Sorry, this offer has expired. Set up a deal alert and get notified of future deals like this. Add a Deal Alert

Expired Hot Deals

Sorry, this offer has expired.
Set up a deal alert and get notified of future deals like this.
Set up a Deal Alert
aliexpress

Low power barebone PC Dual NIC for pfsense - 94US

  • Last Updated:
  • Jun 18th, 2019 10:39 pm
Deal Fanatic
Sep 13, 2004
6019 posts
3613 upvotes
Toronto
prodacc wrote: What do you guys use these for? Servers? "Beyond raspberry pi" network filtering?
"dual nic" and "pfsense" in the title are clear indications of router applications. If you weren't using it for routing, the dual NIC would mostly be irrelevant. If you don't need dual NIC, you've got a lot of other choices.

I use other little boxes for media playing and home serving. The advantages they have are
  • small physical space consumption
  • low power consumption
  • low heat and noise generation
Deal Expert
Aug 22, 2006
31271 posts
17295 upvotes
TE7 wrote: I ordered Qotom mini PC before from eBay and Aliexpress before.
I'm currently running on a Qotom.
It's great. Gets a little hot though.
Hugh wrote: Requiring AES-NI is a dumb move. There's no reason to do this.
Strongly suggesting AES-NI is very sensible.
I don't remember the reasoning for it, but wasn't it due to speed?
Requiring though I agree is dumb because what if someone with 10mbps internet wants a good router?
Intel played a lot of price differentiating games with AES-NI. It's pretty hard to remember which processors have it and which do not. All recent Core i branded processors have it (since Haswell?). The situation is a messs for Atom/Celeron/Pentium brands.
Yeah I gotta check ark each time I see a CPU. Then check it 12 more times because I've seen a dozen other models and can't remember if X had it or not.
Do you not have anything else to do rather than argue with strangers on the internet
Nope. That's why I'm on the internet arguing with strangers. If I had anything better to do I'd probably be doing it.
Sr. Member
User avatar
Oct 28, 2005
752 posts
607 upvotes
Hugh wrote: "dual nic" and "pfsense" in the title are clear indications of router applications. If you weren't using it for routing, the dual NIC would mostly be irrelevant. If you don't need dual NIC, you've got a lot of other choices.

I use other little boxes for media playing and home serving. The advantages they have are
  • small physical space consumption
  • low power consumption
  • low heat and noise generation
What other little boxes do you use for media playing?
Deal Fanatic
Sep 13, 2004
6019 posts
3613 upvotes
Toronto
tivo_box wrote: What other little boxes do you use for media playing?
Off topic?
  • Kangaroo PC for Win10 HTPC: for CraveTV (web version is better than Android app), playing back content from several MythTV boxes
  • HP Stream Mini HTPC: replaced by Kangaroo; soon to run our household WiKi (MediaWiki under CentOS)
  • Xiaomi Mi box for Netflix, YouTube, ...
I have a bunch of other little boxes, some still on the shelf. I like cute little toys. I currently have eight on my desk.
Deal Addict
User avatar
Nov 19, 2014
1781 posts
2401 upvotes
GPS - error
At home I run Sophos UTM 9 on a real XG115 rev.2 - these are under $200 on ebay ...
I highly recommend as it's fairly easy to setup using a free home license.

I wanted something that can do L2TP vpn server connecting from any windows client.

