm a fan of the ex Sophos XG/SG appliances that you can pick up from time to time cheap. Then run XG Home / pfsense / untangle on them etc. Any reason pfsense over opnsense?
The USB header, looks to be a standard USB two single port header. Normally they are double port headers, but ive had accessories that only plug into half of the double, and that looks about the same
Transformers use coils, so they have different characteristics at different frequencies, so run them at a higher frequency than they are designed for and the losses and cross talk could be significantly higher.
I'm running a Supermicro C2758 for pfSense that's not affected by the hardware bug, runs fantastic for symmetrical gigabit Internet. I also have a Supermicro C3558 ready to deploy if needed, it's just overkill and uses slightly more power vs the C2758.
Yeah, I still have some C2000 Atom based Supermicros in service that were RMAed due to the bug and were returned with a "platform fix" and have been running fine since. The machines had never failed by the time we RMAed them but wanted to do it to be on the safe side rather than risking them failing in service. It's my understanding that the bug can be worked around by reworking the motherboard which is what I suspect they have done. That said, I'd still generally avoid purchasing a C2000 based system second hand unless you know for sure that it has the platform fix in place to be on the safe side.
@@camerongray1515 I agree with playing it safe. I happen to have two other identical 'spare' SM C2758's that had the fix from day one. So if it fails, will just swap out the MB.
Why not try the full size pcie port and m.2 (for nvme compatibility)? Otherwise you're just talking through what we can see on the product page already...
a better idea would be to make your own fw box - diy has many advantages - upgradeability, expansion, ease of use, additionally opnsense has better licensing and better drivers
As much as I enjoy building machines - it would have been near impossible to build something comparable to this for anywhere close to the price. In particular, building in a 1u rackmount form factor makes things difficult as most coolers and even a standard I/O shield are too tall to fit in the case. As for OPNSense, I'm actually downloading it right now to try it out since I last tried it shortly after it came out, I demonstrated PFSense in this video since it's what I'm more familiar with and use elsewhere however I'm planning on trying out various different OSs on this machine before I deploy it.
@@camerongray1515 come on now - atom is not all that great - depending on the model it may lock up on you and break permanently - yes this was an atom 'feature' - i feel your pain on price but just use a refurb build like z420/z440 - you can get parts cheap and then you have many more options - cheap ram and ability to run 25g cards also cheap - diy is cheaper in the end really for the value proposition, much more powerful processors available, expandability etc - it is really no contest but props to you for going to 10g and trying at least - you can build a diy router with faster networking for half the price
The Atom C2000 issue was bad assuming that's what you were referring to in terms of reliability, however the C3000 models aren't affected by this, I run several of them in production commercial settings as routers and they have worked flawlessly for years. Even some C2000s with "fixed" motherboards after RMAing them due to the bug are still working fine. They are also widely used in many commercial network appliances. This machine is used purely as a firewall/router and is due to be installed in a small wall mounted comms cabinet, a refurbished HP Z420/Z440 workstation would be completely impractical in such a setting and the power consumption would be unjustifiable. I simply don't see myself going beyond 10 gigabit during the lifespan of this machine - the internet connection is 300mbit and at most would potentially be upgraded to gigabit years down the line. I have a 10 Gigabit capable NAS however most of the traffic to it is going to come from the same subnet so won't need to pass through the router, even 10 Gigabit at the router is completely excessive for my needs.
I installed OPNSense on my office firewall and I found that PFSense is much more intuitive to use. PFSense does have a path for better drivers and more recent updates but the licensing does leave much to be desired. I'm going to stick with OPNSense for a while to see if I can get used to it.
@@cheerbeerification Opnsense is a bit better in compatibility and functions. But that comes at the price of not being as easy to work with as pfsense. You can twist opnsense into a pretzel to run exactly how you want but that does require a lot more knowledge. Pfsense can be more drop in and use easily. I admin a bunch of both along with the "big boys: like Cisco FPs and fortinet. I still have custom Linux FW/IDS/IPS deploys running in places. For home or simple office deploys I would say pfsense > opnsense for the ease of setup and it will do what you need simply. For business deploys I would say opnsense > pfsense because it can be more robust and offer additional configuration options for you to customize once you are confident with it. Just my 2 cents from working with both of them for a while now.
Eventually yes, don't get me wrong - I love UniFi kit and will still heavily recommend it, but for my home setup, I just fancy something a bit more configurable and flexible. I've had a long enough time with a fully UniFi setup to evaluate it and UniFi will still be my go-to recommendation for where someone who's not a networking expert wants a decent, easy to manage deployment. So stand by for a few more videos coming up on this topic over the next few months!
Did you ever try using an NVMe drive in the m.2 slot? I don't see why they would make it SATA only on such a new board and I'm really curious if it is able to run NVme.
You have 2 of them then connect them directly and test a bandwitch via vpn tunnels on them to discover a limitation of speed. Many devices at lt2p&ipsec have ~70Mbps, at IPSec ~800Mbps, at WireGuard/OpenVPN etc. between previouse. Please check a internal limits for package size 50B/500B/1400Bytes - then we will know all about PFsense limit on this devices !.
I can't help but think that the Old M1 Mac Mini would be a great deal to use as a router/ Switch / Wifi 6 device. You use the $30 Gigabit adaptor for your ISP. Then the 10 GiG port for your home Network. It sips power, you already got on board storage. And PLENTY of CPU power to get just about anything done along with 8GB of ram. You can also use a thunderbolt to SFP/ Optical interface adaptor to a full ~ 40-GBPS speeds each Thunderbolt port is capable of. (~5000 MB/ Sec. - More then what the RAM can do on board) Plus you get to use any length of cable you need since its single mode optical fiber. So reaching your Main managed or unmanaged switch is a Breeze. If you have any troubles? Having a complete Backup Mac Mini is cheap and easy to implement or have as live redundant back up. So you are not really locked into any hardware.
It's an option but I'm not sure why this would be better than using an x86 PC. As far as I'm aware, Linux and BSD support on Apple Silicon is still in its early stages and while Thunderbolt is great, you'd be paying an absolute fortune more for Thunderbolt NICs when compared to PCIe NICs and end up with a machine with several different adapters hanging off of it. By contrast, you could get a sufficiently cheap small form factor Intel PC for much less than a Mac Mini and chuck a cheap, second hand PCIe NIC in to get whichever high speed ethernet interface you require. I've previously deployed Mac Minis in a datacentre setting and they really aren't ideal for it - there's no way to force it to power up whenever mains power is applied. All you can do is have it restore it's previous power state so if it was on when the power was pulled, it will turn back on. However, if it was manually shut down, there would be no way to turn it back on without physically pressing the a power button. The most you can do is use a setting in MacOS to power the machine on at a certain time every day but then you could be waiting up to 24 hours for it to power on again. By contrast, most PCs can be set up to power on as soon as mains is supplied allowing it to be powered on by simply cycling the power supply through a remote switch. Then if you went down the server route you'd have full out of band management controllers to give full remote access to the machine.
Surely those ports are useful if the power goes out as you could have a NAS on one and your primary pc on another, then if your power goes out you would still have (worst case) access to your servers files.
Which ports are you referring to? Would have to be a weird power cut where you wouldn't be able to power a switch but could still power a PC, NAS and this firewall.
