Hardware for Pfsense

Need to migrate from my ISP router to pfsense (or possibly opnsense) as I have a requirement for tagged vlans, any suggestions on what spec hardware best to run it on. I'm looking for a fanless enclosure type mini PC with 4 onboard 2.5 Gbe lan ports and it also needs to be able to comfortably handle up to a 1Gbps fttp connection.

Something like this would probably suit. A quick Google shows people going beyond 1Gbps on 10th/11th generation i3 processors and only having 10% CPU usage.

https://www.mini-itx.com/~N11-1115

In reply to a post by dect:

needs to be able to comfortably handle up to a 1Gbps fttp connection.

Is that a DHCP or PPPoE 1Gbps connection? The old Pentium 4 hardware can cope with routing that speed, but the PPPoE overhead is often the challenge in lower end hardware.

In reply to a post by jchamier:

In reply to a post by dect:

needs to be able to comfortably handle up to a 1Gbps fttp connection.

Is that a DHCP or PPPoE 1Gbps connection? The old Pentium 4 hardware can cope with routing that speed, but the PPPoE overhead is often the challenge in lower end hardware.

I need to plan for both eventualities at 1Gbps

Thanks for all the replies guys!!!

In reply to a post by dect:

Thanks for all the replies guys!!!

If you build a pf/OPN sense box, let us know what you find out. At the moment I'm assuming anything like this will draw more power, and given electric prices.

Just on power draws...been running a little stack of four ThinkCentre M720q nodes with Core i5 8th gen processors as my mini-server cluster, virtualised with Proxmox.

Most run steady state around 7 to 10 watts. Typically around 8W. I have one machine in the cluster that has 4 x 1 GbE on a mini PCIe card that doesn't seems to draw appreciably more. Another node has a 2 x 10 GbE NIC and that appears to draw around a 1/3 more power than the others. 10 GbE is power hungry.

There's another 4 node cluster coming using newer M80q Gen 3 nodes with 12th Gen i5-12500T vPRO proc's so will be interesting to see how they compare to the older boxes.

From what I have read in the past, the Dell Wyse 5070 is a good choice for pfsense, you can pick them up on eBay., They have a external slot to put another ethernet card in. Pfsense is not very good with Wi-fi so I have read, so you still need to connect some sort of wi-fi extender to it.

I was looking at the hardware using around the 10w mark but having looked the faster the gen of processor the more power it typically uses so its a balancing act to get the best throughput I want without over cooking it on the power.

I was considering Proxmox for visualisation but have read about issues with newer 2.5Gbe ports.

In reply to a post by zyborg47:

From what I have read in the past, the Dell Wyse 5070 is a good choice for pfsense

I don't believe the onboard adapter is 2.5Gbe, also I believe the processor could be a limiting factor on throughput.

In reply to a post by dect:

I don't believe the onboard adapter is 2.5Gbe, also I believe the processor could be a limiting factor on throughput.

Sorry, I missed the 2.5 Gbe lan ports part somehow. The processor should be fine, plenty of videos on You tube of people using that unit, I don't know if it is possible to get a 2.5Gbe adaptor for it, but you would not need 2.5 for the wan part.

i was going to go down the PFsense router, but it is far too much hassle, unless you want to learn more about networking and that stuff.,

In reply to a post by zyborg47:

you would not need 2.5 for the wan part.

Interesting assumption when 3 Gigabit is available, and 10 gigabit is rumoured.
https://communityfibre.co.uk/3-gigafast

In reply to a post by jchamier:

Interesting assumption when 3 Gigabit is available, and 10 gigabit is rumoured.
https://communityfibre.co.uk/3-gigafast

Ok, you got me there, I forgot about that, ok let's say most people would not need it unless they have plenty of money, running a large company or have a mansion with lots of people living there.

In reply to a post by zyborg47:

Ok, you got me there

Same as your assumptions about FTTP, or 5G? I get that you're not a fan of progress. My home PC has 2.5GbE LAN port, it wasn't available without. Your new Mac has an option of a 10GbE port in place of the 1GbE. The IT industry doesn't stop progressing.... you can opt out of upgrades, but eventually the tide will take you. I hope you don't still use WEP on your WiFi.

In reply to a post by jchamier:

Same as your assumptions about FTTP, or 5G? I get that you're not a fan of progress. My home PC has 2.5GbE LAN port, it wasn't available without. Your new Mac has an option of a 10GbE port in place of the 1GbE. The IT industry doesn't stop progressing.... you can opt out of upgrades, but eventually the tide will take you. I hope you don't still use WEP on your WiFi.

