Scouting parts (case+power) for a DIY ITX router/firewall

[Valantar]

While looking for a throwaway motherboard for case mockups and the like, I came across a surprisingly cheap Gigabyte J1900N-D3V motherboard. Given the 2013-era Atom CPU, it's not useful for much, but given its dual Ethernet ports I figured it'd be pretty much perfect for setting up a pfSense router/firewall/etc., something I've been considering for a while (the router provided by my ISP is garbage, and regularly resets port forwarding and static IPs for no apparent reason). Also, I have some DDR3 SODIMMs lying around, which is a significant cost saving compared to anything newer/better/different. Ideally, I'd want a PCIe slot to add a 4xGbE AIC, but that's easily overcome with a switch (of which I have several). It's not like my uplink is anywhere near GbE speeds to begin with.

So I bought it. I'll boot it off either a USB stick or a cheapo AliExpress SSD (stripped of its case, if needed). I might want to stuff a 2.5" HDD in there for caching, but that's not a priority.

Now, the questions remaining are a) how to power this, and b) what case to get. I'm pretty cheap/poor (both?), and this isn't something I'm prioritizing spending any real money on, so cost is a significant factor here. I'd also like to avoid an external power brick, if possible. And, lastly, given that this will be a 24/7 appliance, it needs to both keep working and not catch fire.

I've been scouring AliExpress for cheap, small ITX cases with decent ventilation, and I'm currently considering this, this and this. The third one is amazingly priced at around 50% off currently, so I'm leaning that way. Ideally, I'd like to be able to wall mount this, but I suppose that's doable with some careful drilling and cutting. In a perfect world, I'd find a cheap, non-thin ITX version of this case, though.

As for power, I see three possible solutions:

1. Get the bundle option (Realan case) with the 60W brick and 120W DC-DC board.
2. Stuff a low-power AC-DC unit into the case (like the Mean Well EPS-35-12), plus a DC-ATX board like this.
3. Use one of the (high quality, reliable, won't catch on fire) ThinkPad 95W AC adapters I have lying around and get an internal ~20V DC-ATX board.

The first option is the cheapest, but I'm wary of the quality of a power brick like that. If the included one is the same as in the pictures, it's at least good enough to be sold in the US, though. This option is tempting both for price and convenience.

The second option is the one I like the best, given that it's brickless. Actually fitting the AC-DC unit inside will likely be a challenge, though. The CPU heatsink isn't large, but might get in the way. The RAM is parallel to the motherboard, which is a huge plus. I think I'd be able to mount the EPS-35-12 to the HDD rail somehow (drilling, spacers, so on), towards the front of the case, and the COM port cutout should fit a C8 power plug nicely (yeah, it's not grounded, but neither are the power sockets in my old apartment ...). It's pricier than the first option, but not by that much, and the AC-DC part can be bought here in Norway (meaning it has the necessary certifications and approvals). This is of course also (by far!) the most work of the three options, with getting everything to work, wiring up power, and so on. But isn't that part of the fun?

The third option is only really tempting as I'd love to use those ThinkPad AC adapters for something. I have two, they're very good quality, and it feels silly just having them lying around doing nothing. Still, the only non-12V DC-DC ATX boards I know of are the HDPlex and the KMPKT (yes, I know they're the same board with different branding), which is out of the price range of a build like this, not to mention total overkill in terms of power delivery. Are there any affordable options here? I can't see this consuming any more than 30W total, even with a caching HDD.

What would you recommend?

 

[Duality92]

To be honest, from my point of view, you could build a small PC, sell it then buy a high-ish spec'd router.

Although, as an alternative, you could try to find something like the ISK110 used for cheap by selling some of the stuff you already have.

 

[Valantar]

To be honest, from my point of view, you could build a small PC, sell it then buy a high-ish spec'd router.

Although, as an alternative, you could try to find something like the ISK110 used for cheap by selling some of the stuff you already have.

The point of pfSense is the configurability, expandability and serviceability, as well as having a system that's not locked down by a vendor. I'm not interested in paying for an overpriced router with locked-down, feature-stripped firmware that'll get updates for a year or two if I'm lucky (even if it might support DD-WRT or Tomato, that entirely removes one of the benefits of OTS hardware: the warranty) and a wireless solution that's either already obsolete (no MU-MIMO, for example) or sold at a ridiculous premium. Not to mention that home routers entirely lack good firewalls and antivirus, both of which can be added to pfSense easily.

Also, have you looked at router prices recently? For the outlay I'm looking at here (less than 1000NOK, including 25% VAT), I'd get a lower midrange unit at best. Which means no MU-MIMO, likely poor bandwidth, shitty firmware, no updates, and so on. What I'd gain is more up-to-date wireless than I have currently (I'll be keeping my current D-link AP for wireless) and a built-in switch. No thanks. That doesn't interest me. Another benefit of going the direction of a custom pfSense router is separating out routing from WiFi, meaning I'll be able to get a good AP (I've been looking at some Ubiquiti units that are reasonably priced) without being bottlenecked by my craptastic ISP-provided router. Even with an AP this would, in total, be cheaper than a comparably featured off-the-shelf router.

The ISK110 looks like a nice case (even if it includes an external power brick - I like the side panel venting!), but it's way more expensive than the options I've listed above, even used on Ebay.

 

[Duality92]

The point of pfSense is the configurability, expandability and serviceability, as well as having a system that's not locked down by a vendor. I'm not interested in paying for an overpriced router with locked-down, feature-stripped firmware that'll get updates for a year or two if I'm lucky (even if it might support DD-WRT or Tomato, that entirely removes one of the benefits of OTS hardware: the warranty) and a wireless solution that's either already obsolete (no MU-MIMO, for example) or sold at a ridiculous premium. Not to mention that home routers entirely lack good firewalls and antivirus, both of which can be added to pfSense easily.