At that price point, it's not very competitive against something like Mikrotik CCR2116 or CCR2004. Mikrotik devices also support Linux containers and can throw Pi-hole or the Ubiquiti Controller on it, to integrate with Ubiquiti hardware. 47:18 just to give an apples to apples comparison, CCR2116 is routing(L3HW) at ~50Gbps, ~40Gbps with 25 firewall rules. IPsec ~4.1Gbps Edit: I just realized that even the cheaper Mikrotik RB5009(the non-PoE version can be found for ~170-180 USD), fanless router, which has PoE out on 8 ethernet ports(maybe powering Ubiquiti hardware) does better throughput: routing ~9.8Gbps, 25 firewall rules ~9.3Gbps, IPsec ~1.4Gbps.
Don't get me wrong, MikroTik devices are great and I already use them a fair bit elsewhere. However, they aren't directly comparable since you're tied in to using RouterOS vs an x86 machine which has a worse price/performance ratio but has the benefit of giving total software/OS flexibility. My goal with my home network is to try all manner of different equipment running each option for a period of time to try it out fully, it's likely that I will end up trying a MikroTik router in the future, but they aren't suitable for every situation so I wanted to try an x86 option first.
Havent got that far in the vid yet, but do you mean internally? I am looking for a 4/5G interface for a Netgate 2100 atm. All I can find at the lower price point is routers.
For about half that price I picked up a mini pc with a Ryzen chip, room for NVME and SATA hard drives, USB 3.2, 2.5g networking, etc. It's doing a great job as a NAS, no need for a router.
I cannot find a reseller with a desktop version of this board -- I would love to have the smaller form factor to use in a kit for events... While the board is small (203mm*178mm) it's not a standard size as far as I can tell. I can fit a full 19" rack device in my pack but I'd rather not use so much of the space with dead storage (the empty space in the 1U).
For the performance, I am surprised that simple firewall rules or NAT make it drop perf so much. You should try Linux, just for fun and see how it goes. I can recommend just normal Debian Linux, (Vyos would work too), or anything really for a test. Also on Linux even single stream will be able to take advantage of multiple cores when doing fingerling, NATing is still a little bit limited, but from my testing still uses multiple cores and can run multiple packets in parallel for same stream without issues.
Don't know which app you're using for the noise level, but the spectrum graph looks as if the 2-4 kHz band is a bit lower with the new fans. That band is very important for hearing human speech, so if it is lower, that would probably be why it 'sounds better;.
Mine definitely has i225-v NICs in it, although I suppose they may have swapped them out on current versions. These types of machines are very much built from whichever chips are available cheaply at the time.
There's no way this has any sort of safety certification. I doubt there is a CE Mark for Europe or UL for US. There's a reason power cords go into power supplies in PCs, and most smaller devices have external transformers. I discovered a similar problem when using a IMSAI computer, the huge transformer in it made it unbalanced, so the fingers needed to go under where the transformer was, and the fuse was right where the thumb would go. This was before there were many required locations for current leakage disconnect (GFCI in the US), and of course the case was grounded. Luckily, with "only" 120V on a dry day, I only got a tickle.
I just got mine, running on 1gig ports for now until I upgrade my switches too. In mine all the screws were tight and it came with PFSense 2.7 already installed. Still reinstalled it myself, but nice to have something working out of the box to make sure it survived the trip. Very happy with it. Is the Intel processor inside picky about only using Intel sfp+ modules?
I haven't tested loads of SFP modules but I don't think the DAC cables I'm using are Intel coded, if anything they'd be Cisco coded. If you're buying new modules then may as well get Intel ones (as in, generic modules that are coded for Intel, no point spending a fortune on official Intel ones) but if you already have some non-Intel ones, I can't see them being an issue.
Intel, Dell, HPE are usually very open for SFP use. Cisco, Juniper, Arista, Mellanox tend to be more strict in wanting their own supported SFPs and require you to turn the SFP verification off if you want to run "unsupported" SFPs. If you are really worried you can look at companies like FS. There are a bunch that offer compatible SFPs that are coded to vendors and are usually much cheaper then official parts.
This seems very expensive, I think Mikrotik products are better value e.g. the RB5009 which has a 10gb interface for £240 ish. Obviously it's a different proposition not running pfsense but the mikrotik os should have more than enough features to do what you need and the cpu has less raw horsepower but I think the performance will be way more than enough for home enthusiast applications. Personally I use a mikrotik routerboard hex which is dirt cheap I think approx £50 but it consumes very little power and has every feature imaginable. It handles my 1gbit connection without problems but I wouldn't be able to do any traffic shaping etc due to the CPU.
I absolutely love MikroTik kit and use it extensively. I actually strongly considered the RB5009 for this project. Ultimately I decided that I'd rather have a bit more choice when it comes to the software side of things, hence going down the x86 route. When compared to other rackmount x86 options, this device is actually pretty cheap - my go-to, similarly specced Supermicro machine that I'd use for this sort of machine in commercial setups costs close to £1000 and doesn't even have the 10 GbE NICs.
Its a good board but with the cpu i doubt it could keep up with a fully loaded system as it would have massive bottleneck but if that board had better cpu it would be perfect.
Cameron, do you know if that little SSD caddy could handle 2x 3.5" mechanical HDDs? I could see using something like this as a firewall/router AND as a mini-NAS. Since i have some high capacity HDDs but i don't have more NAS slots.
While the C3000 series has been out a while, it's still a very widely used chip - it's what Netgate use in many of their own PFSense appliances and still seems to be Intel's current model of low power consumption server/network appliance chip. They have released a few Atoms since then (The C5000 models and the P series) however both of these have much higher power consumption. You can definitely get these types of devices with more recent chips (generally up to 12th gen Intel Core), however while this CPU would be "newer" you'd lose the SoC integrated 10 GbE NICs so just because the CPU is newer, doesn't necessarily make them a better option.
@@rajilsaraswat9763 They do a few such as the A2SDi-TP8F although they tend to only offer the higher end C3000 chips on the boards that offer 10 GbE networking.
I was referring to the fact that the chip in this is still currently sold, not that it's the absolutely latest offering. This is in contrast to many similar machines that use extremely outdated chips such as the D525/D2550. The X series Atoms aren't really directly comparable as they're designed for the likes of thin clients/embedded applications where a video output is required and networking is less important. The C5000 and P5000 series are an interesting one, they are part of the same line as the C3000 chips however have much higher TDPs so I'm not sure if they're expected to be a direct replacement for the C3000 line or not. They also aren't really widely available yet with most devices still being sold with C3000 chips.
The TP-Link looks like an interesting device but isn't really comparable to something like this. As a low cost device that runs the included firmware, that device would be more comparable to devices such as the Ubiquiti EdgeRouters, the UniFi UXG-Pro, various MikroTik options and tonnes of other brands (Draytek, Zyxel.etc). With a device such as the one here I'm not tied into any sort of firmware - with my previous AliExpress box I started off on PFSense before later moving to OPNSense and then finally onto many years of it running VyOS.
I haven't tested it although I can't see any reason why it wouldn't be possible. HOWEVER, someone else commented pointing out that Proxmox VE doesn't natively support installation over a serial console, so you'd either need to connect some sort of GPU temporarily to do the install, or install Debian first over a serial console and then install Proxmox VE inside of that.
@@camerongray1515 If you haven't already put this router into production, I think you would get a lot of views on a video about installing Proxmox onto it with a pfsense VM while being able to run other VMs, as well.