Opera Snapshot_2019-06-18_153829_192.168.5.1.png
Deal Addict
Mar 18, 2006
2286 posts
1043 upvotes
BC
Hugh wrote: Requiring AES-NI is a dumb move. There's no reason to do this.
Strongly suggesting AES-NI is very sensible.
Intel played a lot of price differentiating games with AES-NI. It's pretty hard to remember which processors have it and which do not. All recent Core i branded processors have it (since Haswell?). The situation is a mess for Atom/Celeron/Pentium brands.
You provide no argument for "no reason". That surprised me, as I've only seen significant reasons for wanting AES. Here's one position:

"@Ragtag_fleet I beg to differ. It has already clearly been stated, why the need for AES-NI is beyond just "useful". It's just a thing in the mind of most people, that this has only sth. to do with "crypto" thingies and VPN stuff. If it is wider known and accepted, that the things AES-NI does and can do not only accelerate crypto "thingies" but protect against CPU "baddies", too coupled with more and more "mishaps" like spectre and meltdown happening, my hope is, that people will get the grasp, that this requirement comes from making communication and other tasks more secure and not only "just make VPNs faster"."
Lucky Mobile: $20/3GB Unlimited Canada wide calling. DMINR
Deal Fanatic
Sep 13, 2004
6019 posts
3613 upvotes
Toronto
Timbo420 wrote: You provide no argument for "no reason". That surprised me, as I've only seen significant reasons for wanting AES. Here's one position:

"@Ragtag_fleet I beg to differ. It has already clearly been stated, why the need for AES-NI is beyond just "useful". It's just a thing in the mind of most people, that this has only sth. to do with "crypto" thingies and VPN stuff. If it is wider known and accepted, that the things AES-NI does and can do not only accelerate crypto "thingies" but protect against CPU "baddies", too coupled with more and more "mishaps" like spectre and meltdown happening, my hope is, that people will get the grasp, that this requirement comes from making communication and other tasks more secure and not only "just make VPNs faster"."
That sounds like snake oil to me. So I investigated a bit.

I can only imagine that he's referring to side-channel attacks on software AES implementations. Intel claims that AES-NI instructions are immune to the (then known) side-channel attacks on software AES.

I don't actually know if the software AES implementations in PFSense (or in what I use, Linux) have been fixed for side channel attack. https://crypto.stackexchange.com/questi ... ware#43567 . But this suggests there might still be attacks on userland code https://eprint.iacr.org/2018/1002.pdf

In any case, I don't let strangers run code on my security gateways. So side-channel attacks would seem to be moot.
Deal Fanatic
Sep 13, 2004
6019 posts
3613 upvotes
Toronto
Hugh wrote: I don't actually know if the software AES implementations in PFSense (or in what I use, Linux) have been fixed for side channel attack. https://crypto.stackexchange.com/questi ... ware#43567 . But this suggests there might still be attacks on userland code https://eprint.iacr.org/2018/1002.pdf
It looks to me as if https://github.com/openssl/openssl/blob ... -x86_64.pl is safe from the timing attack (without careful examination).
This one https://github.com/openssl/openssl/blob ... -x86_64.pl might not be safe. I haven't taken the time to figure it out.

According to https://access.redhat.com/blogs/766093/posts/1976303 the safe version is used if you have SSSE3 hardware but not AES-NI.

Apparently SSSE3 support is universal for machines you'd buy now:
Supplemental SSE3 (SSSE3) is supported by Intel Core 2 Duo, Intel Core i7/i5/i3, Intel Atom, AMD Bulldozer, and later processors.
Deal Fanatic
Sep 13, 2004
6019 posts
3613 upvotes
Toronto
sexyj wrote: -the N3160 supports AES-NI, if that's important to you.

-i bought the 3805U because I want to run it as a hypervisor and run pfsense and pihole on the same server as VM's

-do you actually have 1gbps throughput for your wan? if you are pushing and pulling that much consistently out of your WAN, you should probably get a real router.

-no such thing as futureproofing...
https://ark.intel.com/content/www/us/en ... 4813,91831

What about the 3805u makes you choose it over the N3160?
  • RAM limit: 16G vs. 8G
  • VT-d [I don't imagine that this matters in a little box]
  • slightly higher clock speed (but fewer cores)
  • more PCIe lanes [probably not exposed in a little box]
There is future resistance. I resist it all the time.

(My understanding is that VT-d is only useful if the hypervisor is willing to give 100% ownership and control of a PCI device to a guest OS.)

Top