Where to buy pfsense compatible hardware in Thailand?

[Phil Conners]

Anyone know where I can buy pfsense compatible hardware in Thailand? Probably Pantip or Fortune town in Bangkok would have it, but any specific shops, or even better, a website so I save the trip to Bangkok for it?

I'm looking for something like this box which is sold on Ebay for 2,200 baht - the only problem is the seller does not ship outside USA, and even if I managed to get it shipped through shipito the shipping would at least double the price. Still not too bad I guess, but easier if I can get it here.

It doesn't have to be any particular brand. I know I could use any old PC, but I try to keep the noise down so I'd prefer a quiet fanless system like the one I linked to. I need at least 3 nic's - 2 wan and 1 lan, but more is fine if it doesn't add too much to the price. Other than that it just needs to use pfsense compatible hardware.

Anyone?

[urandom]

Beware, pfsense doesn't support wireless-N yet. IIRC, latest FreeBSD (partly) does but pfsense hasn't been rebased on it yet. Also, small boxes like the one you linked will, most likely, suffer from a very minimum number of PCI slots, which will be a real issue if you intend to use many NICs. As you are aware, I'm running a linux box as a firewall/router, the only fan I use is the stock CPU one (but the case is left open, no side panels), it's pretty much silent. I just use a single core low power cheap AMD CPU, it does the job very well.

[Phil Conners]

I only need 3 nics (2 wan, 1 lan) and have plenty of wifi a/p's I can deploy independently from the router, so that's not a big deal. Thing is, pfsense has very strong and easy to manage routing tables for a dual wan setup, which is exactly what I need. I want to be able to route traffic to certain websites through one nic, and certain services through another. I know I could probably beat iptables into submission and have it do this, but that is (almost) rocket science, much easier with pfsense. Right?

[monty]

In a not so long ago past I spent a whole day going through Pantip and Fortune in Bkk, trying to find something similar.

Back in those days the item to have were the alix boards from PCengines.

Actually still popular today, but pretty expensive at 170 to 200 US$.

Simply not to be found!

I see the one you linked to is based on HP's neoware thin clients, which new are also rather expensive (300-400 US$) As the seller states they are refurbished, my best guess is he bought them dirt cheap at one of those companies selling complete lot's of businesses who upgraded their hardware.

As there are a few shops specialized in that type of stuff in Pantip, maybe they can source something cheap like that?

Another alternative would be one of those motherboards having an embedded CPU (usually one of the AMD atom cpu's), add 2 nic's and find a silent power supply/ Those AMD motherboards only burn around 35 to 40 Watts at full load! Not too expensive either.

Something like this : http://www.invadeit.co.th/product/motherboards/intel/d2700mud-intel-atom-d2700-2-x-ddr3-sodimm-2-x-sata-3gb-s-mini-itx-bulk-blkd2700mud-p012530/

[justsumhelp]

Reading this topic got me interested, you could look into Router that can run DD-WRT it has a nice Vlan Gui on the mega build which im running on an ASUS RT-N16 (or Tomato).

I read one of your other post that you were wanting it for load balancing, and in theory there shouldn't be any reason that you couldn't get it working on router running DD-WRT or something similar.

http://www.dd-wrt.com/wiki/index.php/Dual-WAN_for_simple_round-robin_load_equalization

[urandom]

I only need 3 nics (2 wan, 1 lan) and have plenty of wifi a/p's I can deploy independently from the router, so that's not a big deal. Thing is, pfsense has very strong and easy to manage routing tables for a dual wan setup, which is exactly what I need. I want to be able to route traffic to certain websites through one nic, and certain services through another. I know I could probably beat iptables into submission and have it do this, but that is (almost) rocket science, much easier with pfsense. Right?

If wireless-n is not needed then yeah... maybe have a look at this if you haven't already https://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions , I remeber one guy recommending endian [ http://www.endian.com/ ] here (never tried it)

[Phil Conners]

In a not so long ago past I spent a whole day going through Pantip and Fortune in Bkk, trying to find something similar.

Back in those days the item to have were the alix boards from PCengines.