It's an interesting idea however I personally prefer to keep a device like this running the OS bare metal then run VMs on another server. If I was happy to virtualise my router I'd have probably just stuck it on my existing server which acts as VM host along with being a NAS.
@@camerongray1515 It could be done on either of your systems given the network connectivity available but I think this device would make a unique video as the switch complex is built into the motherboard.
Would have rather had no relays built in and gotten full use of the 2.5Gb NICS. Rather have a RJ45 10Gb multi port then two SFP+ ports, one SFP+ is fine for connecting to a switch bot my 2.5Gb Cable modem only has RJ45 and I hate using SFP+ converters.
i now use xiaomi router 10000 router with mesh system, i got 2 of this and 1 xiaomi 3000 on my network, with voda ONT 916 what different if i use FPsense or my xiaomi.
If I may ask. What would be the consideration of buying this over a Ubiquity dream machine. As far as i can find the dream machine is far cheaper. Atleast where I live. I won't go into the price details further but to me it doesn't seem like that good of a deal. Is it that you really want a PfSense instead of proprietary software?
I actually replaced a UDM-Pro with this. The UDM is great for certain situations and worked well for me, I just fancied a change. However, the UDM isn't some sort of "gold standard" for routers, it's use is very much limited to relatively simple home networks and very small businesses, beyond that it's easy to run into feature limitations at which point you have no option other than to replace it with something else. On the other hand with something like this it's easy to install whichever software works best for a given application and change it in the future if needed
$435 (the cheapest system option) + $32 for shipping to the US is an insanely expensive price for that system considering its using 2017 Intel Atom SoC hardware!
Value is subjective however even though the C3558 came out in 2017, it's still a current chip purpose designed for devices such as this. A Supermicro machine with this chip (which is my go-to for many firewall applications) would cost close to £1000. These are also the same chips used by Netgate in their official PFSense appliances. It also turns out that this machine actually came with a C3558R which came out in 2020 and is a slightly upgraded version of the original chip. You could probably get a machine with a newer Intel Core CPU for cheaper, however this would lack thing such as the integrated 10 GbE NICs which are a huge benefit of the Atom chip.
I have no preference, but is there a reason you use pfSense over OPNsense? People seem to have strong opinions about which is better. I don't use and have not used either, so I have no skin in the game as it were, I'm just curious.
I went with PFSense for this video since I was already experienced with it and it's generally pretty well known amongst people who would be watching this video. I last used OPNSense around 5 years ago so I'd really need to evaluate it properly before I can decide whether to use it over PFSense. It'll be a while before I actually deploy this machine so I'm open to evaluating all manner of different OSs before deciding which to deploy on it long term.
@@camerongray1515 As someone who has used both for many years, I can say OPNSense is much more stable in the long run with updates not breaking things and has a more active community when it comes to plugins (for example Zenarmor).
@@camerongray1515in my opinion OPNsense is more stable. Releasing more improvement updates then Pfsense. Of course both are based on freeBSD. But still.
@@RWL2012 now I feel stupid, I got lots of results when I searched for it before, but it seems like it can't be bought right now, Noctua sells 50mm fan grilles and they have shown a 50mm prototype fan at Computex in 2017 and 2019
I'm probably going to give OPNsense a go when I put this into service, I just stuck PFSense on for the video since it's what I'm already familiar with however OPNsense seems to come along a fair bit since I last used it and this seems like a relatively low risk way to test it in a "production" setup. That said, the NIC support difference is less of an issue now since PFSense 2.7 has bumped up to FreeBSD 14 however it still does seem worth trying out for a change.
And "reliable" Supermicro also has C2000 with broken team blue brick. Ebay is full of them with progen LPC bus. Patch actually dose not need soldering you can get away with resistor pliged into TPM header. BUT, IPMI will be disabled permanently. I got one for free from scrap yard. Ofc you never know how mutch CPU is gona degrade more. It may die tomorrow. Problem with ALI PC equipment they are full of maleware, ak rootkits/backdoors in bios. so if you work on anything sensitive, dont use any chineezium equipment in network. Specially firewall. Even IP cameras should be placed on separate VLAN as most of them are made with cineezium spice.
They switch when the power is cut or when the machine is shut down. Usually with this sort of hardware there would also be some sort of configurable watchdog timer where the relays would also switch to bypass mode if the software were to crash, however I haven't been able to figure this out due to the lack of documentation.
Quick question is an isp router good enough with it's inbuilt firewall and save your money for else where or should you throw it away and get like pf sense etc im not hugely experienced but as its the first step in your network i think it shoulf be taken seriously is there a great jumpn in security or other advantages ?
Realistically, if you don't really care about networking or advanced features, the ISP's router will be absolutely fine. Now, if you want to start tinkering with more complex features such as VPNs and separating out devices onto isolated VLANs then you'd probably need something more but if all you care about is having a working internet connection, then the ISP's router will be fine. You may of course want to expand this by adding a switch and hardwiring devices where possible or adding some additional access points for better wireless coverage and eventually in the future you may decide you want to tinker and learn and try something more advanced for a router, but as much as people on CZcams bang on about super powerful routers, it's not something you necessarily *NEED*. It's also worth bearing in mind that if you have an issue with your internet connection and need to contact your ISP's support - if you're using your own router, they'll likely try and blame that first so it's always worth keeping your ISP's router around so that you can plug it in when you are troubleshooting any issues with ISP support.
I actually installed OPNSense on this when deploying it so that I could try it out and I'm running it now, but to be honest, I'm not overly impressed and doubt I'll roll it out elsewhere. The UI does have some nice improvements over PFSense, but I've had a few issues such as the Unbound service stopping itself after saving config changes and needing manually restarted. I also found a few bugs such as pressing enter in the interface name box when adding a new interface on the assignments page actually triggers one of the "Delete Interface" buttons which could go very badly wrong if configuring a production router while not quite paying attention. Not necessarily huge disastrous issues, but enough for me to not be confident enough in it to deploy it in any sort of critical environment. Additionally, the super frequent updates that some people push as a benefit of OPNSense aren't necessarily ideal for mission critical production applications where I'd much rather have a slower, more predictable update schedule like PFSense has.
From my testing it maxed out at around 6.5gbps with the firewall enabled. This is also with several parallel streams, a single stream will max out at around 2.5gbps. AES-NI isn't going to make a difference here as it only accelerates encryption performance which will benefit things like VPNs, but not general routing/firewalling.
Sadly the camera wasn't recording, although I wasn't far off doing it again when I went to demonstrate what I did in this video and only part way through remembered to unplug the cable! I'm not very smart!
I didn't see anything suspicious while testing. I'm running my OS on this and there is no IPMI/network stack in the firmware so any sort of exploit/backdoor would have to be extremely low level, I haven't seen any evidence of devices such as this having these types of exploits. My logic is that this isn't really any higher risk than any other Chinese motherboard, if a company wants to produce a compromised device, surely they'll focus their efforts on complete routers/smart home devices where the device will end up running the supplied firmware which could be loaded with exploits rather than something like this that will run the user's own OS.
Hello, Just found your video and found it interesting. But are you not worried about data being sent to China/Hackers or malware? I purchased some USB devices and there is malware imbedded in the devices. Even thou devices are not storage devices. Also with all the talk from experts on many cheap TV boxes that are sold from China mining data from users including passwords/banking and other are you not worried? Now to be fair not all devices I purchased mine data or contain malware imbedded on chips in the devices, but lots do.
