Pfsense/OPNSense what hardware do you use for yours?
Discussion
Decided to set up one of these, opnsense most likely, however i’m looking for suitable hardware.
1 gig broadband coming in.
Seen a few small devices but only one network port and a bit awkward to add more.
Then you have slightly bigger systems where they have 1 pcie slot, so you can put in a 2 or 4 port intel nic, ideal but not sure if they have the processing grunt.
The 10500t models are slightly too expensive at the moment as looking around the £150 mark.
So what is everyone using and how are you finding it?
Wifi is not required.
1 gig broadband coming in.
Seen a few small devices but only one network port and a bit awkward to add more.
Then you have slightly bigger systems where they have 1 pcie slot, so you can put in a 2 or 4 port intel nic, ideal but not sure if they have the processing grunt.
The 10500t models are slightly too expensive at the moment as looking around the £150 mark.
So what is everyone using and how are you finding it?
Wifi is not required.
Look on aliexpress for pfsense router, I suspect you might need to bump the budget a touch, 4 port units are ~£200 for 1G or more for the 2.5G options
I just use a old pc.
Edit: looks like the new I-226 2.5G nics are well within your range now.
I just use a old pc.
Edit: looks like the new I-226 2.5G nics are well within your range now.
Edited by Captain_Morgan on Thursday 12th October 06:34
Captain_Morgan said:
I just use a old pc.
What do you think of this for £100, up the ram and add an intel NIC inside?https://www.ebay.co.uk/itm/134761057369?hash=item1...
I may have ordered a slightly different one, £135, with a slightly slower 7500 processor, however it comes with 16gb of ram saving me £30-35 and double the SSD space 512gb over 256gb.
It's also an elitedesk so has 4 spaces for expansion slots iirc, so should have space for 1gb and 2.5gb as required.
Just need to find a genuine intel 4 port network card at a reasonable price now.
It's also an elitedesk so has 4 spaces for expansion slots iirc, so should have space for 1gb and 2.5gb as required.
Just need to find a genuine intel 4 port network card at a reasonable price now.
I am using OPNsense, but I run it as a virtual machine on a Proxmox host and have a dedicated PCI-E nic passed through to the VM. I have given it a reasonable amount of resources, but it shares the host with a TrueNAS VM and a couple of other low usage VMs and containers.
I have found performance as a VM to be very good, no issues with the nic (as it is fully passed through) and the ability to snapshot it before any upgrade makes it a bit more comfortable to roll in upgrades.
To round it off, the host has a BliKVM-PCIe card in it as well to make the host remotely accessible in the case of a problem.
Some of those small hardware devices on AliExpress look nice, and I do watch the Youtube channel ServeTheHome which reviews a lot of them, but this way I have reduced the number of individual hardware devices I am running and powering.
I have found performance as a VM to be very good, no issues with the nic (as it is fully passed through) and the ability to snapshot it before any upgrade makes it a bit more comfortable to roll in upgrades.
To round it off, the host has a BliKVM-PCIe card in it as well to make the host remotely accessible in the case of a problem.
Some of those small hardware devices on AliExpress look nice, and I do watch the Youtube channel ServeTheHome which reviews a lot of them, but this way I have reduced the number of individual hardware devices I am running and powering.
With a decent network card, network traffic doesn't require much processing power (even a firewall, unless you are performing deep content inspection which in a home firewall is unlikely).
But - if your firewall hosts a VPN, and you expect to move a lot of traffic at close to maximum interface speed, then you'll need a hefty CPU to handle the encryption.
I'm using an old Watchguard XTM 5 with Linux as my firewall (it was previously running PFSense though).
You can usually find the Watchguards reasonably cheap, however one of the ports is 100m so you need to use two of the other 5 GB ports.
ETA: Forgot to add - they are noisy though! Here's one for £100.
https://www.ebay.co.uk/itm/185972928462
But - if your firewall hosts a VPN, and you expect to move a lot of traffic at close to maximum interface speed, then you'll need a hefty CPU to handle the encryption.
I'm using an old Watchguard XTM 5 with Linux as my firewall (it was previously running PFSense though).
You can usually find the Watchguards reasonably cheap, however one of the ports is 100m so you need to use two of the other 5 GB ports.
ETA: Forgot to add - they are noisy though! Here's one for £100.
https://www.ebay.co.uk/itm/185972928462
Edited by TonyRPH on Thursday 12th October 13:25
Monsterlime said:
I am using OPNsense, but I run it as a virtual machine on a Proxmox host and have a dedicated PCI-E nic passed through to the VM. I have given it a reasonable amount of resources, but it shares the host with a TrueNAS VM and a couple of other low usage VMs and containers.
I have found performance as a VM to be very good, no issues with the nic (as it is fully passed through) and the ability to snapshot it before any upgrade makes it a bit more comfortable to roll in upgrades.
To round it off, the host has a BliKVM-PCIe card in it as well to make the host remotely accessible in the case of a problem.
Some of those small hardware devices on AliExpress look nice, and I do watch the Youtube channel ServeTheHome which reviews a lot of them, but this way I have reduced the number of individual hardware devices I am running and powering.