Actually still popular today, but pretty expensive at 170 to 200 US$.

Simply not to be found!

I see the one you linked to is based on HP's neoware thin clients, which new are also rather expensive (300-400 US$) As the seller states they are refurbished, my best guess is he bought them dirt cheap at one of those companies selling complete lot's of businesses who upgraded their hardware.

As there are a few shops specialized in that type of stuff in Pantip, maybe they can source something cheap like that?

Another alternative would be one of those motherboards having an embedded CPU (usually one of the AMD atom cpu's), add 2 nic's and find a silent power supply/ Those AMD motherboards only burn around 35 to 40 Watts at full load! Not too expensive either.

Something like this : http://www.invadeit.co.th/product/motherboards/intel/d2700mud-intel-atom-d2700-2-x-ddr3-sodimm-2-x-sata-3gb-s-mini-itx-bulk-blkd2700mud-p012530/

I just checked that website you linked to, seems even the $390 price was a refurbished model at 50% discount, so normal price around $780.

I ended up calling the Ebay company and they agreed to ship it over for a total price of $135 price+shipping USPS tracked. Not bad value considering...

Reading this topic got me interested, you could look into Router that can run DD-WRT it has a nice Vlan Gui on the mega build which im running on an ASUS RT-N16 (or Tomato).

I read one of your other post that you were wanting it for load balancing, and in theory there shouldn't be any reason that you couldn't get it working on router running DD-WRT or something similar.

http://www.dd-wrt.com/wiki/index.php/Dual-WAN_for_simple_round-robin_load_equalization

I already have a couple of WRT54GL's with DD-WRT, but the "load balancing" it can do is just basic round robin. I have 3BB ADSL and True Docsis, both have some areas where they excel and others where they don't and I'm trying to set something up that would allow me to route traffic the best way. For example because True's proxy server almost always have problems, I'd route any non-proxy'ed web traffic such as Gmail, Youtube, Facebook and similar services with good local presence, through 3BB, and things like streaming TV, bittorrent etc through True Docsis. Neither my old RV042 or DD-WRT can do this. I hope pfsense can in some way be set up like this, but I'm going to have some fun finding out

I only need 3 nics (2 wan, 1 lan) and have plenty of wifi a/p's I can deploy independently from the router, so that's not a big deal. Thing is, pfsense has very strong and easy to manage routing tables for a dual wan setup, which is exactly what I need. I want to be able to route traffic to certain websites through one nic, and certain services through another. I know I could probably beat iptables into submission and have it do this, but that is (almost) rocket science, much easier with pfsense. Right?

If wireless-n is not needed then yeah... maybe have a look at this if you haven't already https://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions , I remeber one guy recommending endian [ http://www.endian.com/ ] here (never tried it)

I tried to find a price for this but it seems you have to contact them to get one, so probably expensive

[urandom]

I guess the community version is free:

http://www.endian.com/en/community/download/

[muratremix]

In a not so long ago past I spent a whole day going through Pantip and Fortune in Bkk, trying to find something similar.

Back in those days the item to have were the alix boards from PCengines.

Actually still popular today, but pretty expensive at 170 to 200 US$.

Simply not to be found!

I see the one you linked to is based on HP's neoware thin clients, which new are also rather expensive (300-400 US$) As the seller states they are refurbished, my best guess is he bought them dirt cheap at one of those companies selling complete lot's of businesses who upgraded their hardware.

As there are a few shops specialized in that type of stuff in Pantip, maybe they can source something cheap like that?

Another alternative would be one of those motherboards having an embedded CPU (usually one of the AMD atom cpu's), add 2 nic's and find a silent power supply/ Those AMD motherboards only burn around 35 to 40 Watts at full load! Not too expensive either.

Something like this : http://www.invadeit.co.th/product/motherboards/intel/d2700mud-intel-atom-d2700-2-x-ddr3-sodimm-2-x-sata-3gb-s-mini-itx-bulk-blkd2700mud-p012530/

I just checked that website you linked to, seems even the $390 price was a refurbished model at 50% discount, so normal price around $780.

