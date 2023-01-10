Share your pfSense / OPNsense builds

blackmomba

Gawd
Joined
Dec 5, 2018
Messages
739
I've been wanting to repurpose some old hardware into a pfSense box for the longest time but I've gotten to the point where I don't have anything much that doesn't serve a purpose :happy:

I haven't got any leftover chips with AES-NI and the only board I've got is an M3A78-EM which is working but ancient. Ive got some DDR4 though, a power supply, an mATX case.

I'm suffering from a lack of inspiration so I thought I'd start this thread knowing there's a lot of creative folks on here... So share your pfSense rigs!
 
Machupo

Machupo

Gravity Tester
Joined
Nov 14, 2004
Messages
5,617
Supermicro X10SDV-6C+-TLN4F (Xeon D-1528 w/ dual 10GbE) w/ 32GB ECC, 256gb nvme ssd, and a titanium psu in a 1U rack.

Bulletproof and way overkill for the packages / services I am running, but I got an absurd deal on the main board and had most of the rest laying around. Also fits nicely into my 12U network-depth rack, hah.
 
S

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,387
longblock454 said:
My current box is now 11 years old, need to get this upgraded as well.

Might just say screw it and order one of their appliances, the 6100.
If it's not broken, don't try to fix it. :D

Net gate and I believe Firewalla also has great appliances if you're going that route. You can also roll your own sophos for home use for free. I've been tempted to try that since I need IPsec vpn tunnels, but I also need appliance simplicity and don't have time to do a build.
 
E

Eulogy

2[H]4U
Joined
Nov 9, 2005
Messages
2,982
When I still ran pFsense, I ran it on a PCEngines APU2C2. I got a lot of happiness out of the fact that my edge device consumed less than 10W, was PoE powered (so I could power cycle it from my switch just by disabling and re-enabling PoE on that port), and still was able to push through about 800Mbps up / 40Mbps down (though my service was faster, just not quite enough compute thrown at FreeBSD to get there with the 2C2). Was a decent little box that served me well, til I upgraded to Mikrotik instead. I built little rack ears for the chassis so it took up 1U in my rack, just above my core switch.
 
S

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,387
Machupo said:
Supermicro X10SDV-6C+-TLN4F (Xeon D-1528 w/ dual 10GbE) w/ 32GB ECC, 256gb nvme ssd, and a titanium psu in a 1U rack.

Bulletproof and way overkill for the packages / services I am running, but I got an absurd deal on the main board and had most of the rest laying around. Also fits nicely into my 12U network-depth rack, hah.
That's a beautiful overkill. :) I bet the updates will make you upgrade the hardware before your wan connection will, haha.
 
GotNoRice

GotNoRice

[H]F Junkie
Joined
Jul 11, 2001
Messages
11,575
A couple of years ago I got a SFF Dell with an i5-3470 for $50 and added a low-profile dual-port Intel gigabit nic. It's been solid ever since.

Before that, I ran it on a Core2Duo e6400 system for a long time. Then at one point it was said that only CPUs with AES-NI would work with what was then the upcoming version 2.5. Of course, they dropped that requirement at the last moment. If it wasn't for that I'd probably still be using the Core2Duo.
 
S

Stugots

Supreme [H]ardness
Joined
Feb 25, 2004
Messages
7,055
Was running it on a PCEngines APU2C4. Upgraded to an old Dell Optiplex 9020. Not as power efficient, but it’s WAY faster.
 
ochadd

ochadd

[H]ard|Gawd
Joined
May 9, 2008
Messages
1,221
Dell T20 server, Xeon 1225 v3 cpu, 32 GB Ecc non-registered memory. Running Windows Server 2019 and Hyper-V. Virtualized PFsense with dedicated gigabit NIC for WAN. 2.5 GBps LAN port shared with VMs for file server and NVR/DVR. One server for all my home needs. The important data, virtual machines, is all portable to a new server whenever I need to replace it.
1x Sata SSD boot drive
1x U.2 7.68 TB data drive
1x HDD for server backups
1x 2.5 PCIe NIC

48 watts steady, 64 watts writing backups, 84 watts max power draw I saw after a full month of monitoring. Bought this server new about 7 years ago with a Celeron or Pentium CPU. Upgraded via Ebay several times. CPU is finally feeling weak with 4k surveillance camera playback. Otherwise it does my 500 mbps symmetrical fiber connection just fine and it will do a full 2.5 gbps iperf3 test fine. Not sure if it would actually route/inspect 2.5 gbps of internet traffic but I have no need for that.
 