It's something to be aware of but not something I'm particularly worried about, it's not like those android TV boxes where you're running the OS image that's provided, this is running a cleanly downloaded OS that I installed myself. The only risk would be a really low level BIOS level compromise which would likely require some level of knowledge around the host OS. I also haven't seen any evidence of devices such as this being exploited and any suspicious network activity would be easily detectable. If a bad actor wanted to release compromised device, they'd likely focus their efforts on devices like TV boxes, smart home devices or cheap home routers where they will end up running the provided operating system rather than this which is essentially just a bare motherboard.
@@camerongray1515 Hey thanks for the reply. I was just wondering which is why I posted. As said I have several usb ic and nfc tag readers and at the time Malwarebytes on my system kept triggering while devices (one at a time) while connected to pc. So I worry lots now about devices I buy. That makes me want to ask people who buy some devices about if they worry about devices doing things they should not from hard coded chips in some devices. Anyways I was just wondering. Thanks
Buy from AliExpress (Affiliate): geni.us/3pUQBn5
pfblocker blocked the url for me, can you give a direct link?
@@rajilsaraswat9763 I second this one. Direct link please
@@rajilsaraswat9763 there is nothing wrong with the link, it's just an affiliate link to aliexpress
@@marcogenovesi8570 Pfblockerng blocks the redirect and we only get the 1x1 tracking pixel
@@marcogenovesi8570 doesn't work with pihole either.
So glad to have clicked on this video. I run OpenWRT on similar and wasn't pleased with the CPU's in the "newer" generations of these boxes that I was looking at to upgrade my 1Gbe ports to 2.5Gbe or 10Gbe. This and the Atom C3558 and/or C3758 SoC's sound awesome and perfect for my next upgrade! Thanks for the detailed explanation of SoC w/integrated ports vs. adding the adapters to an older model CPU. Awesome walkthrough, especially dealing with the serial console.
I agree that the replacement fans somehow sound "better" and give the impression of a higher-end bit of networking gear. The fans it came with sound like fans. The replacement fans sound like they belong in an impressive computer set-up in a movie. The control room in Jurassic Park comes to mind, or some gleaming, glass-walled server room in a skyscraper belonging to a slightly malevolent megacorporation.
"Cheap"... Not in the EU in my opinion. For 450€ plus Customs and shipping I could build a much more powerful server with 8 cores/threads and throw pfsense in a VM on 4 dedicated cores plus a dual sfp+ and a Quad Gigabit card. 🤔 alongside with other stuff in parallel.
Idk, in Serbia shipping for this is very cheap and there's no import tax or anything of that sort.
my Synology DS415+ died as a result of the atom bug. Managed fix it and use it as a backup by installing a 100ohm resistor. Intel should have been made to reimburse people for the hassle THEIR issue caused.
I thought you use unifi ??
They replaced mine and revoked my warranty. I had time left on mine, they RMA'd it, it's the same hardware, but without the warranty. Basically a ticking timebomb.
I bought a defective already 100 Ohm modded (probably done by Synology on warranty), the degrading continues, and then a 100 Ohm resistor isn't enough. I managed to start it sometimes, I don't remember which resistor I ended up using, the unit was a nightmare, every time I fixed it and it booted every time then I moved it to position to where I wanted it and it refused to boot. also if the clock battery is dead it refused to boot
I've picked up 3 "dead" Synologies with this big that were being thrown out. So far, the resistor is holding up...
Had the same issue. Caught it in the LAST day of my NAS system. Symbology covered me and sent a unit that was repaired.
I wasn't expecting the A. Megatrends BIOS screen. Cool device.
This was incredibly valuable information. I have a similar device I wish to install pfSense. I also appreciate the "Framework in the wild" assisting you in the installation process! Thanks again!
I haven't seen a serial BIOS in a long time. Very useful for machines shoved in closets or ceilings.
That board is really interesting. It even has a PCIe Port and a lot of connectivity. There also is a slightly different model with HDMI and VGA connectivity. But I think you can add a cheap mPCIe to VGA card (A server GPU on a really small board) to it. The VGA port can be screwed on to the back where there are cutouts for a VGA port.
If all computers and other systems were SFP enabled then you could use fiber optic connections plus the appropriate SFP modules throughout your network.
I could although that is only really suitable for connections within a rack - most of my network cabling runs through the walls where CAT6 is much more practical. Most of the devices connected are also only ever going to support a copper connection (TVs, ames consoles, printers.etc) so there would be limited places where I could actually deploy fibre. Thankfully the CAT6 runs I have are all well under 55m long so can easily run 10 Gigabit connections so fibre isn't required.
Thats fantastic that you got such a new CPU. The older C2000 Atom chips had serious failure issues - something about silicon breakdown after enough running hours. It plagued a pile of standalone NAS units (like various QNAP models). It seems like they got the issue sorted out for the C3000 series though! :)
I just got a surplus Dell Optiplex SFF desktop, swapped out the Core i5 with a Xeon & upgraded the ram to 16GB, put an SSD in it, used the onboard 1Gbps nic & added a PCIe 1Gbps nic. Running Pfsense. I think the total cost was $300 USD.
Raspberry Pi CM4 with Router Board. Two 1gb NIC's on pci-e Bus. 2-4 Watt.
$220 shipping. It better come in proper wooden crate. I was looking at their motherboards a few days ago and I remember that 4x2.5G + 6 SATA board with N5105. That looked like a good deal but in the end I went with a 8x2.5G+10G switch for $120 and kept my old atom with a network card.
Strange, my shipping was only around £35 and looking at the US it seems to be around $32 - suspect it might be something to do with shipping to certain locations unfortunately.
@@camerongray1515 195 euro shipping for me, Ireland
Seavo motherboard - they contract manufacture for MANY OEMs - generally really good quality. I am sure there will be documentation somewhere detailing the connectors
Definitely subscribed. It's amazing the detail you packed into under an hour!
I like the fact that you can run a pair of SSDs and Mirror them in setup.
One should really do that if using ZFS.
Excellent video from the server and I read a lot of negative comments compared to mikrotik advantages of the BKHD Intel Atom C3558 you can install Bind dns squid cache vanish among others to improve the performance of your local network without having to install
another external server.
The RF insertion loss and isolation of the relays likely isn’t good enough to support 2.5Gbps.
Would be nice if at least the first two RJ45 ports then support 2.5 Gbase-T
You are very professional, thanks for your introduction, i get a lot from it~
I don't know why but I just found that boot and then BIOS over serial really cool! 😂🤓 BTW not sure if you're planning any upgrades but a mobile M.2 module and SIM would be cool to see.
I was definitely pretty surprised, last time I used a machine that required a serial console was some old SunFire SPARC servers so this was my first time using an x86 machine without a video output. I almost wish it was more common - so much easier to just hook up a laptop rather than needing to dig out a monitor and keyboard!
Thank God for subtitles
There is a common plastic sheet material that can be formed to cover open frame PSUs and IEC connectors to protect you from exactly this sort of error.
Are you talking about electrical tape or is there something that I do not know about yet?
@@NaoPb Mylar sheets works well, unsure if totally right, know another brand but dont recall the name
Kapton tape
All those kinds of Meanwell PSU's I've bought up through the years all came with a transparent plastic protective cover...
