I was thinking that I could save money on putting together a good pfsense router by using my leftovers from a recent upgrade of my desktop.
Does the chassis and PS really matter or can I just get any old thing off ebay, throw in a decent Intel NIC + SSD and call it good?
Are there any popular chassis models on the used market that I should steer towards? I don’t want something that sounds like a wind turbine unnecessarily so I was thinking of going with a 2U.
Any little hints would be nice, this would be my first foray into Pfsense building. I know that if I want high speeds then I need a decent processor and I think my i5 should probably be able to handle gigabit based on my reading but other than that I don’t know if it has any special requirements to get the most out of it.
I run an I3-6100T (with 1 8GB men stick) running pfSense for two years on a gigabit fiber connection at the house. That system CPU usage stays below 2%.
Unless you are planning to run Suricata or a really intense package, pfSense doesn’t require high end system for consumer internet. In another thread someone recommended using the pfSense official hardware as a roadmap, if the traffic load is X, look at the hardware they sell than can handle X.
That i5-4690k will be massive overkill, I’d use that one for something else.
The only reason I was thinking of using it is because I don’t have anything else to use it for atm. I’ll give a look to the different official boxes, but that still leaves what chassis and such to get for this sort of project. My last rack build was an enterprise pre-built that I just needed to stock with ram and drives.
Makes sense, it should definitely handle it fine, and a computer you have is cheaper than something you have to buy. It’s just about 10x more computer than you are likely to need. A positive is that you can try any PF package and also Handel high speed VPN access also. Maybe in the future you will end up with something spare but smaller and could change it out?
Also, have you used pfsense, or just have an interest? It has more learning curve than a consumer router.
Haven’t used pfsense before, I just want to get something better than a consumer router which always seem to stop getting updates and have terrible security.
Also I would like to get VLANs properly setup for different device types but my current router doesn’t support VLAN tags.
If you just want to tinker first, you can get the first generation SG-1000 for about $50 used. It would be throw away eventually due to not having enough horsepower for a high speed connection or good vpn speeds.
You could also try pfsense virtualized, first on that computer, start out securing one part of your lan while you learn it. I am in the camp of having a dedicated device (eventually) for something that critical is better, but having your internet down because you are learning also sux…
I don’t know if I need to tinker around too much first. But then again, you can’t always know what you don’t know.
I just need to get my network upgraded soon. I can mess around with it in a VM anytime, but right now I would like to at least start acquiring the hardware to get it put together when I’m ready.
Hardware wise, just be sure whatever you get/use supports AES-NI encryption on the CPU, and has a PCIE slot because it’s really convenient to add a 4x1Gbe (Intel) card to a standard 1-port motherboard and have 5 ports on your router all managed by pfSense.
Try to avoid a configuration which has only 1 or 2 ethernet ports unless you also want to have to tackle VLAN’s really early on or already plan/have all managed switches that are VLAN aware.
You are right! I think that requirement apparently changed within the past year, so thank you for that.
That being said, the OP might be hard pressed to find hardware that didn’t support AES-NI, especially given his candidate system i5-4690k does support Intel AES.
The only consideration with a system that might be overkill is the added power and heat generated depending on the costs of such things where you live. If learning about pfSense is the goal, then use what you have. If daily power requirement is an issue, try undervolting or maybe purchase hardware down the road but I wouldn’t be too concerned about the 4690k otherwise.
Also one more point for Calvin, I wouldn’t consider virtualization for pfSense if I could avoid it. Especially in light of the many various Intel security flaws that directly affect the security of VMs. A pfSense router is your first and primary defense against most attacks from the internet and I wouldn’t want to weaken it if I could help it. Direct hardware is the way to go with something like that.
Is there a good server chassis + ps combo that I could find to slap my hardware in? If it should work reasonably well, then I should just need that and a network card to get up and running.
I used one of these for mine but they seem to be out of stock right now:
The fans use a molex connector and I have them running direct to the PSU so they aren’t the quietest (Though not really loud) if that’s your concern. You could probably adapt them to run off a controller to quiet them down some.
This case is only 2U and takes half height cards so you may be limited on your choices for a 4 port NIC. I just use a 2 port NIC and managed switches for VLANS and it works quite well.
Honestly, if you don’t need to rack mount it, I’d just pick up a standard budget PC case and call it a day. The CPU won’t be taxed much and won’t be generating that much heat so most any case will do that can accept standard height PCIe cards for maximum compatibility. The PSU doesn’t even need to be large or fancy, just reliable and maybe efficient since it will be running 24-7.
Yeah, I am going to rackmount it. I already have a rackmount NAS, UPS and switch, so I’ll want to keep them all together for simplicity sake.
The height probably doesn’t matter too much, but I thought it’d be strange to have a giant router. I’m perfectly fine with going to ebay for the used market too.
I wouldn’t look at a combo, I’d get a cheap case and a trusted name power supply with a low wattage rating (under 450w). Whether you select the higher efficiency (80+Gold/Platinum/Titanium) options you will just have to evaluate the cost/benefit analysis yourself.
Less efficient tier power supplies draw incrementally more power from the wall and produce more heat. But at 25% usage neither of those are going to be big numbers.
High efficiency power supplies tend to cost significantly more for the same power as you move up tiers. It may be hard to justify the added cost at low consumption, unless you are paying high electrical rates.
If, after awhile, you definitely want to stay with pfSense consider a lower power chip (long term), maybe a 7nm AMD APU if Intel doesn’t have a good option. (possibly the Zen 2 APU will be out with 15W-35W option) which might let you cool it passively without a fan (or very low fan).
If you have the rack space, but make sure whatever you select can hold your motherboard (ATX or w/e it is) and also has clearance for some type of cooler.