I ended up calling the Ebay company and they agreed to ship it over for a total price of $135 price+shipping USPS tracked. Not bad value considering...

Reading this topic got me interested, you could look into Router that can run DD-WRT it has a nice Vlan Gui on the mega build which im running on an ASUS RT-N16 (or Tomato).

I read one of your other post that you were wanting it for load balancing, and in theory there shouldn't be any reason that you couldn't get it working on router running DD-WRT or something similar.

http://www.dd-wrt.com/wiki/index.php/Dual-WAN_for_simple_round-robin_load_equalization

I already have a couple of WRT54GL's with DD-WRT, but the "load balancing" it can do is just basic round robin. I have 3BB ADSL and True Docsis, both have some areas where they excel and others where they don't and I'm trying to set something up that would allow me to route traffic the best way. For example because True's proxy server almost always have problems, I'd route any non-proxy'ed web traffic such as Gmail, Youtube, Facebook and similar services with good local presence, through 3BB, and things like streaming TV, bittorrent etc through True Docsis. Neither my old RV042 or DD-WRT can do this. I hope pfsense can in some way be set up like this, but I'm going to have some fun finding out

I only need 3 nics (2 wan, 1 lan) and have plenty of wifi a/p's I can deploy independently from the router, so that's not a big deal. Thing is, pfsense has very strong and easy to manage routing tables for a dual wan setup, which is exactly what I need. I want to be able to route traffic to certain websites through one nic, and certain services through another. I know I could probably beat iptables into submission and have it do this, but that is (almost) rocket science, much easier with pfsense. Right?

If wireless-n is not needed then yeah... maybe have a look at this if you haven't already https://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions , I remeber one guy recommending endian [ http://www.endian.com/ ] here (never tried it)

I tried to find a price for this but it seems you have to contact them to get one, so probably expensive

Why dont you get a singapore vps to setup a proxy for browsing, as a 3bb replacement at a lower cost?

i use my vps proxy to browse, smetimes downloading and use true for everything else. Its just 7 bucks a month and very fast.

[Phil Conners]

Because while routing through Singapore is faster than through Europe or US for local traffic it is still much slower than without it. Besides I already have a dedicated server in Bangkok, that's not the issue.

I have two internet connections in order to have a reasonable fighting chance to always have at least one Internet connection that works. My objective with this router is to be able to use both lines in the best possible way when they both works, which fortunately is most of the time.

[muratremix]

Because while routing through Singapore is faster than through Europe or US for local traffic it is still much slower than without it. Besides I already have a dedicated server in Bangkok, that's not the issue.

I have two internet connections in order to have a reasonable fighting chance to always have at least one Internet connection that works. My objective with this router is to be able to use both lines in the best possible way when they both works, which fortunately is most of the time.

Use true docsis for local and asia traffic then? I still think 3bb is unnecessary once you can bypass true transparent proxy.

Btw let us know how your dual wan pfsense adventure goes.

[monty]

Because while routing through Singapore is faster than through Europe or US for local traffic it is still much slower than without it. Besides I already have a dedicated server in Bangkok, that's not the issue.

I have two internet connections in order to have a reasonable fighting chance to always have at least one Internet connection that works. My objective with this router is to be able to use both lines in the best possible way when they both works, which fortunately is most of the time.

Use true docsis for local and asia traffic then? I still think 3bb is unnecessary once you can bypass true transparent proxy.

Btw let us know how your dual wan pfsense adventure goes.

I think the main idea being that if True goes down totally (I have True docsis, and every so often it does go down, up till now the longest was 3 days, waiting for True technicians to come over to do a firmware upgrade on the Cisco modem), 3BB will still ensure connectivity.

And while he has both connections for above reason, it might make sense trying to maximize both connections' potential by doing some smart routing!

[Phil Conners]

Yes like Monty says, one of the lines regularly goes down. Mostly for a few minutes, but both 3BB and True Docsis has been down for several days in the past, and I have been very happy to have the backup line. Having both lines is only something like 1,400 baht/month for a total bandwidth of 24/1.9 mbps. If I could get 3BB FTTx I could get 30/3 mbps for 1.300 but that's not available here - and in any case wouldn't give me a backup option.