Hell fire, no way has it been 6 years! Pretty nice machine great to see a Mean Well PSU on it.
It was strange when I realised how long it had been since I bough that last machine!
@@camerongray1515 I'm fairly sure it was that video that you mentioned VyOS, and I use it daily at work because of that!
A plastic shield over those exposed leads would be an effective solution.
Looks like a fantastic piece of hardware. Thanks for sharing!
Brilliant in depth video, Really helped me make the decision to upgrade from my pc old router
I spotted when I worked somewhere on enterprise support after the move to USB that we still needed serial devices for some command and control systems and switch/router config. They had a habit of powering down through being subject to power management. It was hard to find the right ones that either didn't have their own power management or it was configurable so we could turn it off.
"serial can't send color-information" That's really easy. Putty uses a Terminal-Emulation that understands ANSI-Sequences starting with the Escape-Character 27. There are more chanters added to a sequence to realize not only colors. These technique is used in nearly any Linux Distribution when showing terminal emulation.
It's quite good to see a meanwell power supply in one of these things.
I have a few of these devices and the one thing I really hate is that Proxmox doesn't support console terminal for instalation. So I end up having to install Debian first then Proxmox.
ProxMox 8 now supports text based install.
@@Darkk6969 Text based but not over serial console. They said they couldn't fit it into the release schedule. That's coming in a future release.
To be fair, I've always installed Debian first then Proxmox, Proxmox' official installer gives you a weird partition layout that cause ugly issues in the future.
Cool and in (very) depth review.. Love it.. Keep em comming 🙂
Really nice but at $434 usd .....i am sticking with my cobbled together AMD Athlon 5350 from junk parts.....but this is nice if you have the coin
I'm a fan of the ex Sophos XG/SG appliances that you can pick up from time to time cheap. Then run XG Home / pfsense / untangle on them etc. Any reason pfsense over opnsense?
The port bridging works with a bunch of relays on the motherboard. It is controlled by the BIOS, but the OEM might not expose it.
MikroTik RouterOS might run on it too
very well made vid, actually sat through it! SUBBED
The USB header, looks to be a standard USB two single port header. Normally they are double port headers, but ive had accessories that only plug into half of the double, and that looks about the same
really good vid - good amount of detail
While the i225V chips are rated for 2.5G, the GSC-2401-R transformer (line driver) chips next to them are only rated for 1G.
Curious why a transformer should limit the frequency. Guess they do have a limit, or there're some other suppressing component(s) in there.
Transformers use coils, so they have different characteristics at different frequencies, so run them at a higher frequency than they are designed for and the losses and cross talk could be significantly higher.
I'm running a Supermicro C2758 for pfSense that's not affected by the hardware bug, runs fantastic for symmetrical gigabit Internet. I also have a Supermicro C3558 ready to deploy if needed, it's just overkill and uses slightly more power vs the C2758.
Yeah, I still have some C2000 Atom based Supermicros in service that were RMAed due to the bug and were returned with a "platform fix" and have been running fine since. The machines had never failed by the time we RMAed them but wanted to do it to be on the safe side rather than risking them failing in service. It's my understanding that the bug can be worked around by reworking the motherboard which is what I suspect they have done. That said, I'd still generally avoid purchasing a C2000 based system second hand unless you know for sure that it has the platform fix in place to be on the safe side.
@@camerongray1515 I agree with playing it safe. I happen to have two other identical 'spare' SM C2758's that had the fix from day one. So if it fails, will just swap out the MB.
Why not try the full size pcie port and m.2 (for nvme compatibility)? Otherwise you're just talking through what we can see on the product page already...
That mean well power supply is a nice touch. 😀
a better idea would be to make your own fw box - diy has many advantages - upgradeability, expansion, ease of use, additionally opnsense has better licensing and better drivers
As much as I enjoy building machines - it would have been near impossible to build something comparable to this for anywhere close to the price. In particular, building in a 1u rackmount form factor makes things difficult as most coolers and even a standard I/O shield are too tall to fit in the case. As for OPNSense, I'm actually downloading it right now to try it out since I last tried it shortly after it came out, I demonstrated PFSense in this video since it's what I'm more familiar with and use elsewhere however I'm planning on trying out various different OSs on this machine before I deploy it.
@@camerongray1515 come on now - atom is not all that great - depending on the model it may lock up on you and break permanently - yes this was an atom 'feature' - i feel your pain on price but just use a refurb build like z420/z440 - you can get parts cheap and then you have many more options - cheap ram and ability to run 25g cards also cheap - diy is cheaper in the end really for the value proposition, much more powerful processors available, expandability etc - it is really no contest but props to you for going to 10g and trying at least - you can build a diy router with faster networking for half the price
The Atom C2000 issue was bad assuming that's what you were referring to in terms of reliability, however the C3000 models aren't affected by this, I run several of them in production commercial settings as routers and they have worked flawlessly for years. Even some C2000s with "fixed" motherboards after RMAing them due to the bug are still working fine. They are also widely used in many commercial network appliances. This machine is used purely as a firewall/router and is due to be installed in a small wall mounted comms cabinet, a refurbished HP Z420/Z440 workstation would be completely impractical in such a setting and the power consumption would be unjustifiable. I simply don't see myself going beyond 10 gigabit during the lifespan of this machine - the internet connection is 300mbit and at most would potentially be upgraded to gigabit years down the line. I have a 10 Gigabit capable NAS however most of the traffic to it is going to come from the same subnet so won't need to pass through the router, even 10 Gigabit at the router is completely excessive for my needs.
I installed OPNSense on my office firewall and I found that PFSense is much more intuitive to use. PFSense does have a path for better drivers and more recent updates but the licensing does leave much to be desired. I'm going to stick with OPNSense for a while to see if I can get used to it.
@@cheerbeerification Opnsense is a bit better in compatibility and functions. But that comes at the price of not being as easy to work with as pfsense. You can twist opnsense into a pretzel to run exactly how you want but that does require a lot more knowledge. Pfsense can be more drop in and use easily. I admin a bunch of both along with the "big boys: like Cisco FPs and fortinet. I still have custom Linux FW/IDS/IPS deploys running in places. For home or simple office deploys I would say pfsense > opnsense for the ease of setup and it will do what you need simply. For business deploys I would say opnsense > pfsense because it can be more robust and offer additional configuration options for you to customize once you are confident with it. Just my 2 cents from working with both of them for a while now.
I believe you were running a Unifi Dream Machine previously. Is it your intention for this unit to replace that?
Eventually yes, don't get me wrong - I love UniFi kit and will still heavily recommend it, but for my home setup, I just fancy something a bit more configurable and flexible. I've had a long enough time with a fully UniFi setup to evaluate it and UniFi will still be my go-to recommendation for where someone who's not a networking expert wants a decent, easy to manage deployment. So stand by for a few more videos coming up on this topic over the next few months!
Did you ever try using an NVMe drive in the m.2 slot? I don't see why they would make it SATA only on such a new board and I'm really curious if it is able to run NVme.
You have 2 of them then connect them directly and test a bandwitch via vpn tunnels on them to discover a limitation of speed. Many devices at lt2p&ipsec have ~70Mbps, at IPSec ~800Mbps, at WireGuard/OpenVPN etc. between previouse. Please check a internal limits for package size 50B/500B/1400Bytes - then we will know all about PFsense limit on this devices !.
