Want small form pc for pfSense … recommendations



  • I want to buy a small form pc to use as a pfSense device and could use some suggestions. My needs are both simple not simple, making this difficult for  novice like me to navigate.

    I currently use DD-WRT on a AC router. My main need is an OpenVPN server so I can pass through it for secure internet from public wi-fi (tun interface). It works well. DD-WRT is looking sketchy and I'm unsure of its reliability in the future.

    For pfSense I want to load it on a small form dual nic pc with suitable power to support 50 to 100 mbs in and 10 to 25 out. I'm currently at 50 but would like it to support faster speeds in the future as needed. Internally, gigabit wired is expected via a switch attached to the pfSense router. The AC router will handle internal wireless afterward.

    Also, I want to explore snort and other features without worrying about processing power. I am too new with pfSense to go into more details. I want overcapacity, but not something too expensive. I'd like to load packages for experimentation without worrying about processing power.

    Internally, the network is fairly low demand. NAS, TV/Movies, and browsing for a couple of people. I want decent capacity for on demand needs, but, as I said, not so powerful it is an expensive system. I could just select a large processor, but would undoubtedly pay for more capacity than I need. Also, low power requirements are wanted.

    Is there a Zotac model that would work? What about other brands? What processor, how much ram, anything else is suggested?

    Thank you.



  • I built a router from parts I listed here that meets all of your needs except perhaps for the low cost part. It would be total overkill for what you need but you will never ever have to worry about processing power. The c2558 version of the board could be used instead and is a bit cheaper. Even with only 4 cores it will be more than enough.



  • Hello,

    My main need is an OpenVPN server so I can pass through it for secure internet

    Please read an answer from @gonzopancho here in the forum related to exactly this point, Link

    Also, I want to explore snort and other features without worrying about processing power.

    Snort, Squid, + SquidGuard, AV Scanning, VPN,…....
    Better to know all first really all about your needs and wishes, not to run in a trap

    I want overcapacity, but not something too expensive.

    Likes all others, 100 MBit/s Internet, VPN and all other on top for $50,
    but as I see it right this will not even really work.

    Also, low power requirements are wanted.

    There are some of them out know, really enough power but
    power saving also. Intel´s C2xxx series could do this job.

    Is there a Zotac model that would work? What about other brands? What processor, how much ram, anything else is suggested?

    • VK-T40E pfSense® Security Gateway Appliance from the pfSense Shop based on an
      Alix APU Board really enough for 50 - 100 MBit/s
      But without AES-NI and Intel´s QA!
    • Supermicro Mainboard with a C2358 CPU
      Not a power saving firewall, but powerful
    • SG-2440 pfSense® Security Gateway Appliance from the pfSense Shop
      Really wicked firewall that matches all your needs and power saving, but not cheap
    • Supermicro Mainboard with C2358 and 8 GB ECC RAM would be also matching
      But a case and some other things are also needed on top

    So as I see it right a CPU with AES-NI and/or Intel´s QA or a Atom C2xxx CPU
    with 2 -8 GB RAM and Intel NICs or LAN Ports would be great for you.

    In my eyes it is better for to save some money for over some month and then buy
    a SG-2440 pfSense® Security Gateway Appliance, this will be running for years for
    you well and saving power on top also.



  • Thanks. Lots to think about.



  • Take a look at the Intel NUC.  Think there is one with dual Ethernet.



  • @NOYB:

    Take a look at the Intel NUC.  Think there is one with dual Ethernet.

    Intel NUC5ix series, latest with 5th gen i3/i5/i7 is single ethernet only. You can mod using a different case and using pci slot to fit the second ethernet adapter.
    I own NUC5i3RYH.



  • Maybe this is what I saw.  Not sure if this is considered a NUC, but it does have to RJ45 connections.
    http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007

    Or I may have been thinking Thunderbolt NIC adapter.

    Personally though I'd settle for single NIC and VLAN unless there is specific requirement for no VLAN or bandwidth constraints.


  • Banned

    Better to go with 2 seperate NIC's than VLAN's. You can always VLAN the LAN part to get things seperated…

    I prefer the WAN and LAN on 2 seperate physical interfaces. Even if its running virtualized....



  • The suggestions here have been helpful. I think I'm going to have to spend a few bucks but less than $400 if I'm careful. I will either build one using the suggestions here about the motherboard that has the new Intel Rangeley chip and Intel nics or explore a Jetway small form PC that will need memory and a drive. I read about them elsewhere and they appear to have some capabilities … but not all models have Intel nics so care is needed in the selection.

    It's been a long time since I built a PC so it might be fun to build a router.

    Is a small form case just a case or are there specs to look for?

    Regarding ram, 4GB or 8GB? The cost is negligible. With a router is there any advantage to having a reserve of ram?

    I have a spare 2.5" 500GB drive, but a small SSD is cheap. Any pros or cons to either? 32GB ok?



  • snort and Suricata are memory hogs. Point to 8GB for that, otherwise 4GB is completely sufficient.
    Personally, I don't like running HDDs in my routers as they have moving parts. A small SSD is fine even though there won't be much of a speed improvement.



  • I suggest Supermicro MB with C2558 or 2758, 8GB to run Snort and pfBlockerNG. A small SSD is fine. On the market there are a lot of cases available, both fan and fanless. Such a setup will secure your future bandwidth upgrades, up to 1000Mbps. With upcoming OpenVPN supporting in full AES-NI it will be the standard.



  • Umm, I used some left over computer parts from a PC upgrade to build mine. It is a larger build but then again, it is rack mounted with my server. I used a Asrock z77 board, i5 CPU, 2x2 gig ram, an old 1TB HD, 2 x Intel EXPI9400PTBLK network cards and 2 Emulex 4GB LPE 1150-E fiber cards. I am running pfsense and snort with NO memory lag as mentioned by a previous poster. Overall system performance will be determined by the quality of the hardware. If you looking for a low power system then maybe 8 gig is necessary. If not concerning with physical size then 8 gig may be overkill. Just as with an SSD which again is overkill


  • Banned

    Use Innodisk DOM for the drive instead of a normal HD.



  • You could seek out the local electronics recyclers. 3 to 5 year old PC's can be had cheap. For me my first pfSense box was a $50 Dell 760 small form factor core2, 4gb ram. I added a 2.5 40gb hd. I scored a NC360T dual nic cheap.
    Then you can decide later how much power you need and what you want to spend on low power vs hp. You may even run into a stack of old firewalls you could revive with pfSense.

    Unfortunately, visiting a place like that can be habit forming. I need special permission from my significant other just to drive by the place..


Log in to reply