What hardware would I be looking at for…

  • Looking to build first PFsense box.  Been using ddwrt for ages but I'm wanting to transition some more stuff into the router.

    I have 400/40 internet right now, gigabit is available but no support for doc 3.1 means I'm stuck with the puma 6 issue and no gig yet.

    I want to split my internal network into two parts.  Essentially everything on router port 1 will be fed into a vpn tunnel.  Several of these devices are low powered thin clients that can't sustain a 3 meg link when doing software VPN w/ 256 encryption, so I want the router to do this for the whole link.  Only other shaping I would possibly want would be a bandwidth cap on that port to limit any run away whatevers that could happen without knowledge.  My VPN link is able to sustain around 80 mbps.

    Router port 2 would have my daily use / family stuff and APs.  No VPN connection on this port, but I do want to be able to block sites and services to individual IPs/MAC adds on this port (my kid got caught where he shouldn't have been!).  All of this port will have assigned IPs to all devices.

    Beyond that, just the basic firewall rules and depending on cost right NOW, the ability to scale up to handle a good chunk of gigabit.  Any suggestions what I should be looking at getting or building?

  • Netgate Administrator

    So 1Gbps total throughput and/or 80Mbps VPN? OpenVPN?

    Any packages?


  • Yes, depending on price.  Current need is 400/40 AND ~80mbps VPN on seperate ports (using PIA servers) of pfsense box.  I'm assuming pfsense can handle this?

    Packages I could find would be Darkstat, pfblocker, snort/suricata, service watchdog, and openvpn.

    Seen a hundred different things around hardware wise but nothing really definitive.  Am I looking at something this or more beef?

  • Netgate Administrator

    Well I would have to say pretty much anyone but that site! Had a few terrible experiences there. YMMV of course. I removed the link.

    Our SG-3100 should do that but will close to it's limit running 80Mbps OpenVPN AND 320Mbps other traffic with Snort. The SG-4860 would be fine there.


  • So that jumps from $350 to $750.  In that ballpark, what hardware specs would I need to build my own box.  For less I could piece together an i5/7 build and I'm guessing have waaay overkill.  Form factor/size isn't really a concern either, that little box just looked neat for the price.

  • Netgate Administrator

    I would want something more than the E3845 for what you are asking there. It might do it.

    It's not a test that is often done: What additional throughput is possible when you are already doing 80Mbps OpenVPN…. and Snort.  ;)

    I can't really recommend anything but our own hardware. That literally pays for me to be here.  :)


Log in to reply