Affordable PfSense rig



  • Hi guys,

    i want to build a new Pfsense machine for home use.
    It should only route a small ADSL2 connection with 16MBit bandwith for a few local client machines but
    with enough potential to handle VDSL (up to 50MBit) in the near future.
    Outgoing VPN at the speed of my WAN connection, from within the local network would be a great plus because i could encrypt my whole outgoing traffic.

    I know this is a common requirement but the costs to achieve that should be as low as possible.
    I am doing this only because i have a great interest in Pfsense but on the other hand, my current router runs without any problems,
    so i am sure you can understand why i don`t want to spend much money on it, just to experiment a little with pfSense.

    So basically i am looking for something very affordable, with low power consumption.
    I ve looked around the forum for a while now and there are a few options which might be interesting but maybe you guys can recommend some other.

    From my research, the best "low-cost" solution so far would be to buy an Igel Thin Client like the 4210 LX.
    Nothing much to say about it. Its pretty much a  "no-brainer" considering the price.

    Then there is the D2500CC which comes in handy if i would like to play a little with snort and other stuff i suppose.

    What do you guys think?


  • Netgate Administrator

    If you want to do 50Mbps VPN you will need something more powerful than a 1GHz C7.
    Do you have anything to work with already? The cheapest solution.

    Steve



  • @stephenw10:

    Do you have anything to work with already? The cheapest solution.

    You mean like old hardware i can use for a pfsense setup?
    Well not that much at least nothing i would consider for a router which runs 24/7.

    50Mbit outgoing VPN isnt an absolute requirement, would be nice to have but currently VDSL isnt available where i live.

    I probably forgot to mention the ALIX devices but to be honest i wouldn`t say that they are
    very cost efficient if you take the performance of the Geode into account.

    I can get my hands on the Igel for just 30€, diffcult to beat isn`t it? ;)


  • Netgate Administrator

    That is hard to beat.  ;) Especially considering it has padlock support so can get ~30Mbps VPN with the correct encryption type. Make sure you get a decent additional NIC to put in it, use Intel if at all possible. Don't try and use a USB NIC unless you really have no other option.

    Steve



  • Is the integrated NIC more or less capable?
    I am not sure but its based on VIA Rhino, is that correct.

    Would the Igel suffice for pfsense 2.1 when its released or does pfsense 2.1 have higher hardware requirements.


  • Netgate Administrator

    I've never tried a Via NIC with pfSense but I haven't read many complaints about them either.
    The hardware requirements for 2.1 will not be significantly higher.

    Steve



  • The VIA is the one that uses the "vr" driver I believe? That's the on in the ALIX products I have used.



  • I have a Via C7 chip and it does VPN at 35mb…. my pipe isnt big enough to do 50.

    just my 2cents.

    also I did choose the encryption that would leverage the built in hardware....

    I want to say its called via Paddock? or padlock?



  • Padlock is the name of the chip: http://www.via.com.tw/en/initiatives/padlock/hardware.jsp#aes

    It supports accelerating AES 128 bits encryption. I believe you would configure AES-CBC-128 in pfSense, otherwise the other algorithms are not accelerated.


Locked