Return to Level1Techs.com

pfSense Minumum Hardware

Just wondering what the lowest powered hardware people have been able to get away with?

I’ve got a couple strange little computers I’m thinking about trying to use for pfSense routers. These were originally for, uhm, roadway message boards, of all things. My dad works for the state and scrounged them from the garbage.

Anyway, they have a 500MHz AMD Geode processor, dual 100M NICs, 256MB RAM, a CF card slot, and a “laptop” IDE connector. I just purchased a CF to SD card adapter. Just to see what would happen. They wouldn’t need to be able to move data fast or anything. My parents house has 6Mb DSL, and my sister’s house has I think 12Mb DSL.

The board is the WAFER-LX3-800-W.

You need a CPU that supports 64 bit. if you really want to run it on that CPU pfSence 2.3 is the last version that supports 32 bit

I’m running a 64bit AMD Athlon™ Dual Core 4050e with two tplink gigabit nics in both pcie slots on the motherboard, making up three gigabit nics including the motherboard one. I then have two cheap tplink routers (wr841nv9 and wr940nv6) both running the latest release of openwrt from /index/releases and have them set up as a wds access point and repeater using the spanning tree protocol. Payed almost no money and have a professional setup. The amd processor takes just around 45w

As @DastardlyMuffin is hinting at, you could just use openwrt to do what you need to do on a 15year old 300MHz mips with 32MB of ram. You don’t need more than that for DSL like that.

If you used pfSense, you’d be spending hardware spinning FreeBSD and lighttpd and PHP to get a fancy UI.

In terms of x86 hardware ASRock n3150-itx ran a couple of VMs and ran pfSense in one of them, but the virtio drivers were super buggy in pfSense at the time, after spending a couple of weeks on their irc and mailing lists, I gave up. On a physical machine it worked fine, but it seemed wasteful to give it a whole machine.

1 Like

I run one of those little chinese pfsense routers.

A celeron 1007u (1.5 ghz ivy bridge dual core) is massively over spec’ed to load balance two 15mbit internet connections.

I guess the only real requirements are a 64 bit cpu, 512mb of ram and a 4gb disk.

I believe you need AES-NI support as well

2.5 was going to require hardware that supported AES-NI. However early this year that changed (due to no longer planning on using an REST API that required it).

So in several remote office I have Netgate SG3100 (dual core ARM processors) running 100Mb lines easily. The load does increase significantly with the use of SquidGuard, but it doesn’t reflect on the users.

My personal box is an AMD Athlon 5350 (those AM1 chips) with 2GB of RAM. It runs well also on a 100Mb line, although I have tested it going inter-VLAN with a Intel X520-DA2 (10Gb SFP+ NIC) and it sustained pretty good speeds from what I recall (somewhere in the 6-7Gbps range).

It really depends on what you need to route but in my experience, and as @abaxas said, runs pretty well on anything “modern” (aka 64bit).

2 Likes

Cool good to know (already had that support tho)

Have one of those, too. Also still have a PCengines APU1D4 somewhere that I need to sell.

But in general I like overkill more than efficiency. At home I’m running a Ryzen 3 1200 in a 2U case which is gonna be upgraded soon. Currently it has a dual port Intel NIC and a Draytek Vigor DSL modem card to do it’s job. But I decided to go with something external to make the connection itself and have my own firewall behind that. So the DSL card will go and the dual port NIC is gonna be replaced with a quad port. Also the system is gonna get a basic GPU, a 2W Sunix card with only VGA out. A fritzbox 7530 is gonna make the connection itself.

Tbchi wouldn’t build for now but build for later. Since firewalls are built on bsd typically and can last for 10-15 years buy something decent. Have AES-NI capability etc. In case you want to route some traffic through a VPN

At this point it’s sort of a curiosity. Just want to mess around. Like I said, terrible rural internet so not high demand.

Seems to be the hard part is getting an old version of pfSense. My setup is running 2.3.x or something because I haven’t updated or restarted it since I installed it. 800+ days of uptime. Looked around for that install iso, but haven’t found it yet.