Hi all -
Right now, my main router right behind my ISP supplied router is a Ubiquity solution, but I want to replace this with a ‘pfSense’ appliance, that can also handle VLANS 802.1q + have the power to run Suricata.
I would prefer a Small form-factor solution due to space constraints, but at the absolute worst I have an old Z170 + Pentium box that could be repurposed.
If you make any recommendations, would prefer links to items on Amazon please, thanks!
Most nucs don’t have two nics
Sorry, in the past I found some interesting builds for pfsense but that was years back, doubt the hardware is available now. I’ve been meaning to find something similar for a networking project but haven’t gotten any further than noticing the AMD V1000/R1000 embedded CPU/Mb’s would be nice but good luck finding them. Intel used to have their Atom server line that had some network centric boards but I’m not sure if they’re still refreshing those and like everything else was caught up in that ME nonsense. Well, all of that may be overkill for your use. I’ll poke around today and reply again if I find anything interesting.
edit The project does have it’s own hardware available, but I dunno about support for that IDS.
edit2 Well… I knew it was bad, but not quite this bad. The lack of Nic ports or anything supporting VLANs, offload, etc on motherboards. Well, anything that doesn’t offer Intel nics. I dunno how much price is a factor for you or even how many Nics you need in your situation, but it’s pretty hard to find even a dual nic mb (minimum needed for WAN/LAN setup) in the desktop space. Premium gamer boards and workstation/server boards is where you’ll start seeing 2-4 nic ports (esp of intel design). Honestly, unless you also have some serious CPU needs as well it seems a lot easier just to snag some Intel nic pcie cards and then you can use w/e MB/CPU/form factor you want.
Intel Pro/1000 and i340-T4 cards seem to be pretty popular if you need quad ports (WAN/LAN/OPT1/OPT2) and run ~$99. I hesitate to link them because it seems only 3rd party sellers have these and my impression is that most of these cards are mostly used/refurb. Especially the Pro/1000 because I don’t think these are even made anymore? You could just get single port nic cards but they’re relatively pricey $30-45 a piece (120-180 for 4 ports), but if you just need 2 ports and already have an Intel nic on your MB that’s probably the best solution.
My search was by no means exhaustive and some others might have some ideas but I think it’s safe to say there isn’t a ready made solution until look at workstation, server, or embedded offerings. The later of which you most likely will require a business license to get through a distributor or store catering to business clients.
In light of this the netgate offerings might be the way to go depending on your needs as you’re sure to get hardware that works with pfSense. But I can understand the desire to build your own.
Random links of expensive things that seemed over the top to me -
I have one of these as my pfSense box, runs great.
It is a standard Chinese miniPC for general purpose used, there are no fans inside it, so it runs at a constant 50C or so for me.
Ehh a bit of a note to add is the LAN labels on the box may be a bit wrong
you shouldn’t need more than 4G of RAM and any cheap SSD should do. I’ve brought mine pre-built, so I don’t know what connector the SSD uses specifically.
This box does support AES-NI so it is kinda future proofed for pfSense once they stop support non-AES-NI processors.
Or that ^
Not bad. I was totally not avoiding Intel CPU/MBs at all… cough Well, maybe I was biased a bit… Seriously good to know tho.
FYI this is a card I snagged on Amazon that supports VLANs etc albeit an Intel clone https://amzn.to/2IlrA8b
I use opnsense on a thin client as a transparent filtering bridge between my Ubiquiti router and cable modem. It runs suricata. I had to upgrade the ram, but it hasn’t had an issue otherwise.
Vyatta feels more like a router to me whereas *sense feels more like a gateway/firewall. Either will suffice in any role, but I think they can compliment each other. I think that is often overlooked. You don’t have to choose.
I just threw together a B450/Ryzen 2200G/Realtek Quad Nic/16 Gb DDR4 3200 for $320. It’s more expensive then the premade above but I already had a box I’m upgrading. I hesitated on the realtek but ultimately decided to try it. I can always return it.
Obviously not ideal if you don’t already have a Case/PSU/Drive. The 3200G is a Zen+ and I don’t really need the bump in speed.
Netgate XG-7100.
In the past day I’ve made some awesome progress that I’m really pumped!!
TLDR; I’ve managed to run my 6700K CPU on a spare Asus Prime-A Z270 board – an older box that used to run a Pentium G4600 – and the 6700K/system works! Ran OCCT for over an hour & Intel BurnIn test a couple times.
After all that, I installed XCP-ng (XenServer) and got pFSense running in a VM with the Startech I350 GigE card-
pfsense WAN - xn0: NIC1 on the I350 nic
pfsense LAN - xn1: NIC2 on the I350 nic
The gorgeous part is that traffic on the LAN port runs through Suricata and pfSense actually issues DHCP leases etc. I didn’t do any SR-IOV etc and didn’t expect this to work at all 
This means I can run XOA (Xen Orchestra) and cron-job pfSense VM backups to my FreeNAS. Awesome!
Will be posting a project log on further progress. Thanks!
I repurposed an amd athlon 64bit 2-core PC from 2008 with 2 gigabit nics in the PCI slots and it works great. There’s no hardware crypto support, but the cpu is unaffected by Meltdown so TDI is off. Standard OpenVPN encryption never gets held by the CPU. I overclocked it a bit for some extra headroom. It’s hooked up to a 1TB drive for caching used to be a desktop used for dial up access 
More info on my progress to run pFSense in Xen VM detailed here -