2020 home build or buy?

  • Hello all,

    i have gone down the rabbit hole; and it seems as though i need to start somewhere here. im looking to create a pfsense device unless its more worth it to buy one....

    my tentative server build plans (will evolve this idea later):
    esxi/vmware running windows/blue iris and later freenas/next cloud. maybe plex for a few users.

    My Questions:

    • can/will pfsense be a bottleneck for streaming things like blue iris (camera software)?
      would the low end netgate handle this stuff?

    • I read that intel is the way to go; so is an old i3/i5 optiplex (assuming it had AES-NI) with an intel NIC good enough, or is it too power hungry for the use?**

    • do i just need to build my own and upgrade hardware as needed?

    • Essentially, whats my best option for performance and security?

    If im going to have cameras, id prefer privacy (and no ransomware hacks). they wouldn't get anything out of me, but from what i read it is a pain to deal with...

    any advice would be appreciated.


  • Netgate Administrator

    What bandwidth do you have available? Do you need to run VPNs?

    pfSense won't be a bottleneck if you use suitably sized hardware.

    If building your own box I would certainly try to use Intel NICs.


  • If you plan virtualization anyway, why not virtualize pfSense?

  • Netgate Administrator

    Indeed running virtual is always an option. Especially as a test setup. You can get into a chicken/egg situation if pfSense is running dhcp though. Some thought to startup if everything is powered down is required.


  • @stephenw10

    28Mb/s download
    5Mb/s upload
    1 gbe network min (not yet acquired)

    OH and yes I do want vpn. Blue iris requires an open port for remote access. Trying to avoid that from my understanding. Perhaps I'm paranoid?

  • @provels I had considered this. But I have no experience and was trying to avoid any issues as described by Stephen's chicken/egg (this is not the first I've heard of this) . I have a tough time understanding how pfsense will run in front of everything when on a vm as well.

  • Netgate Administrator

    Ok, at those sorts of bandwidth anything capable of running pfSense 2.4.4 will have no problems even with OpenVPN. Our own SG-1100 would have no problems with that.

    You are not being paranoid IMO. There is no need to open services like that up to general internet probing. Much better to use a VPN.


  • @uSER_717 Then just install pfSense on an old PC you have and get a feel for it. And introduce yourself to virtualization. It doesn't have to be an overnight 100% turn-key solution. See the specs of my pfSense in my sig, and that's running on a 10 year-old 12 year-old quad core host on my main workstation. As far as the chicken/egg deal, I see no reason you can't run static addresses, DHCP with static mappings or a mix. Setup your host to power itself up after power outages and set pfSense to auto start. And use a UPS anyway.

  • @provels using an old PC for learning is an excellent suggestion. However, i failed to mention i don't really have one. I have an old 32 bit HP compaq tower with pentium 4 in it. My best guess is that i can re purpose a psu (365w max),a couple of hard drives (800 gb), atx case, and maybe an oem cooler/fan. If all that was reusable would a ATX motherboard/cpu combo and NIC card have me set? This would still bring me back to my original question of what i need vs. power consumption (if im going to start buying stuff). you and i already give the power co too much $$$ as it is.

    i mentioned the idea of an old optiplex due to my lack of equipment (buying one that is)...

  • @stephenw10 thanks for the piece of mind. do these units have up-gradable network cards etc...?

    while it sounds great to plug and play, i feel as though its not future proof (and i could be wrong). needs may still evolve. everything I've been reading/youtubing point to higher speeds in the near future. Heck, my internet speeds are exponential of what they were about 2 yrs ago. I do like the power saving ARM it includes if it will handle everything as you suggest; and it does appear to have some sort of on-board crypto security features i see...

  • Netgate Administrator

    The SG-1100 has minimal upgrade options. You can't swap out the NICs or add RAM etc. It's designed to be as small as possible. That also makes it cheaper.


  • FWIW, my puny VM handles 300/20 (nominal, 360/25 actual) w/o issue. Get a donor machine from a friend or a thrift shop. They don't all go to the landfill.

  • Agreed, thrift shop, goodwill, Savers, etc. Maybe check at a local computer shop for some refurbished stuff. There’s gotta be something available close to you.


  • @uSER_717 I hope you have enough horsepower to run Blue Iris. I would worry less about pfSense than I would Blue Iris depending on how many cams you'll be serving.

    As everyone here has already stated most any hardware will be fine for pfSense, but you have not really stated in detail how you will be using Blue Iris yet, so its hard to know how much you'll need.

    1. Will you be constantly streaming video from Blue Iris to an outside site? Or will you just need to check into the Blue Iris system from the outside once in a while? Will you be using VPN or not?
    2. Same question for Plex, will it be streaming to the outside constantly or not?