I can't help but think that the Old M1 Mac Mini would be a great deal to use as a router/ Switch / Wifi 6 device.
You use the $30 Gigabit adaptor for your ISP. Then the 10 GiG port for your home Network.
It sips power, you already got on board storage. And PLENTY of CPU power to get just about anything done along with 8GB of ram.
You can also use a thunderbolt to SFP/ Optical interface adaptor to a full ~ 40-GBPS speeds each Thunderbolt port is capable of. (~5000 MB/ Sec. - More then what the RAM can do on board) Plus you get to use any length of cable you need since its single mode optical fiber. So reaching your Main managed or unmanaged switch is a Breeze.
If you have any troubles? Having a complete Backup Mac Mini is cheap and easy to implement or have as live redundant back up. So you are not really locked into any hardware.
It's an option but I'm not sure why this would be better than using an x86 PC. As far as I'm aware, Linux and BSD support on Apple Silicon is still in its early stages and while Thunderbolt is great, you'd be paying an absolute fortune more for Thunderbolt NICs when compared to PCIe NICs and end up with a machine with several different adapters hanging off of it. By contrast, you could get a sufficiently cheap small form factor Intel PC for much less than a Mac Mini and chuck a cheap, second hand PCIe NIC in to get whichever high speed ethernet interface you require.
I've previously deployed Mac Minis in a datacentre setting and they really aren't ideal for it - there's no way to force it to power up whenever mains power is applied. All you can do is have it restore it's previous power state so if it was on when the power was pulled, it will turn back on. However, if it was manually shut down, there would be no way to turn it back on without physically pressing the a power button. The most you can do is use a setting in MacOS to power the machine on at a certain time every day but then you could be waiting up to 24 hours for it to power on again. By contrast, most PCs can be set up to power on as soon as mains is supplied allowing it to be powered on by simply cycling the power supply through a remote switch. Then if you went down the server route you'd have full out of band management controllers to give full remote access to the machine.
Surely those ports are useful if the power goes out as you could have a NAS on one and your primary pc on another, then if your power goes out you would still have (worst case) access to your servers files.
Which ports are you referring to? Would have to be a weird power cut where you wouldn't be able to power a switch but could still power a PC, NAS and this firewall.
At that price point, it's not very competitive against something like Mikrotik CCR2116 or CCR2004. Mikrotik devices also support Linux containers and can throw Pi-hole or the Ubiquiti Controller on it, to integrate with Ubiquiti hardware.
47:18 just to give an apples to apples comparison, CCR2116 is routing(L3HW) at ~50Gbps, ~40Gbps with 25 firewall rules. IPsec ~4.1Gbps
Edit: I just realized that even the cheaper Mikrotik RB5009(the non-PoE version can be found for ~170-180 USD), fanless router, which has PoE out on 8 ethernet ports(maybe powering Ubiquiti hardware) does better throughput: routing ~9.8Gbps, 25 firewall rules ~9.3Gbps, IPsec ~1.4Gbps.
Don't get me wrong, MikroTik devices are great and I already use them a fair bit elsewhere. However, they aren't directly comparable since you're tied in to using RouterOS vs an x86 machine which has a worse price/performance ratio but has the benefit of giving total software/OS flexibility. My goal with my home network is to try all manner of different equipment running each option for a period of time to try it out fully, it's likely that I will end up trying a MikroTik router in the future, but they aren't suitable for every situation so I wanted to try an x86 option first.
If you want ti compare airflow you can use paper to see how much it bends it.
A 5G Mobile Data Module for 5G might give a failover ability for the PFSense.
Havent got that far in the vid yet, but do you mean internally? I am looking for a 4/5G interface for a Netgate 2100 atm. All I can find at the lower price point is routers.
Look like you could buy almost the Cheapest one. and then add additional memory or storage, and get the 8 core I wonder if it would be faster.
For about half that price I picked up a mini pc with a Ryzen chip, room for NVME and SATA hard drives, USB 3.2, 2.5g networking, etc. It's doing a great job as a NAS, no need for a router.
For £20 I bought a toaster, it does a great job of toasting bread and crumpets, no need for a NAS.
I cannot find a reseller with a desktop version of this board -- I would love to have the smaller form factor to use in a kit for events... While the board is small (203mm*178mm) it's not a standard size as far as I can tell. I can fit a full 19" rack device in my pack but I'd rather not use so much of the space with dead storage (the empty space in the 1U).
AMD has a Ryzen embedded CPU with two 10Gbe ports on the thing, supposedly sub 15W which i want for these types of devices real bad.
Yeah, nobody uses them for devices with affordable prices...
For the performance, I am surprised that simple firewall rules or NAT make it drop perf so much. You should try Linux, just for fun and see how it goes. I can recommend just normal Debian Linux, (Vyos would work too), or anything really for a test. Also on Linux even single stream will be able to take advantage of multiple cores when doing fingerling, NATing is still a little bit limited, but from my testing still uses multiple cores and can run multiple packets in parallel for same stream without issues.
... def be keen if they made this machine/package but with those 1GbE ports changed to 2.5GbE ports...
Don't know which app you're using for the noise level, but the spectrum graph looks as if the 2-4 kHz band is a bit lower with the new fans. That band is very important for hearing human speech, so if it is lower, that would probably be why it 'sounds better;.
it´s so nice seeing @camerongray1515 trying to justify a 6dB increase of noise - sounds a lot like a sunken cost fallacy to me ;)
I'm not sure where you got the part number from, but the link advertises them as having the i211 network chipset, which is only 1 gbE
Mine definitely has i225-v NICs in it, although I suppose they may have swapped them out on current versions. These types of machines are very much built from whichever chips are available cheaply at the time.
Ahhh a Cameron Gray video - sets playback speed to 0.75x
Oh the fun of getting a 230V shock :')
I've had around 4 in my life so far!
Only? Those are rookie numbers!
There's no way this has any sort of safety certification. I doubt there is a CE Mark for Europe or UL for US. There's a reason power cords go into power supplies in PCs, and most smaller devices have external transformers. I discovered a similar problem when using a IMSAI computer, the huge transformer in it made it unbalanced, so the fingers needed to go under where the transformer was, and the fuse was right where the thumb would go. This was before there were many required locations for current leakage disconnect (GFCI in the US), and of course the case was grounded. Luckily, with "only" 120V on a dry day, I only got a tickle.
And... subscribed !
I just got mine, running on 1gig ports for now until I upgrade my switches too. In mine all the screws were tight and it came with PFSense 2.7 already installed. Still reinstalled it myself, but nice to have something working out of the box to make sure it survived the trip. Very happy with it. Is the Intel processor inside picky about only using Intel sfp+ modules?
I haven't tested loads of SFP modules but I don't think the DAC cables I'm using are Intel coded, if anything they'd be Cisco coded. If you're buying new modules then may as well get Intel ones (as in, generic modules that are coded for Intel, no point spending a fortune on official Intel ones) but if you already have some non-Intel ones, I can't see them being an issue.
Intel, Dell, HPE are usually very open for SFP use. Cisco, Juniper, Arista, Mellanox tend to be more strict in wanting their own supported SFPs and require you to turn the SFP verification off if you want to run "unsupported" SFPs. If you are really worried you can look at companies like FS. There are a bunch that offer compatible SFPs that are coded to vendors and are usually much cheaper then official parts.