Cheers, i think the i5 7500 should have reasonable grunt hopefully with 16gb ram if i ever decide to do a VM.I have found performance as a VM to be very good, no issues with the nic (as it is fully passed through) and the ability to snapshot it before any upgrade makes it a bit more comfortable to roll in upgrades.
To round it off, the host has a BliKVM-PCIe card in it as well to make the host remotely accessible in the case of a problem.
Some of those small hardware devices on AliExpress look nice, and I do watch the Youtube channel ServeTheHome which reviews a lot of them, but this way I have reduced the number of individual hardware devices I am running and powering.
I will probably run it direct at first so I can learn about it and gauge how many resources it needs.
It seems an i350 t4 will be a useful network card, maybe adding something 2.5gb at some stage for the link the hub5.
I did wonder just how much grunt some of the protectli etc systems have with fairly slow seeming processors together with the high cost. The main thing going for them seems to be the small size.
Edited by BlueMR2 on Friday 13th October 11:34
TonyRPH said:
With a decent network card, network traffic doesn't require much processing power (even a firewall, unless you are performing deep content inspection which in a home firewall is unlikely).
But - if your firewall hosts a VPN, and you expect to move a lot of traffic at close to maximum interface speed, then you'll need a hefty CPU to handle the encryption.
I'm using an old Watchguard XTM 5 with Linux as my firewall (it was previously running PFSense though).
You can usually find the Watchguards reasonably cheap, however one of the ports is 100m so you need to use two of the other 5 GB ports.
ETA: Forgot to add - they are noisy though! Here's one for £100.
https://www.ebay.co.uk/itm/185972928462
I’m hoping that the i5 7500 will have some reasonable grunt if i ever decide to add a vpn, it includes aes-ni vt-x vt-d etc for vm’s etc as well.But - if your firewall hosts a VPN, and you expect to move a lot of traffic at close to maximum interface speed, then you'll need a hefty CPU to handle the encryption.
I'm using an old Watchguard XTM 5 with Linux as my firewall (it was previously running PFSense though).
You can usually find the Watchguards reasonably cheap, however one of the ports is 100m so you need to use two of the other 5 GB ports.
ETA: Forgot to add - they are noisy though! Here's one for £100.
https://www.ebay.co.uk/itm/185972928462
Edited by TonyRPH on Thursday 12th October 13:25
Would this be a good network card, it appears to be a genuine one in the pictures and pretty cheap for £25 more like £40 usually. https://www.ebay.co.uk/itm/285514022121?epid=17052...
The watchguard looks interesting, I noticed you can get dual xeon servers with a quarter gig ram for a few hundred but like you say the noise (and power for dual xeons) would not be so great.
Edited by BlueMR2 on Friday 13th October 11:29
Edited by BlueMR2 on Friday 13th October 12:12
I have one of their 4-ports with 4G failover. Good stuff and runs pfsense like a dream. Stress tested it for 3 month in the garage in the Florida heat before I put it into service. Recommend snort with the pfsense install. About $400 US
https://protectli.com/
https://protectli.com/
Thanks for that, I had a look at those, but they were a bit above the budget.
I ended up with the slightly mentioned above, G3 Elitedesk 800, 16gb of ram with an i5 7500 and 512gb ssd for £135, it basically looks brand new, great job on the refurb.
Also managed to get a genuine looking I350 T4 for £25 and the seller threw in a low profile plate so it can go straight into the machine.
All in all pretty good for £160.
Just need to decide if i'm going to get a 2.5gbs card for the 1.150 gbs wan side.
It seems that you can get a tplink with realtek chip at £25-30.
Otherwise people seem to use the intel 520-DA1 or similar with sfp things which i'm still learning about.
However they seem pretty expensive and they require a suitable adapter to slide in for 2.5gb. Also there seem to be a huge number of very similar looking cards "manufactured in Thailand in 2017" being sold from China.
I get the feeling that they may have made alot of fake cards of this, like the I350.
The newer I550 seems to be a minimum of £150 as well. Not sure it's worth £50+ to get the extra 100mbps for now.
I ended up with the slightly mentioned above, G3 Elitedesk 800, 16gb of ram with an i5 7500 and 512gb ssd for £135, it basically looks brand new, great job on the refurb.
Also managed to get a genuine looking I350 T4 for £25 and the seller threw in a low profile plate so it can go straight into the machine.
All in all pretty good for £160.
Just need to decide if i'm going to get a 2.5gbs card for the 1.150 gbs wan side.
It seems that you can get a tplink with realtek chip at £25-30.
Otherwise people seem to use the intel 520-DA1 or similar with sfp things which i'm still learning about.
However they seem pretty expensive and they require a suitable adapter to slide in for 2.5gb. Also there seem to be a huge number of very similar looking cards "manufactured in Thailand in 2017" being sold from China.
I get the feeling that they may have made alot of fake cards of this, like the I350.
The newer I550 seems to be a minimum of £150 as well. Not sure it's worth £50+ to get the extra 100mbps for now.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff