After some frustration with stability and latency connecting my virtual pfSense router to my cable and DSL modems, I decided to switch to a physical box. I selected the Netgate RCC-VE 2440 as my hardware platform, since it’s the same box that pfSense themselves use as their OEM bundle. It also checks all the boxes with a dual-core Atom CPU, four Gigabit Ethernet ports, and low-power fanless design. Here’s my first impression and installation notes!
An Ideal pfSense Platform
pfSense is the best open source router platform I’ve come across, and it’s only getting better with active development. It supports just about every feature you’d want, from IPv6 to Multi-WAN to OpenVPN, and can perform well enough to keep up with most consumer or small business WAN links.
One limitation, however, is that pfSense requires an Intel x86 processor. This makes it an ideal way to reuse old PC’s but makes it a bit harder to find a low-power integrated platform. Most, like the Intel NUC, have only a single Ethernet port making them less than perfect for a router. It is possible to hack additional ports into these platforms by leveraging Mini PCIe or M.2, but I wanted something more integrated.
The Netgate ADI 2440 board is ideal for pfSense because it was designed for it:
- It features Intel’s Rangeley dual-core Atom 1.7 GHz CPU (C2358), which supports QuickAssist, AES-NI, and power management
- The board has four Intel Gigabit Ethernet ports
- There is 4 GB of RAM soldered to the board, more than enough for pfSense
- 4GB of eMMC flash is plenty for a pfSense load, and the board also has two external USB 2.0 ports, a mini-SATA (mSATA) connector, a full-sized SATA II connector, and two full length Mini PCIe slots!
- It’s ready for Wi-Fi and Cellular, too
- One slick feature is an integrated USB serial console port
Netgate also makes smaller and larger versions of this same hardware platform, ranging from two to six Ethernet ports. But the 2440 is the ideal minimum, with QuickAssist and 4 GB of RAM.
The entire device is integrated, tested, and fanless. And since this is the exact same hardware that pfSense uses for their supported router appliance, it’s perfect for that application!
I chose to buy from Netgate rather than pfSense because the standalone Netgate RCC-VE 2440 costs just $349, a full $150 less than the identical pfSense SG-2440. If you buy from pfSense, you get two support calls, plus the knowledge that you’ve supported the project. But you can still buy support from pfSense if you buy the Netgate.
Installing pfSense on the Netgate ADI
Out of the box, the Netgate ADI/RCC-VE 2440 runs a CentOS 7, but it’s ready for pfSense too. Installation was easy!
To start, you need to use the USB serial console embedded in the Netgate box. Drivers for this are part of the Linux kernel, if you have a handy Linux box or Raspberry Pi. If you’re on a Mac or PC, you need to install the Silicon Image serial drivers from http://www.silabs.com/products/interface/Pages/interface-software.aspx
Next, you need a serial terminal emulator. In a Linux command line or Mac Terminal, you can use the “screen” program to access the USB serial port. On my Mac, it showed up as /dev/tty.SLAB_USBtoUART so the proper command is:
screen /dev/tty.SLAB_USBtoUART 115200
On my Raspberry Pi, it showed up as /dev/ttyUSB0 so the command was:
screen /dev/ttyUSB0 115200
You can now access the serial console for configuration, or anything else really. It’s quite handy! Now that I’m done, I left a USB cable from the Netgate USB console port to my Raspberry Pi 2 “Swiss army knife” server. This makes it easy to access the Netgate box in the future if it’s hung up or I need to do any work on it.
I installed the special pfSense install image for Netgate ADI on a 1 GB USB drive. For reference, here’s the command for Mac OS X, assuming the USB drive is at /dev/disk9:
gzcat Downloads/pfSense-memstick-ADI-2.2.4-RELEASE-amd64.img.gz | sudo dd of=/dev/rdisk9 bs=16k
But your USB drive is almost certainly not /dev/disk9. Use hdiutil to pick the right drive before you blow it away with this command!
Now put the USB drive in one of the USB ports on the Netgate box and reboot. It should detect the pfSense image and boot into pfSense install mode automatically. Your serial console will be very helpful!
I ran auto-install mode, but the simple install couldn’t create a large-enough swap space to handle a dump of the Netgate’s 4 GB of RAM. That’s because it has 4 GB of RAM and only 4 GB of storage! This is plenty for pfSense, but you might consider adding a small mSATA SSD internally if you think it will be a problem for you.
The install will ask you a few simple questions about the ports and VLAN settings. I’m going to assume you’re able to figure these out. I’m using two Ethernet ports for WAN (igb0 and igb1) and the other two for LAN (igb2 and igb3). So my configuration has already diverged from the standard pfSense appliance and I haven’t even done a thing!
Once the initial install is complete, remove the USB drive and reboot the box. Plug an Ethernet cable into one of your LAN ports and access https://192.168.1.1 from your browser for the advanced setup. Then you’re golden!
A few tips:
- Enable “AES-NI-based CPU acceleration” and “Intel Core CPU on-die thermal sensor” in “System: Advanced: Miscellaneous”
- If you’re ok losing their contents, you can move /tmp and /var to RAM in pfSense in “System: Advanced: Miscellaneous” under “Use memory file system for /tmp and /var”
- Make sure there’s good airflow under and over the Netgate box – don’t cover the vent holes!
Stephen’s Stance
The Netgate RCC-VE 2440 is a fantastic pfSense platform for my use. I have a 60 Mbps cable modem and a 12 Mbps DSL modem attached to it, along with a Gigabit Ethernet switch with a bunch of clients. The Netgate box chugs along just fine. The CPU core is a consistent 41 degrees with the dashboard reporting a consistent 20-25% load. The setup as described is pulling under 10 Watts at 110 Volts.
I strongly recommend pfSense as a home office or small business router platform, and I couldn’t be happier with the Netgate RCC-VE 2440 hardware. It’s well worth the money if you have a faster Internet connection or more-demanding use case than a basic packaged router will serve.
Note: I linked to the pfSense and Netgate product pages but I don’t get anything if you buy one of these.