Pfsense build - need suggestions

I am looking for suggestions to build Pfsense router. It was in my mind since long time but now my router gone kaput, so searching for cheap build.
Planning to go with PC engine's APU.3C4 system board and it costs around $170 (including case and adapter) with shipping.
However dont have much information available online on its build quality and reliability. Are they really good to consider for Pfsense build.
Guys, please suggest any other options for Pfsense build. I have gone through aliexpress but not much convinced to buy them.
I am using 25mbps connection and planning to add another backup connection soon.
 
Last edited:
On a budget? Get any existing board with a PCIe slot, stuff in a dual or quad NIC (using Intel NICs ideally, else Realtek) and you are ready to go. Even Atoms will do, as long as you dont need to do anything CPU intensive.

I would suggest to mention what you plan to do with it.

Also, mention your technical expertise level, I would suggest to virtualize it as well.[DOUBLEPOST=1524927954][/DOUBLEPOST]Looping in @rajil.s @cyberwarfare
 
On a budget? Get any existing board with a PCIe slot, stuff in a dual or quad NIC (using Intel NICs ideally, else Realtek) and you are ready to go. Even Atoms will do, as long as you dont need to do anything CPU intensive.

I would suggest to mention what you plan to do with it.

Also, mention your technical expertise level, I would suggest to virtualize it as well.[DOUBLEPOST=1524927954][/DOUBLEPOST]Looping in @rajil.s @cyberwarfare

I can say good with technical skills :). Planning to use some packages like pfblocker, squidguard, Snort. No plan for VPN.
Looking for smaller system which can fit in network rack but no plan for 1U system.
I have J3355B SoC board in mind but dont find it locally.
 
Have you looked into devices like these? There are cheaper versions of such devices on Aliexpress.

Using a similar quad LAN one from Aliexpress (it was from Eglobal I think) for a dual WAN setup at home for the past couple of years or so. Works well and seems perfect for a small footprint box if size matters. The RAM and SSD/HDD are add-ons and could be added on your own.

Just make sure to pick up an AES-NI cpu as that's what pfSense will support 2.5 onward, and a box with Intel NICs. I had gotten a Celeron at the time as it fit my requirement but would be upgrading down the line.
 
Last edited:
Discussed with @vivek.krishnan and he gave some good suggestions.
I have one C2D system lying idle, will try Pfsense on it first. I have to find exact CPU model on system and check whether it support AES-NI.
However I afraid that this will shoot up electricity bill as system will run 24x7
 
Discussed with @vivek.krishnan and he gave some good suggestions.
I have one C2D system lying idle, will try Pfsense on it first. I have to find exact CPU model on system and check whether it support AES-NI.
However I afraid that this will shoot up electricity bill as system will run 24x7

C2D? With a 99.999% probability, it will not support AES-NI.

The bill will go up by not much if you go for SFF stuff from Aliexpress. Maybe around 25W. Which go for about 600W/day or 18 units monthy, so less than 100INR.
 
Yes right Vivek, It doesnt support AES-NI.
Have you looked into devices like these? There are cheaper versions of such devices on Aliexpress.
Yes checked lot of such devices on Aliexpress but not sure if they are reliable for long term usage. Do you know any specific model which is good.
 
I have this, running lubuntu server, pfsense, OMV, Win2012-AD-CA on Esxi 6.5U1. Total landing cost delivered to my home was approx 26K, purchased 1 year ago.
It has been running solid. Max uptime was around 176 days before I had to bring it down to upgrade the hypervisor. Can easily handle 100Mbps broadband, ad blocking, etc.

QOTOM-Q355G4 + WIFI + 8GB RAM + 64GB mSATA + 512GB 2.5in HDD

Had to install a 120mm USB fan on top to keep it nice and cool.
 
Yes checked lot of such devices on Aliexpress but not sure if they are reliable for long term usage. Do you know any specific model which is good.

Reliability? We are running one of them for quite some time. Its quite reliable, as long as power is stable.

Secondly, AES NI is not a priority unless you need VPN or anything needing cryptographic hardware.
 
I have this, running lubuntu server, pfsense, OMV, Win2012-AD-CA on Esxi 6.5U1. Total landing cost delivered to my home was approx 26K, purchased 1 year ago.
It has been running solid. Max uptime was around 176 days before I had to bring it down to upgrade the hypervisor. Can easily handle 100Mbps broadband, ad blocking, etc.

QOTOM-Q355G4 + WIFI + 8GB RAM + 64GB mSATA + 512GB 2.5in HDD

Had to install a 120mm USB fan on top to keep it nice and cool.

I am not in favour of running pfsense in a virtualized mode, since if the machine goes down the whole network goes kaput.
Presuming you bought this directly from Aliexpress, was there any import duty imposed on this?
 
Last edited:
I am not in favour of running pfsense in a virtualized mode, since if the machine goes down the whole network goes kaput.

IF - > we have been running it in virtual mode for the past year and half. ESXi 6.5.

Is it risky? Yes, but you need to ensure the risk is mitigated properly. The advantages are that I am no longer bound by the hardware! Additionally, even if the machine goes down, physical or not, the network will still go down.

@superczar is another who has virtualized it, but on Xen or Proxmox (not sure)
 
I have this, running lubuntu server, pfsense, OMV, Win2012-AD-CA on Esxi 6.5U1. Total landing cost delivered to my home was approx 26K, purchased 1 year ago.
It has been running solid. Max uptime was around 176 days before I had to bring it down to upgrade the hypervisor. Can easily handle 100Mbps broadband, ad blocking, etc.

QOTOM-Q355G4 + WIFI + 8GB RAM + 64GB mSATA + 512GB 2.5in HDD

Had to install a 120mm USB fan on top to keep it nice and cool.

It is quite costly for my requirement, Looking for cheap Qotom model.

Reliability? We are running one of them for quite some time. Its quite reliable, as long as power is stable.

Secondly, AES NI is not a priority unless you need VPN or anything needing cryptographic hardware.

No VPN requirement as of now but not getting any cheap build available which support AES-NI
 
Last edited:
@maddy_in65 I decided to build a new pfsense router. My goal was to get something compact, but with active cooling to deal with hot weather. The motherboard i am going with is Supermicro A2SDi-4C-HLN4F which will be housed in a minibox M350 case. The case is very well ventilated, so much so that i will need to get it wrapped up in some dust filters :).

@vivek.krishnan, I can understand in a business environment you have processes like change management so server reboots are controlled. You can afford to have pfsense virtualised. However, my home lab server goes for a reboot on a whim.
 
Last edited:
@maddy_in65 I decided to build a new pfsense router. My goal was to get something compact, but with active cooling to deal with hot weather. The motherboard i am going with is Supermicro A2SDi-4C-HLN4F which will be housed in a minibox M350 case. The case is very well ventilated, so much so that i will need to get wrapped up in some dust filters :).

@vivek.krishnan, I can understand in a business environment you have processes like change management so server reboots are controlled. You can afford to have pfsense virtualised. However, my home lab server goes for a reboot on a whim.

@cyberwarfare is also planning to get a similar board from the States.

As for your home lab server reboot - why? I used to run an ESXi setup at home, I rarely ever had to reboot. And secondly, pfsense is virtualized. But its on its own dedicated machine.
 
Back
Top