Will there be a way to continue using pfSense on old hardware?
-
Hi,
I use pfSense on multiple devices (real hardware and VMs) and it is great - easy to use and functional. However, I recently found out (sorry, I do not keep up with the news) that newer versions of pfSense will require very new hardware (AES-NI support) to work.To me, this is quite bad news. This is why:
I usually use pfSenses on for office internet connections that are not very fast. Maybe up to 100mbps. For this, I can use quite old hardware, which means an old PC I have lying around. If I can get the full bandwidth of the connection without hitting 100% CPU usage, I consider the hardware good enough. As I have quite a few of these old PCs, then the routers become very cheap - I may only need to buy a network card.
I think that using any modern multi-core CPU exclusively for a router on a 10mbps internet connection to be an extreme overkill and a waste. A 300MHz CPU would most likely be able to work there (I have used a 120MHz CPU for a 4mbps/0.7mbps DSL connection without problems).
OTOH, if the connection is faster (over 100mbps) and I have to use newer hardware, I'd rather just use Linux - it is less convenient to use as a router, but I can use it for other things as well in case I need to (if the hardware is new enough, I can even run VMs on it).
So, if AES-NI (or some other feature not present on a Pentium2/3 ) is required for the new version, then I have three choices - stop updating pfSense and just use the last version that works, figure out a way to make pfSense run on my hardware (may be very difficult) or switch to Linux.
So, is there a way to make the new version work on old hardware?
Conversely, will the new version work on stuff like the Raspberry Pi or Odroid?
-
It depends of what you consider old hardware. You won't be able to use over 10 years old hardware with pfSense 2.4 release because it will be 64-bit only. 2.5 will work on hardware from this decade. Because not all hardware from this decade has AES-NI, we are giving everyone a heads-up about the requirements.
-
the 64bit requirement would be OK for connections around 100mbps, but not for connections of 10mbps or so. If I can fully load the connection (especially if that includes a VPN) and the CPU is still mostly idle, then I might as well use older hardware (or use this hardware for things in addition to routing).
But the 64bit requirement would not affect virtual machines (for me) as they are already 64bit. But not all virtualization-enabled CPUs support AES-NI. So, that would be a problems.
So, I guess if I cannot figure out a way to make it work (IIRC pfsense is opensource, so I can modify it for my own use), it I will be either have to use the last working version indefinitely (could possible be insecure) or switch to just Linux (less convenient).
Anyway, any plans on having ARM support (for devices like Raspberry Pi or Odroid)?
-
A 300MHz CPU would most likely be able to work there (I have used a 120MHz CPU for a 4mbps/0.7mbps DSL connection without problems).
This is what you stated. Those CPU's will not be supported with 2.4.
ARM support is already present, we have SG-1000 and R-1 is on the way. No plans for Raspberry Pi or odroid.
-
Well, not the replies I wanted to get :), but thank you for the information and very quick responses. I guess I will have to try to make pfsense work on my hardware and after failing, decide what to do then.