Guys plesse not tight the screws are were leaved like that for a reason. 😂
This seems very expensive, I think Mikrotik products are better value e.g. the RB5009 which has a 10gb interface for £240 ish. Obviously it's a different proposition not running pfsense but the mikrotik os should have more than enough features to do what you need and the cpu has less raw horsepower but I think the performance will be way more than enough for home enthusiast applications. Personally I use a mikrotik routerboard hex which is dirt cheap I think approx £50 but it consumes very little power and has every feature imaginable. It handles my 1gbit connection without problems but I wouldn't be able to do any traffic shaping etc due to the CPU.
I absolutely love MikroTik kit and use it extensively. I actually strongly considered the RB5009 for this project. Ultimately I decided that I'd rather have a bit more choice when it comes to the software side of things, hence going down the x86 route. When compared to other rackmount x86 options, this device is actually pretty cheap - my go-to, similarly specced Supermicro machine that I'd use for this sort of machine in commercial setups costs close to £1000 and doesn't even have the 10 GbE NICs.
Its a good board but with the cpu i doubt it could keep up with a fully loaded system as it would have massive bottleneck but if that board had better cpu it would be perfect.
Cameron, do you know if that little SSD caddy could handle 2x 3.5" mechanical HDDs?
I could see using something like this as a firewall/router AND as a mini-NAS. Since i have some high capacity HDDs but i don't have more NAS slots.
Aliexpress = check for backdoor and malware ? What are you doing to verify there is no backdoor in the firmware or any malware?
Atom C3xxx CPUs is still quite ancient. Would be nice to see something with an actually current CPU and an i226 NIC.
what cpu do you recommend?
While the C3000 series has been out a while, it's still a very widely used chip - it's what Netgate use in many of their own PFSense appliances and still seems to be Intel's current model of low power consumption server/network appliance chip. They have released a few Atoms since then (The C5000 models and the P series) however both of these have much higher power consumption. You can definitely get these types of devices with more recent chips (generally up to 12th gen Intel Core), however while this CPU would be "newer" you'd lose the SoC integrated 10 GbE NICs so just because the CPU is newer, doesn't necessarily make them a better option.
@@camerongray1515 Is there a Supermicro ITX board with C3000 chip, and both RJ45/SFP+ ports?
@@rajilsaraswat9763 They do a few such as the A2SDi-TP8F although they tend to only offer the higher end C3000 chips on the boards that offer 10 GbE networking.
By any chance, did you used to work for a company called Othello, perhaps spent some time around Meridian Gate during the late 00's and early 2010's?
Nope, not me sadly!
I wonder if you could make a NAS out of this. Use the pci-e slot on the side for an nvme raid card...?
If you weren't awake, you were after you plugged that in.
Brand new Atom? Then what about tthe x3, x5, x7 , x6000, c5000 and p5000 Atoms that all launched after the c3000 series? O_o
I was referring to the fact that the chip in this is still currently sold, not that it's the absolutely latest offering. This is in contrast to many similar machines that use extremely outdated chips such as the D525/D2550. The X series Atoms aren't really directly comparable as they're designed for the likes of thin clients/embedded applications where a video output is required and networking is less important. The C5000 and P5000 series are an interesting one, they are part of the same line as the C3000 chips however have much higher TDPs so I'm not sure if they're expected to be a direct replacement for the C3000 line or not. They also aren't really widely available yet with most devices still being sold with C3000 chips.
Mmmil I think the TP-link ER8411 is a way better option, descend brand with warrant, no psfense but supported in omada.
The TP-Link looks like an interesting device but isn't really comparable to something like this. As a low cost device that runs the included firmware, that device would be more comparable to devices such as the Ubiquiti EdgeRouters, the UniFi UXG-Pro, various MikroTik options and tonnes of other brands (Draytek, Zyxel.etc). With a device such as the one here I'm not tied into any sort of firmware - with my previous AliExpress box I started off on PFSense before later moving to OPNSense and then finally onto many years of it running VyOS.
Great in-depth video, and interesting product! Can Proxmox be run (and well) on that board?
I haven't tested it although I can't see any reason why it wouldn't be possible. HOWEVER, someone else commented pointing out that Proxmox VE doesn't natively support installation over a serial console, so you'd either need to connect some sort of GPU temporarily to do the install, or install Debian first over a serial console and then install Proxmox VE inside of that.
@@camerongray1515 If you haven't already put this router into production, I think you would get a lot of views on a video about installing Proxmox onto it with a pfsense VM while being able to run other VMs, as well.
It's an interesting idea however I personally prefer to keep a device like this running the OS bare metal then run VMs on another server. If I was happy to virtualise my router I'd have probably just stuck it on my existing server which acts as VM host along with being a NAS.
@@camerongray1515 It could be done on either of your systems given the network connectivity available but I think this device would make a unique video as the switch complex is built into the motherboard.
Would have rather had no relays built in and gotten full use of the 2.5Gb NICS. Rather have a RJ45 10Gb multi port then two SFP+ ports, one SFP+ is fine for connecting to a switch bot my 2.5Gb Cable modem only has RJ45 and I hate using SFP+ converters.
i now use xiaomi router 10000 router with mesh system, i got 2 of this and 1 xiaomi 3000 on my network, with voda ONT 916
what different if i use FPsense or my xiaomi.
Excellent 🎉
If I may ask. What would be the consideration of buying this over a Ubiquity dream machine. As far as i can find the dream machine is far cheaper. Atleast where I live.
I won't go into the price details further but to me it doesn't seem like that good of a deal.
Is it that you really want a PfSense instead of proprietary software?
I actually replaced a UDM-Pro with this. The UDM is great for certain situations and worked well for me, I just fancied a change. However, the UDM isn't some sort of "gold standard" for routers, it's use is very much limited to relatively simple home networks and very small businesses, beyond that it's easy to run into feature limitations at which point you have no option other than to replace it with something else. On the other hand with something like this it's easy to install whichever software works best for a given application and change it in the future if needed
$435 (the cheapest system option) + $32 for shipping to the US is an insanely expensive price for that system considering its using 2017 Intel Atom SoC hardware!
Value is subjective however even though the C3558 came out in 2017, it's still a current chip purpose designed for devices such as this. A Supermicro machine with this chip (which is my go-to for many firewall applications) would cost close to £1000. These are also the same chips used by Netgate in their official PFSense appliances. It also turns out that this machine actually came with a C3558R which came out in 2020 and is a slightly upgraded version of the original chip. You could probably get a machine with a newer Intel Core CPU for cheaper, however this would lack thing such as the integrated 10 GbE NICs which are a huge benefit of the Atom chip.
I can sure make you happy, as in here Europe this costs €511.39 +Shipping: €199.07 and of course our 24% vat added to both...
I have no preference, but is there a reason you use pfSense over OPNsense? People seem to have strong opinions about which is better. I don't use and have not used either, so I have no skin in the game as it were, I'm just curious.
I went with PFSense for this video since I was already experienced with it and it's generally pretty well known amongst people who would be watching this video. I last used OPNSense around 5 years ago so I'd really need to evaluate it properly before I can decide whether to use it over PFSense. It'll be a while before I actually deploy this machine so I'm open to evaluating all manner of different OSs before deciding which to deploy on it long term.
@@camerongray1515 As someone who has used both for many years, I can say OPNSense is much more stable in the long run with updates not breaking things and has a more active community when it comes to plugins (for example Zenarmor).
@@camerongray1515in my opinion OPNsense is more stable. Releasing more improvement updates then Pfsense.
Of course both are based on freeBSD. But still.
Im not sure if I head you right, but there is 50mm Noctua fans
if that's the case, where can they be bought?
Do you have a link? As far as I can tell Noctua do 40mm and 60mm fans but not 50mm.
@@RWL2012 now I feel stupid, I got lots of results when I searched for it before, but it seems like it can't be bought right now, Noctua sells 50mm fan grilles and they have shown a 50mm prototype fan at Computex in 2017 and 2019
Opnsense has more support for NICs and has the most up to date kernels. Pfsense is overrated.
I'm probably going to give OPNsense a go when I put this into service, I just stuck PFSense on for the video since it's what I'm already familiar with however OPNsense seems to come along a fair bit since I last used it and this seems like a relatively low risk way to test it in a "production" setup. That said, the NIC support difference is less of an issue now since PFSense 2.7 has bumped up to FreeBSD 14 however it still does seem worth trying out for a change.
6 years ago isn’t that long ago. Technology has largely stalled out in basically everything except very high end stuff. This isn’t the 90s.
And "reliable" Supermicro also has C2000 with broken team blue brick.
Ebay is full of them with progen LPC bus. Patch actually dose not need soldering you can get away with resistor pliged into TPM header. BUT, IPMI will be disabled permanently.
I got one for free from scrap yard. Ofc you never know how mutch CPU is gona degrade more. It may die tomorrow.
Problem with ALI PC equipment they are full of maleware, ak rootkits/backdoors in bios. so if you work on anything sensitive, dont use any chineezium equipment in network. Specially firewall.
Even IP cameras should be placed on separate VLAN as most of them are made with cineezium spice.
Do the relays just switch to bypass mode when power is removed?
They switch when the power is cut or when the machine is shut down. Usually with this sort of hardware there would also be some sort of configurable watchdog timer where the relays would also switch to bypass mode if the software were to crash, however I haven't been able to figure this out due to the lack of documentation.
Isnt the fan on the older rig the same layout as older gt1030 gpu fans?
Quick question is an isp router good enough with it's inbuilt firewall and save your money for else where or should you throw it away and get like pf sense etc im not hugely experienced but as its the first step in your network i think it shoulf be taken seriously is there a great jumpn in security or other advantages ?
Realistically, if you don't really care about networking or advanced features, the ISP's router will be absolutely fine. Now, if you want to start tinkering with more complex features such as VPNs and separating out devices onto isolated VLANs then you'd probably need something more but if all you care about is having a working internet connection, then the ISP's router will be fine. You may of course want to expand this by adding a switch and hardwiring devices where possible or adding some additional access points for better wireless coverage and eventually in the future you may decide you want to tinker and learn and try something more advanced for a router, but as much as people on CZcams bang on about super powerful routers, it's not something you necessarily *NEED*. It's also worth bearing in mind that if you have an issue with your internet connection and need to contact your ISP's support - if you're using your own router, they'll likely try and blame that first so it's always worth keeping your ISP's router around so that you can plug it in when you are troubleshooting any issues with ISP support.
@@camerongray1515 good points just out of interest what qualifications do you have if you don't mind sharing ?
i dont know aliexpress is a router manufacturer.. i mean didnt they also made and sold instant noodles ,chopsticks , mobile phones , even iphones
Not shipping to germany unfortunately
Do you know of similar devices that can achieve 10Gbps NAT throughput?
'Tis no longer available on that link...
Considering the specs, $424 is too much.... I feel that you can build something using an older i5 or i3 chip for much cheaper!
Any reason why you didn't go with OP Sense?
I actually installed OPNSense on this when deploying it so that I could try it out and I'm running it now, but to be honest, I'm not overly impressed and doubt I'll roll it out elsewhere. The UI does have some nice improvements over PFSense, but I've had a few issues such as the Unbound service stopping itself after saving config changes and needing manually restarted. I also found a few bugs such as pressing enter in the interface name box when adding a new interface on the assignments page actually triggers one of the "Delete Interface" buttons which could go very badly wrong if configuring a production router while not quite paying attention. Not necessarily huge disastrous issues, but enough for me to not be confident enough in it to deploy it in any sort of critical environment. Additionally, the super frequent updates that some people push as a benefit of OPNSense aren't necessarily ideal for mission critical production applications where I'd much rather have a slower, more predictable update schedule like PFSense has.
will this handle 10gb bandwidth on a home connection? what if you enabled aes-ni functionality?
From my testing it maxed out at around 6.5gbps with the firewall enabled. This is also with several parallel streams, a single stream will max out at around 2.5gbps. AES-NI isn't going to make a difference here as it only accelerates encryption performance which will benefit things like VPNs, but not general routing/firewalling.
Is the C3558 Socketed or Soldered on the board? I’m gonna guess Soldered but figured I’d ask anyway
It's a soldered SoC
Then you find spyware embedded in a BIOS or the network cards firmware
Pity the ports are only 1Gig.
That's a German connector on the power cable
Side earthing contacts from Germany, earthing hole from France, adopted in many countries.
Can we see the footage of you getting electrocuted? 🤣
Sadly the camera wasn't recording, although I wasn't far off doing it again when I went to demonstrate what I did in this video and only part way through remembered to unplug the cable! I'm not very smart!
Just worry these devices phone home to china. Did you wire shark it by any chance?
I didn't see anything suspicious while testing. I'm running my OS on this and there is no IPMI/network stack in the firmware so any sort of exploit/backdoor would have to be extremely low level, I haven't seen any evidence of devices such as this having these types of exploits. My logic is that this isn't really any higher risk than any other Chinese motherboard, if a company wants to produce a compromised device, surely they'll focus their efforts on complete routers/smart home devices where the device will end up running the supplied firmware which could be loaded with exploits rather than something like this that will run the user's own OS.
Hello, Just found your video and found it interesting.
But are you not worried about data being sent to China/Hackers or malware?
I purchased some USB devices and there is malware imbedded in the devices.
Even thou devices are not storage devices.
Also with all the talk from experts on many cheap TV boxes that are sold from China mining data from users including passwords/banking and other are you not worried?
Now to be fair not all devices I purchased mine data or contain malware imbedded on chips in the devices, but lots do.
It's something to be aware of but not something I'm particularly worried about, it's not like those android TV boxes where you're running the OS image that's provided, this is running a cleanly downloaded OS that I installed myself. The only risk would be a really low level BIOS level compromise which would likely require some level of knowledge around the host OS. I also haven't seen any evidence of devices such as this being exploited and any suspicious network activity would be easily detectable. If a bad actor wanted to release compromised device, they'd likely focus their efforts on devices like TV boxes, smart home devices or cheap home routers where they will end up running the provided operating system rather than this which is essentially just a bare motherboard.
@@camerongray1515 Hey thanks for the reply. I was just wondering which is why I posted. As said I have several usb ic and nfc tag readers and at the time Malwarebytes on my system kept triggering while devices (one at a time) while connected to pc. So I worry lots now about devices I buy. That makes me want to ask people who buy some devices about if they worry about devices doing things they should not from hard coded chips in some devices.
Anyways I was just wondering.
Thanks