G

German Muscle

Supreme [H]ardness
Joined
Aug 2, 2005
Messages
6,822
I picked up a RSA branded Dell R620 server as the foundation.
nc_ohc=hKQ_dZ9OPowAX-Ezf-7&_nc_ht=scontent.fosu2-1.jpg


Stuff i changed:
Intel x520/i350 2x SFP+ 10g/2x gb RJ45 Removable Network Daughter Card(Dell Part: C63DV) for downstream.
Dell-C63DV-1.jpg

Intel x550-T1 1x RJ45 1g/2.5g/5g/10g NIC for upstream.
819MyKwQsVL.jpg

Intel Xeon E5-2630L V2 60w 2.8GHz cpus.
System already had 32GB of DDR3-1600 in it from initial purchase.
Started with a 120GB 2.5 Inland SSD plugged into a sata port and laid it on top of the NIC and it lasted two years but a few months ago the drive started corrupting. I think this is was due to laying on top of the NIC. I pulled the backup and tossed in two 900GB 10k RPM HDDs that i had laying here as a spare. I put them into a Raid1 and did a fresh install of OPNSense and pulled in the backup and life has been good.

This has been rock solid reliable and its only broken cause of stuff ive done. Other then that its never went down or had any issues itself. It is pretty overkill but thats my style. I am also running Zenarmor as a content filter which is turned off and im using crowdsec for ips. I also am geoblocking basically every country outside of the US/Canada right now.
I have been looking for something newer and more power efficient but that can deliver the same horsepower. I was just given a R630 so i might change over to that.
 
V

Vengance_01

Supreme [H]ardness
Joined
Dec 23, 2001
Messages
6,914
I might try a Virtual version just to mess around with. I have a Xeon Gen 3 4C 8T and 16GB ram server with SSDs hosting my ProxMox server. I would just need to add a dual 1GBe Intel nic to pass directly to the VM.
 
W

whiskeytang0

n00b
Joined
Jan 9, 2023
Messages
2
Repurposed an old desktop and stuck a quad port intel i350 in it. Intel 7700K w/ Z270G STRIX motherboard w/ 32 GB DDR4 something... and a cheap 128 GB NVME.

It can handle anything I throw at it and is extremely stable for being a 2016 - 2017 build, and fairly compact for being mATX.

Edit: and quite low power/heat too
 
sinisterDei

sinisterDei

[H]ard|Gawd
Joined
Dec 1, 2004
Messages
1,577
My home pfSense install is running as an ESXi virtual machine on one of these. I gave it 4 CPU cores and 4 GB of RAM. The whole box has 32 GB of RAM and a 1 TB SSD. Works very well.
 
O

Outlaw85

[H]ard|Gawd
Joined
Feb 7, 2012
Messages
1,537
Current is a VM on ESXI as well. 4core/8gb ram using L5638 in an HP DL380 g6. running a 2 node cluster to allow for vmotion.
upgraded from an old amd athlon x2 shuttle with 4gb ram.
 
B

blackmomba

Gawd
Joined
Dec 5, 2018
Messages
739
I'm gonna bump this bad boy cause I finally had time to repurpose an old build.

I went with a Ryzen 2400g, 8GB ram and a small nvme boot drive.

I'm gonna make some time during the night to install it (my LAN's maintenance window hehe)

I currently run a fairly basic setup using an Asus AX58U running Merlin, guest network, bout 30 clients or so.

So if I understand correctly, to install the firewall before this Asus router, I need to put the router in AP mode and disable DHCP? Will I still be able to have a WLAN from the Asus router and have pfsense or opnsense assign IPs to its clients? Fairly new to me all this
 
Grebuloner

Grebuloner

[H]ard|Gawd
Joined
Jul 31, 2009
Messages
1,607
Yes, it should still work.

