Super low-power, inexpensive hardware for pfSense?
I love pfSense.
I am looking for a very low power pfSense solution. I live off-grid (solar) so power consumption is a major issue. I used to run an old PC for pfSense, but the power requirements (50-75w) were too much for overnight (battery) use.
So, I loaded OpenWRT on my Linksys WRT1200AC. It only burns 7w. I'm not happy with its performance, specifically with DNS and bandwidth management. I got used to pfSense and am totally spoiled.
So.. I am looking for some hardware recommendations. My internet is very slow (1.5-2Mbps [ very rural DSL] ), and it's just a home network, so the number of clients is <10. I do run torrents, so I need something that can handle the NAT states of all those tiny packets. pfSense worked great for that, but the PC I was using for that was total overkill (Dell Optiplex 980, i5, etc).
I've seen the Netgate SG1000. Looks good.
Are there other hardware options (even older stuff) that I can load pfSense on that are extremely low power (<20w) that can handle the small amount of traffic for less than $150?
Our income is low, so low cost is equally as important as low power consumption.
At 2Mbps you have quite a few options even with the low power requirement. :)
Obviously the SG-1000 is an option and it's one we test and know to be well suited to this sort of situation. I am biased towards it!
20W is not actually all that low especially when you consider that most hardware will be basically sitting at idle passing 2Mbps. Almost all our current hardware will come in below that.
Are you looking to buy only new?
How many ports do you need, more than 2?
Jailer last edited by
APU2C4 fits the bill. Mine was $154 shipped. I don't have anything to measure current draw but others have reported power consumption of 6w.
The processor has a TDP of 10W – so half of what you were aiming for. Costs only $54 on newegg. I was advised to buy that motherboard and after adding in a picopsu, and intel 2 port Lan card and RAM -- it comes out to $111 + case.
If you buy used RAM, case, lan card it might turn out even cheaper.
There is a server grade motherboard from Supermicro with Pentium N3700 as SoC which has a TDP of only 6W, but the board itself costs $218... so all in your cost would be closer to $300 (with used RAM & case)
I was originally planning on that Supermicro board until a few people convinced me that I don't really need a server grade board for my home network.
See this thread for more info on the J3355 as well as the Supermicro board : https://forum.pfsense.org/index.php?topic=135315.0
Definitely OK with used. I only need 2 ports – wan and lan.
Since the SG1000 is about $150 NEW, I would be looking for something far less expensive than that used.
If I'm gonna have to spend $150, I will likely just opt for the SG1000.. But I'm not married to it.
If I could get something that will work for my use case for $50-$80, that would rock.
If you can go with used equipment then it really depends what you have available wherever you are.
Even something really ancient like the ALIX would probably be fine at 2Mbps and that was <5W I believe. But, that is 32bit only so will not support pfSense 2.4 so hard to recommend it.
Do you need to run packages? VPNs?
Sg-1000 is probably best bet. But you can try to find a cheap low end laptop with an Ethernet port on Craigslist or something.
That's probably the only way you'll get low power AES-NI and 64bit fit under 80.
The newer the better, SSD is better but will cost more.
You can even pull the HDD and install 2.4 on zfs to a pair of USB 2.0 thumb drives if you have 2gb ram, (use 500-1000mb fur ram disk).
Anyways, pair the laptop with a cheapo Web managed vlan switch and you're set.
AES-NI: Is it only needed if you intend to run VPNs and other encrypted stuff? If the hardware doesn't support AES-NI, will pfSense 2.5 refuse to even run, or would you just lose the features that rely on AES-NI?
I think I'll just look at getting an SG-1000. I noticed that it has an SD-Card slot inside. I assume that's so you can have caching,l etc?
AES ni is required to install 2.5
Im not sure but I don't think you can use SD for caching hopefully someone else can chime in.
I think that's a good choice for you though!
The SD card slot is (currebtly) only for recovering the firmware in the event that the USB recovery fails.
It would probably be possible to use it for caching but would require some hackery and the speed of SD cards is such that it might prove…. disappointing!
However, if you want to use Squid to cache content to reduce load on your narrow WAN I would probably not choose the SG-1000. It will run Squid but with the limited RAM and storage available it won't provide the greatest experience.