Pfsense hardware advice

  • Currently I have my NAS (FreeNAS box) pretty much setup. Now I want to be able to access it remotely in a secure manner.
    Currently I am running: Nextcloud, Plex, Plexpy, Sabnzbd, Sonarr, Radarr, Headphones, NzbHydra, Jackett & Organizr as generic jails.

    My idea is to setup a secure VPN connection using Pfsense. I have no experience using Pfsense whatsoever, so any advice is highly appreciated!

    My current Nas setup:
    OS: FreeNAS 11.0-U4
    CPU: Intel Celeron G3920 Boxed
    MOBO: Gigabyte GA-X150M-PRO ECC
    MEMORY: Kingston ValueRAM KVR21E15D8/8HA
    PSU: Seasonic G-series 360 watt
    HDD (3x): WD Red WD30EFRX, 3TB
    USB (for OS) : Sandisk Ultra Fit 16GB Zwart
    CASE: Fractal Design Define Mini

    Pfsense router requirements:

    • Act as a VPN client (OpenVPN + PIA)

    • Act as a VPN server

    • Act as a Firewall

    • Act as a proxy?

    • Act as a dynamic DNS server?

    • Setup multiple VLans: Internal (FreeNAS), Family, Guests, etc.

    • Be able to handle Gigabit speeds

    I want to be able to run the latest Pfsense version, as well as being future proof for atleast a couple of years
    First off i have to select what hardware to use. I know about the possibility to install Pfsense in a VM on my NAS, but feel more secure seperating my VPN / Firewall from my files system a.k.a NAS. I have read a few topics about DIY Pfsense router builds (which is definitely is an option), but feel like the: Qotom Q355G4 will be able to do everything I require for a decent price and with the ease of just installing Pfsense and having a compact system. Would this be a good pick?, feel free to advice me otherwise ;)

  • Qotom is fine, lots of us using one quite happily.

    Lots of other choices though - before someone accuses me of being biased.  :)

  • What build would you advice me? Since there are different options available for the Qotom Q355G4 when it comes to RAM/SSD/CPU etc. It will be put to use in a so called "SOHO" environment.

    Could you maybe eleborate on some of the other possibilities aswell?

  • The choice of how much ram etc is yours. pfSense will run happily in 2Gb of RAM but I would go for a minimum of 4Gb. A small SSD or mSata is fine, a 30Gb mSata is sufficient for pfSense and say running pfBlocker, you'll need more if you run lots of other things.

    My setup, and I bought mine barebones, so I used some RAM and mSata I already had is 8Gb RAM and 60Gb mSata,

    The options for putting your own pfSense hardware together are endless. Basically, the main things to watch for are:

    1 . CPU supports AES-NI
    2.  NIC ports are Intel - There can be problems when they are not, or at least there are fewer problems with Intel NICs
    3. Choose something that has been on the market for a while that has been proven to work. Some of the latest boards do not yet play nicely with FreeBSD, they will eventually but there may be driver/bios issues, so take care on some new MBs.

    So, existing hardware that works out the box, and don't forget to look at Netgate Hardware, it is built for the job. I can only give you advice on the hardware I have and use, there is other hardware mentioned in this section of the forum, others will chime in I'm sure.

    Here is what I use.

    Qotom i5- 4 Intel Nics, The i3 would do to, the i5 is a bit of an overkill for my system but it is very quick, noticeably so when using the pfSense GUI.

    PCEngines APU2 - I would stick with the 4Gb version, takes a single MSata - 3 Intel Nics - very compact and energy efficient.

Log in to reply