Also, since you're using a small ssd for your pfsense, make sure to enable ram disk for your tmp and var folders. There's enough writing to wear out a drive.
 
S

Stugots

Supreme [H]ardness
Joined
Feb 25, 2004
Messages
7,055
Grebuloner said:
Yes, it should still work.

Also, since you're using a small ssd for your pfsense, make sure to enable ram disk for your tmp and var folders. There's enough writing to wear out a drive.
I’ve been tempted to enable a RAM disk on mine but haven’t yet. I’m using a shitty old SATA SSD.
 
B

blackmomba

Gawd
Joined
Dec 5, 2018
Messages
739
Grebuloner said:
Yes, it should still work.

Also, since you're using a small ssd for your pfsense, make sure to enable ram disk for your tmp and var folders. There's enough writing to wear out a drive.
Thanks, appreciate it. I just enabled both options

Everything is working right out of the box which is nice. Enabled AP mode on the router and after it reset it picked up its IP from opnsense, WLAN working nicely too. Really happy.

One thing I noticed was that with the Asus router, I always used to get a 192 address from my ISP (never noticed what connection type it was using). With opnsense, I see it autoconfigured a DHCP connection type and picked up a totally different addresses (I think it's the first time I get a different address in like 2 years) I wonder why that is.
 
Grebuloner

Grebuloner

[H]ard|Gawd
Joined
Jul 31, 2009
Messages
1,607
Stugots said:
I’ve been tempted to enable a RAM disk on mine but haven’t yet. I’m using a shitty old SATA SSD.
It's a quick config setting and a reboot. Set the amounts to be ~500 MB as a good buffer (assuming you have the memory to spare. I have 8GB total which is way more than I need)
 
H

Harvestor

Limp Gawd
Joined
Apr 21, 2009
Messages
189
Really starting to look into a Pfsense build since my current isp provided xb7 will not run a vpn. If i am going to do it i might as well jump off the deep end, how crazy of a cpu would i need to run a 2.5gb network since i am most likely going to put my storage serve in the same box if at all possible.
What is recommended for a boot drive?
 
G

German Muscle

Supreme [H]ardness
Joined
Aug 2, 2005
Messages
6,822
Harvestor said:
Really starting to look into a Pfsense build since my current isp provided xb7 will not run a vpn. If i am going to do it i might as well jump off the deep end, how crazy of a cpu would i need to run a 2.5gb network since i am most likely going to put my storage serve in the same box if at all possible.
What is recommended for a boot drive?
So you want to run a storage server off of your firewall/router?
 
H

Harvestor

Limp Gawd
Joined
Apr 21, 2009
Messages
189
German Muscle said:
So you want to run a storage server off of your firewall/router?
I was thinking of running pfsense in a Vm if possible, I have just started looking into pfsense so I am not very familiar with it.

If it cant be done i have no problem throwing a dedicated system into a a 1u server chassis i have.

I guess my biggest question is how old of a cpu is too old to handle a 1GB connection with vpn duties as well.

I have a 4970K and 64gb of ecc ram if its not too old
 
B

blackmomba

Gawd
Joined
Dec 5, 2018
Messages
739
Harvestor said:
I was thinking of running pfsense in a Vm if possible, I have just started looking into pfsense so I am not very familiar with it.

If it cant be done i have no problem throwing a dedicated system into a a 1u server chassis i have.

I guess my biggest question is how old of a cpu is too old to handle a 1GB connection with vpn duties as well.

I have a 4970K and 64gb of ecc ram if its not too old
During my research, I learned that you want a chip that supports AES-NI, you can find a list here

I'm running a 50/400 connection with roughly 20 clients on the LAN and the 2400g im using is generally idle for now
 
G

German Muscle

Supreme [H]ardness
Joined
Aug 2, 2005
Messages
6,822
Harvestor said:
I was thinking of running pfsense in a Vm if possible, I have just started looking into pfsense so I am not very familiar with it.

