Pfsense hardware advice
-
Currently I have my NAS (FreeNAS box) pretty much setup. Now I want to be able to access it remotely in a secure manner.
Currently I am running: Nextcloud, Plex, Plexpy, Sabnzbd, Sonarr, Radarr, Headphones, NzbHydra, Jackett & Organizr as generic jails.My idea is to setup a secure VPN connection using Pfsense. I have no experience using Pfsense whatsoever, so any advice is highly appreciated!
My current Nas setup:
OS: FreeNAS 11.0-U4
CPU: Intel Celeron G3920 Boxed
MOBO: Gigabyte GA-X150M-PRO ECC
MEMORY: Kingston ValueRAM KVR21E15D8/8HA
PSU: Seasonic G-series 360 watt
HDD (3x): WD Red WD30EFRX, 3TB
USB (for OS) : Sandisk Ultra Fit 16GB Zwart
CASE: Fractal Design Define MiniPfsense router requirements:
-
Act as a VPN client (OpenVPN + PIA)
-
Act as a VPN server
-
Act as a Firewall
-
Act as a proxy?
-
Act as a dynamic DNS server?
-
Setup multiple VLans: Internal (FreeNAS), Family, Guests, etc.
-
Be able to handle Gigabit speeds
I want to be able to run the latest Pfsense version, as well as being future proof for atleast a couple of years
First off i have to select what hardware to use. I know about the possibility to install Pfsense in a VM on my NAS, but feel more secure seperating my VPN / Firewall from my files system a.k.a NAS. I have read a few topics about DIY Pfsense router builds (which is definitely is an option), but feel like the: Qotom Q355G4 will be able to do everything I require for a decent price and with the ease of just installing Pfsense and having a compact system. Would this be a good pick?, feel free to advice me otherwise ;) -
-
Qotom is fine, lots of us using one quite happily.
Lots of other choices though - before someone accuses me of being biased. :)
-
What build would you advice me? Since there are different options available for the Qotom Q355G4 when it comes to RAM/SSD/CPU etc. It will be put to use in a so called "SOHO" environment.
Could you maybe eleborate on some of the other possibilities aswell?
-
The choice of how much ram etc is yours. pfSense will run happily in 2Gb of RAM but I would go for a minimum of 4Gb. A small SSD or mSata is fine, a 30Gb mSata is sufficient for pfSense and say running pfBlocker, you'll need more if you run lots of other things.
My setup, and I bought mine barebones, so I used some RAM and mSata I already had is 8Gb RAM and 60Gb mSata,
The options for putting your own pfSense hardware together are endless. Basically, the main things to watch for are:
1 . CPU supports AES-NI
2. NIC ports are Intel - There can be problems when they are not, or at least there are fewer problems with Intel NICs
3. Choose something that has been on the market for a while that has been proven to work. Some of the latest boards do not yet play nicely with FreeBSD, they will eventually but there may be driver/bios issues, so take care on some new MBs.So, existing hardware that works out the box, and don't forget to look at Netgate Hardware, it is built for the job. I can only give you advice on the hardware I have and use, there is other hardware mentioned in this section of the forum, others will chime in I'm sure.
Here is what I use.
Qotom i5- 4 Intel Nics, The i3 would do to, the i5 is a bit of an overkill for my system but it is very quick, noticeably so when using the pfSense GUI.
PCEngines APU2 - I would stick with the 4Gb version, takes a single MSata - 3 Intel Nics - very compact and energy efficient.