Thanks to the Unitymedia Expansion in Bochum I have a Gigabit connection for quite some time now. Unfortunately the previous router had some problems with it. Also the function of the router was not according to what I would like to see for myself.
Now there is the UM Gbit connection with a Fritzbox Cable 6591, in itself sufficient and a great device. But I don't like Provider Routers very much, often in the past I had the problem that after a provider initiated update the config was on default again or settings were changed " miraculously". Especially when working with VLAN Separation it is very annoying.
The good thing about the Fritzbox Cable is the bridge mode, the device then functions almost as a "stupid" modem behind is a pfSense.
However, this was not so easy to find a machine which works very power efficient (10W max) and has enough performance to route the Gbit connection with some firewall rules with no big speed loss.
In the end I decided to go for the mini-PC: ZOTAC ZBOX CI327 nano. Equipped with a Quad-Core Celeron N3450, the PC is capable of AES-NI and offers 2x1Gbit LAN connections. The whole thing passively cooled at idle 6W and under load on average at 10W.
It runs pfSense 2.4.4 with pfBlocker_NG and unbound on the AdGuard DNS service via DNS over TLS.
The throughput is without QoS at about 880 Mbit which is ok. I use a FQ_CODEL QoS queue even if this would not be necessary for the speed. With full QoS to 800/40 and pfBlockNG DNSBL and IP lists the throughput is still around 750 Mbit.
The only thing I'm currently bothering is the Fritzbox, I'd rather have a pure modem. There seems to be one or the other problem with the bridge setting. For example, if I send many packets with high throughput, the bridge seems to drop packets at some point. I have to test if this happens with a DMZ config without bridge.