If it cant be done i have no problem throwing a dedicated system into a a 1u server chassis i have.

I guess my biggest question is how old of a cpu is too old to handle a 1GB connection with vpn duties as well.

I have a 4970K and 64gb of ecc ram if its not too old
You can run it as a VM but its kind of a catch 22. I would suggest looking at opnsense. pfsense has a history of extremely shady practices.
I would suggest running it baremetal for simplicity.
Most any cpu you would use at this time is fine. My first was a X58 era Xeon. Ive never ran over 32G for RAM. 32G is complete overkill as is. Intel NICs also will ensure things go smooth. That applies to BSD in general.
 
H

Harvestor

Limp Gawd
Joined
Apr 21, 2009
Messages
189
German Muscle said:
You can run it as a VM but its kind of a catch 22. I would suggest looking at opnsense. pfsense has a history of extremely shady practices.
I would suggest running it baremetal for simplicity.
Most any cpu you would use at this time is fine. My first was a X58 era Xeon. Ive never ran over 32G for RAM. 32G is complete overkill as is. Intel NICs also will ensure things go smooth. That applies to BSD in general.
Good to know about the Intel NIC , i have a asus 2.5 one here that i got a really good deal on that i was going to use but if intel will make my life easier i will start looking for one thanks
 
H

Harvestor

Limp Gawd
Joined
Apr 21, 2009
Messages
189
blackmomba said:
During my research, I learned that you want a chip that supports AES-NI, you can find a list here

I'm running a 50/400 connection with roughly 20 clients on the LAN and the 2400g im using is generally idle for now
Great list thankyou, i see that my 4970 is on the list so i will dig it out of storage and get a system built and start playing around
 
S

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,387
German Muscle said:
I picked up a RSA branded Dell R620 server as the foundation.
View attachment 542335

Stuff i changed:
Intel x520/i350 2x SFP+ 10g/2x gb RJ45 Removable Network Daughter Card(Dell Part: C63DV) for downstream.
View attachment 542336
Intel x550-T1 1x RJ45 1g/2.5g/5g/10g NIC for upstream.
View attachment 542337
Intel Xeon E5-2630L V2 60w 2.8GHz cpus.
System already had 32GB of DDR3-1600 in it from initial purchase.
Started with a 120GB 2.5 Inland SSD plugged into a sata port and laid it on top of the NIC and it lasted two years but a few months ago the drive started corrupting. I think this is was due to laying on top of the NIC. I pulled the backup and tossed in two 900GB 10k RPM HDDs that i had laying here as a spare. I put them into a Raid1 and did a fresh install of OPNSense and pulled in the backup and life has been good.

This has been rock solid reliable and its only broken cause of stuff ive done. Other then that its never went down or had any issues itself. It is pretty overkill but thats my style. I am also running Zenarmor as a content filter which is turned off and im using crowdsec for ips. I also am geoblocking basically every country outside of the US/Canada right now.
I have been looking for something newer and more power efficient but that can deliver the same horsepower. I was just given a R630 so i might change over to that.
Nice overkill! Like using a nuke to squash a fly! :D
 
S

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
6,387
blackmomba said:
With opnsense, I see it autoconfigured a DHCP connection type and picked up a totally different addresses (I think it's the first time I get a different address in like 2 years) I wonder why that is.
Different MAC address being sent to the isp, so different address. You normally can have the same IP by changing the MAC address to match the previous router, but in your case I think it could cause problems since the MAC is still on the physical network.
 
B

blackmomba

Gawd
Joined
Dec 5, 2018
Messages
739
SamirD said:
Different MAC address being sent to the isp, so different address. You normally can have the same IP by changing the MAC address to match the previous router, but in your case I think it could cause problems since the MAC is still on the physical network.
Thanks very much man!
 
B

blackmomba

Gawd
Joined
Dec 5, 2018
Messages
739
I renamed the thread to include OPNsense builds

I don't know exactly why, but I get the impression that a lot of home labbers and hobbyists are moving away from pfsense and recommending OPNsense. I'm not sure why (something about licenses ?)
 