3BB, True and all other ISP's in Thaland route all traffic through what's known as transparent caching proxy servers. Transparent means you don't see it, it is there without you having to configure it in your browser. The traffic is automatically routed through it. The problem is True's proxy server seems to have a lot of problems. It is possible to avoid the transparent proxy server by configuring your own proxy in your browser, but by doing that you lose the caching advantage which does speed things up considerably when it works. So my plan is essentially, to use 3BB for browsing (because their proxy generally works well) and True for streaming and torrents and such stuff -- and of course in case one line goes down, route all traffic through the other line. It is my understanding that I will be able to set this up in pfsense.

If the pfsense router works out as I hope it will I will surely come back with more details about it.

[muratremix]

Well, my true docsis never went down, except for scheduled maintenance which lasts only a few hours.

Also, TOT does not route traffic via transparent proxy, but its routing to Europe is crap (most of the time it goes via USA which increases ping times).

I have 3G internet for emergencies. Unless you run mission critical applications, 3G backup and 1 isp should be fine.

Btw my singaporean vps has very good routing and speed on single connection can reach 10 mbits to my 20mbit true docsis. I just installed squid proxy and pptpd (I can also do openvpn but it doesn't work on ios) and it works like charm on bypassing transparent proxy.

[Phil Conners]

Uh, sounds like famous last words, but hey, good for you if it solves your problem. We obviously have different requirements. Like I explained before, having a local transparent caching proxy server that works is actually an advantage. I can't imagine why TOT would not cache traffic, there is just too much money to be saved and afaik they all do it. Anyway, not really important, as TOT is not an option for me.

[justsumhelp]

Did you get the hardware yet? If so how is it working?

[Phil Conners]

It's apparently been in Thailand since the 9th, and they claim they tried to deliver it yesterday. I was home all day, didn't see the postman, so who knows. I guess I'll have to go in and have a chat with the nice post master at Banglamung postoffice if it isn't delivered one of the next days. TiT

[Phil Conners]

Finally got it. Had to pay 290 baht in VAT, no duties applied. Total cost around 4,150 baht. Not bad considering the functionality.

I've got it up and running in a simple dual wan setup with load balancing. Now I just have to learn how to make it route traffic depending on activity so that web traffic goes through 3BB and most everything else through TRUE. Not sure how but it'll be fun finding out

[Phil Conners]

Ok there was a bit of a learning curve to set it up, it's not your average consumer box, but with a background in iptables it wasn't too bad. Once it's up almost all configuration can be done through a web interface (webconfigurator) which is relatively user friendly. The box itself is a bit larger than your average consumer modem, about the size of a large satellite receiver, but absolutely quiet, no fans, disks or anything.

I started by setting up the 3 interfaces, one for LAN and two for the WAN modems (one 3BB ADSL and one TRUE DOCSIS). I then set up 3 gateway groups, one for the default load balancing setup and one for each of the two WAN lines, to be used in case of line problems. Line problems can be defined as either line down, or packet loss or latency or a combination of these. It is possible to balance traffic between two uneven connections by using weights for each lines (i.e. the 10 mbps link to 3BB should get relatively less traffic than the 14 mbps link to TRUE)

Next I had to set up some firewall rules. For now I've made it very simple, but it's possible to set up rules for protocol, source and destination to decide which gateway to use. Unlike my old Linksys RV042, pfsense works with states so that once a connection is established with a website it will keep routing the traffic to this website through the same interface. Many websites are set up to check IP address so if you're flipping between two it will log you off, so this is very handy. WIth the standard load balancing setup it also seems to be able to load torrents through both interfaces at once, very cool!

Finally pfsense has a bunch of standard software packages that can be installed, including proxy servers, radius servers, VPN clients, security packages, VOIP packages, etc. I installed squid just to check it out and it's was straight forward.

All in all I have to say it really is the dogs dangly bits and highly recommended when the requirement is dual wan functionality.

Now if anyone needs a cheap Linksys WRT54GL I have a couple sitting on a shelf, pre-installed with DD-WRT.