    I run both Blue Iris (w/8 HD cams) and Emby on a dedicated bare metal Windows file server, but I only occasionally need to access them from the outside. So my router needs are not that great. I run pfSense on a Supermicro A2SDi-8C-HLN4F based system with a internet connection of 600/25 and its probably overkill for my needs, but gives me some headroom for the future.

  • @Vidmo

    As for BI, I will be using pc specs based on their website (going to deal with that later) . I figure 4 cams @ 3mp max to start, until I get my dream home lol. VPN is a yes. And from what I've read/seen I should be able to achieve this with bi and pfsense? I will only be streaming when alerted or if I can figure out how to integrate a doorbell cam (hopefully BI will have a legitimate option for this in future). I'm not a ring or nest fan at the moment. Oh and plex/emby would be a yr later if I get ambitious (the legatity of that is vague btw) , prob no streaming with that. I don't need my isp charging me more as well.

    You have 600Mb/s download? I've never heard of that if so.

  • I'm running this 1 (Topton N3160 64GB SSD 4GB RAM) for over a year and I didn't regret it for a moment. Home environment but with a lot of features enabled, including VPN, VLANs, Squid... and I had a streaming server uploading 2Mb/s to youtube 24/7. Had a compatible wifi adapter through the USB connected and that worked as access point. The builtin wifi didn't have the AP feature. But it's recommended to have a seperate AP anyway. Price is still the same, didn't go down. It's not an Intel NIC however. Also no camera's for me.


    165$, imo not worth to try setup an old laptop or VMware environment to host that. Running an old server or desktop over a year costs me more in electricity.

  • I have a 200/10Mb cable circuit and run pfSense on a PCEngines APU2C4 (new one is APU2E4). It's more than powerful enough and barely sips electricity. I run Plex through it just fine. It can handle 500Mb+

    I also have Blue Iris installed on a home server and use the STunnel package to forward/NAT the firewall to it. It works great with the iPhone app. No VPN needed. As far as I can tell, it's secure and I have not been hacked. Just use a very complex password as your phone App will save it.

  • If we're still talking about hardware, and you're still looking to buy, the HP T730 and the T610 Plus are frequently mentioned as being good pfsense DIY boxes.

    You have to add network cards to both of them, I believe they only come with 1 stock network port.


  • @uSER_717 I am a DIY build guy. A used PC is fine. Might just have to add a 120gb ssd and some Intel lan cards. For lower spec internet connections, even a p4 or core 2 is fine. Vm works too. You may run pi hole,etc in there as well.

  • @akuma1x I think this was the winner for me. I found something similiar to the models u described. Cost more than what I wanted but comes with 4 port INTEL NIC. Based what everyone has been saying I think it should suite my needs and is still mildly upgradeable.

  • @messerchmidt I will Consider the pi hole. That is an Interesting tool that I didn't know about.

  • @valnar said in 2020 home build or buy?:

    I have a 200/10Mb cable circuit and run pfSense on a PCEngines APU2C4 (new one is APU2E4). It's more than powerful enough and barely sips electricity. I run Plex through it just fine. It can handle 500Mb+

    Concur. I just installed pfSense on a PC Engines APU2E4. I don't have gigabit fiber WAN yet (currently just 25 Mbps ADSL) but there are plenty of credible reports that the APU2E4 will push 500 Mbps (unencrypted) without optimization, and 950-1000 Mbps with a couple of minor tweaks.

    The APU2E4 has a few specs that make it especially pfSense-friendly:
    AMD Embedded G series GX-412TC, 1 GHz quad-core CPU WITH AES-NI support.
    4 GB of ECC RAM
    Up to 120GB internal mSATA (not CF card) storage
    3 Intel i210AT ethernet ports. (The i210AT has double the number of transmit/receive queues vs the closely-related-and-more-common i211AT.)
    DB9 / RS232 serial console port
    2 x USB 3.0 ports
    Completely fanless, and very low power draw, around ~6 watts idle ~10W max. Compare that to using a random old desktop or server PC which could draw easily 30W-40W idle, maybe much more depending on configuration.)
    Very compact (about 6" x 6" x 1" thick)
    Very competitive price point

    If you enjoy spending hours to days messing around with random old hardware, trying to figure out whether the ethernet interfaces in it are a) compatible with BSD b) reliable in general c) performant enough to allow pfSense to shine as it should, and mucking around with BIOS-related boot quirks, etc, by all means, dig around in your closet or go to Goodwill or a flea-market.

    If you want a smoother, easier pathway to a decent-performing and reliable pfSense community-edition install, go with a well-known hardware vendor with recent good compatibility reports.

Log in to reply