So what are my assumptions of FTTP and 5G? I have nothing against progress if we are not forced into it, and it doesn't cause any harm. I do have a problem with being pushed into things I don't want or need.
so your home PC has a 2.5Gbe LAN port, but do you really use it to its full potential? I know I could have had 10Gbe option on my Mac and I did think about it for the future, but paying an extra £100 for something that I will never use is pointless. My Nas is 1Gb, can't be updated, my network is 1Gb, while it can be updated, it is not worth the cost of getting new Ethernet switches. My router, again 1Gb lan. So tell me what would be the point in me, paying £100 for 10Gbe?

In theory, the wi-fi on my Mac is faster than your Ethernet and my router is Wi-fi6, so if i wanted faster speed I could use that, but I prefer the reliability of lan.

I do know that the I.T industry progress, I have been using computers and stuff for a few years now, started with the ZX8 and I have nothing against progression, if I did then I would not have got a Mac, I would not be using smart home products, a smartphone, ebook, listening to most of my music online and watching video streaming. I would still be using VHS for video, vinyl or cassettes for listening to music, but I do like Vinyl still.

My problem is when people tell me that I should update to this and that even if what I have got is working fine for me.


What ever you think my assumptions are of 5G and FTTP, you are incorrect. I don't have a problem with FTTP if people want it, in fact on Zzoomms facebook page I have come to their defence a few times when people say it is not needed and I have said it is a good thing for the city, which it is for people who want it. But that don't mean I have to have it or require it myself. 5G I can see the point in it for home use and maybe for tablets, but I don't see the point in it for mobile phones and that is my opinion and if you don't like then that is just too bad. Just like my opinion is that the majority of people don't need 1Gbit FTTP, if they want to pay for it then that is up to them. need and want are two different things.

Even less people require anything faster than 1Gb/s and the prices it will be will put most people off anyway, but again if it is available and people want it then fine, up to them

As for Wi-fi security, my router offers WPA3, but a fair few of my smart home stuff don't support, it, so I have to use WPA2, otherwise I would use WPA3.


Anyway, not sure why you came out with what you did, all I said was you got me on that as I forgot about then doing speeds higher than 1Gb/s, but it is very few and far between.

Adrian, the problem is that you make a statement saying that a certain thing is not required by anyone else.

That is the same as someone stating that YOU need something better which you seem to hate.

"Pot and Kettle" spring to mind.

In reply to a post by broadband66:

Adrian, the problem is that you make a statement saying that a certain thing is not required by anyone else.

That is the same as someone stating that YOU need something better which you seem to hate.

"Pot and Kettle" spring to mind.

i am not saying it is not required by anyone else, I am saying I doubt many people will need it. There is a difference.
People can use what they want, I really do not care.

Guys we know its Adrian being Adrian, he is never going to change his ways as he can't see the problem.

Lets move on.

"I really do not care. "

If you don't care why do you make comments?

In reply to a post by dect:

I was looking at the hardware using around the 10w mark but having looked the faster the gen of processor the more power it typically uses so its a balancing act to get the best throughput I want without over cooking it on the power.

I was considering Proxmox for visualisation but have read about issues with newer 2.5Gbe ports.

I use Proxmox on a J4125 Topton box with i225 and it has been faultless.

I just bought a N100 Topton with i226 which is twice the speed and less power so will see how that one fares.

The main benefit of virtualisation is that these devices are far more powerful than is needed for a router upto at least 1gbit so you can also run a few small appliances such as Pihole, Home assistant etc and also snapshotting before updates and ease of bringing up a replica on another device in case of issues.
You could also go bare metal and have enough CPU for IDS if you feel it is necessary at home.

In reply to a post by smouty:

I just bought a N100 Topton with i226 which is twice the speed and less power so will see how that one fares.

Sounds good, let us know how you get on with it compared to the J4125

It is fast. About twice the speed for around the same power or less.

I also have two NVME rather than SATA in the J4125.

https://imgur.com/a/UhtLZWq

Proxmox installed with a minor issue with the frame buffer as it is pretty new but found a workaround.

Edited by smouty (Sat 20-May-23 20:25:51)

I now have two Qotoms running OPNsense and linked by a WireGuard VPN. One is connected to Gigaclear using DHCP which was easy to get to work. The other is connected to Plusnet FTTC via an HG612 using PPPoE which was more tricky to get to work. I can provide a link on how to configure the PPPoE should you need it.