Also, have you looked at router prices recently? For the outlay I'm looking at here (less than 1000NOK, including 25% VAT), I'd get a lower midrange unit at best. Which means no MU-MIMO, likely poor bandwidth, shitty firmware, no updates, and so on. What I'd gain is more up-to-date wireless than I have currently (I'll be keeping my current D-link AP for wireless) and a built-in switch. No thanks. That doesn't interest me. Another benefit of going the direction of a custom pfSense router is separating out routing from WiFi, meaning I'll be able to get a good AP (I've been looking at some Ubiquiti units that are reasonably priced) without being bottlenecked by my craptastic ISP-provided router. Even with an AP this would, in total, be cheaper than a comparably featured off-the-shelf router.

The ISK110 looks like a nice case (even if it includes an external power brick - I like the side panel venting!), but it's way more expensive than the options I've listed above, even used on Ebay.

I see your point about pfsense instead of a DD-WRT'd router.

For the case, it was just an example of something you could try to find, I found one locally for 20$ in like new condition, I also found an In Win Chopin for 40$ a year or so ago.

 

[rfarmer]

Good luck with your project. I like how the Realan case you linked is made from "anti-exolosion materials", lol I sure hope so.

 

[Valantar]

Good luck with your project. I like how the Realan case you linked is made from "anti-exolosion materials", lol I sure hope so.

Indeed. I wouldn't make a case out of ... TNT, for example. But who knows with these OEMs?

 

[wywywywy]

Hi.

Bear in mind that the hardware you picked will NOT work come the next version of pfSense (2.5) because it doesn't support AES-NI.

Also a USB stick will die quickly because of amount logging that pfSense does.

As for PSU, PicoPSU also does wide input voltage models.

 

[Valantar]

Hi.

Bear in mind that the hardware you picked will NOT work come the next version of pfSense (2.5) because it doesn't support AES-NI.

Also a USB stick will die quickly because of amount logging that pfSense does.

As for PSU, PicoPSU also does wide input voltage models.

So Intel disabled AES-NI for those exact Silvermont chips? How nice of them. I don't suppose anyone has managed to hack a microcode update to enable it (as the silicon ought to support it given that other chips in the same family do)? Oh well, I expect security patches for the FreeBSD kernel will still keep coming for a while, though extension support might taper off after a while. And in a handful of years, I can likely find a similarly cheap motherboard and just swap that out without much hassle.

As for the logging, I was under the impression that was optional? If not, I'll definitely go the cheap SSD route. I guess an HDD would suffice for booting and caching in one unit, but I'm not a fan of running 2.5" HDDs 24/7, and especially not having undampened drive noise in my living room like that.

Thanks for the tip about the picoPSU WI models, though. At first glance they look too expensive ($54 for the 80W version), but I'll have to look around and see if I can find it cheaper anywhere.

 

[wywywywy]

As an alternative you can consider OPNsense instead, which has no plans to force AES-NI, but obviously VPN or encryption etc is not going to be performant.

I don't think logging is optional and even if it is, you'd want logging anyway in case of things going wrong and/or intrusion.

It's a bit too late now but something like this PC is what you should have bought

 

[Valantar]

As an alternative you can consider OPNsense instead, which has no plans to force AES-NI, but obviously VPN or encryption etc is not going to be performant.

I don't think logging is optional and even if it is, you'd want logging anyway in case of things going wrong and/or intrusion.

It's a bit too late now but something like this PC is what you should have bought

I've seen those (or at least similar models), they do look nice, and if I didn't come into this looking for a placeholder ITX motherboard for DIY case projects I'd probably have gotten one at some point. Still, given that it has the same CPU it doesn't alleviate the chief issue you've pointed out.

Thanks for tipping me off about OPNsense, though, I'll definitely have to look into that. This is not a short-term project, so I'll definitely have time to play around with different OSes if that's necessary.

And lastly, if the lack of AES-NI (or anything else, really) makes this unsuitable in the long run, there's always other stuff to use a low-power tiny-box fanless computer for

 

[smitty2k1]

I've got a mITX SuperMicro board with an Atom D525 CPU, IPMI, dual gig Ethernet, a stick of RAM, and a Realan 180W power board with power brick laying around and you're making me want to build a pfsense system, even though I don't need it.

I will sell it for very cheap to anyone who would put it in a good home.

 

[Choidebu]

you're making me want to build a pfsense system, even though I don't need it.

Ditto that. I was wondering what sort of stuff I can repurpose my old amd e350 netbook... might make a good headless router and file server once I swap out the wifi card and gut out the screen.

 

[Valantar]

I've got a mITX SuperMicro board with an Atom D525 CPU, IPMI, dual gig Ethernet, a stick of RAM, and a Realan 180W power board with power brick laying around and you're making me want to build a pfsense system, even though I don't need it.

I will sell it for very cheap to anyone who would put it in a good home.

The first iteration of my NAS ran (in an Ikea cardboard box) off a board with that CPU! No management hardware though, which meant remoting into a windows desktop for anything and everything. Still, it worked surprisingly well.

As for needing a pfsense box, I doubt many (if any) of us actually do. But does that really matter?

edit: damn autocorrect. Got to stop writing forum posts on my phone.

 

[XcPNehVYlE4A3C]

antec ISK-110 is the best case for this if youre on a budget.
case + 90w psu, fits 2 ssds. they used to be around 60-80$ but it looks like they may be discontinued? did a quick search and couldnt find one for that price anymore