How much should I spend on a pfSense home server?

[Cromulent]

I want to replace my Virgin Media router with a pfSense box, but I'm not sure what kind of specs I need. All I need from it is five 1000baseT ethernet ports and say 128GB of storage and a Wifi access point. I have no idea how much RAM I need, but the box will need to maintain a constant GRE tunnel and also act as a firewall as well as maybe allowing me to stream media files on my home network.

What specs would you recommend? I'd also appreciate it if the box was as small as possible so that I can put it under my desk next to my Virgin Media router (which will be running in modem only mode).

 

[Avalon]

Why do you need 128GB of storage specifically?
Have you looked at the pfsense hardware products?

I currently run an R210-II but it’s small for a rack mount, not relative to what you’re after. Initial ideas are the Chinese NUC clones, but depending on what you want to do, i’d be looking at the official netgate hardware options first.

 

[fezster]

The PCEngines APU2 is a low powered device capable of running pfSense. I considered one, but it was coming in at over £130 or so.

So decided to build a low power proxmox box with pfSense running virtualised, with enough grunt to run all of my docker containers (including plex transcoding). I used a 3470T CPU with 16GB ram and Intel quad nic, running from a PicoPSU. I sourced all of the bits second hand off of ebay for around £150 (excluding the SSD and the case, which I bought new).

 

[Cromulent]

Hmm. I might look into just doing a custom ITX build and get the parts from OCUK and see if they'll build it for me as well (I'm not really a fan of putting computers together). As for storage I was hoping to use it as a local NAS as well but I can put that off for the time being.

 

[Avalon]

Hmm. I might look into just doing a custom ITX build and get the parts from OCUK and see if they'll build it for me as well (I'm not really a fan of putting computers together). As for storage I was hoping to use it as a local NAS as well but I can put that off for the time being.

That is not what a secure router is for.

As to the suggestion of an APU2, I have one, OpenVPN craps out around 100Mbit max, fine for FTTC, but nothing faster, unencrypted it’s fine for upto gigabit.

It’s unusual to find someone who wants to run pfsense that would give a second thought to the 20-30 minutes required to build a very basic PC, why not look at an SFF from eBay, many users have used this sort of platform over the years as it’s cheap/easy, just remember AES-NI is required for future major releases of pfsense, other options exist though. Have you looked at the netgate options? Even an Edgerouter is a cheap solution that will handle GRE easily, why does it *need* to be a pfsense build?

 

[Conanius]

I wonder if based on your requirements you might be better running PFSense as a VM on server?

I used to run it as a VM on an Ubuntu box that ran KVM as the Hypervisor. Gave PFSense a physical port and a virtual one (Physical for red site, virtual for black side) and then used another NIC for the server to talk out to the network.

The server ran a few other VMs, including Plex etc.

 

[BigT]

I use a Partaker mini PC. AES-NI compatible Celeron, passive cooling and six intel NICs make a nice base for pfSense. You pay for the convenience and small form factor though - about £250. However it has been running now for nearly a year without issue so very pleased.

 

[Doctor McNinja]

All I need from it is five 1000baseT ethernet ports and say 128GB of storage and a Wifi access point

1. Does the five ethernet ports include the WAN port?
2. Do you need four gateways + WAN or would WAN + LAN + a switch do?

pfSense's WiFi isn't the best, so I'd recommend a separate AP such as a UniFi... and not that I'm advocating going the VM route but if you did, you could (and should) run the UniFi controller software.

In regards to storage capacity, pfSense uses very little unless you were to run a Squid cache. 128GB would almost certainly be enough. You also want to make sure that the CPU supports AES-NI as it will be a requirement for pfSense soon.

As for using the device as a NAS too. Personally I like my firewall to be on a dedicate system but if you want NAS functionality, the only sane way to do it is to use a hypervisor.