Anyone using Pfsense on a sff mini PC?

humptydumpty

I’m looking to replace my router and always wanted to go the pfsense route for the increased security/control you get over commercial routers. Does anyone have any experience with pfsense and can recommend some hardware and guides to get up and running?

luckow

@humptydumpty something like https://www.amazon.de/Firewall-Appliance-Mikrotik-OPNsense-HUNSN-Schwarz/dp/B0B154S98L/ Use opnsense instead of pfsense
https://opnsense.org/

humptydumpty

@luckow did some reading on pfsense vs opnsense. I’m sold on opnsense but that leaves the hardware. The box you linked doesn’t have wifi. I’m guessing I can use my existing commercial router for wifi or is there a more secure/better method out there?

luckow

@humptydumpty It really depends on your needs. In our office we have a 4 port appliance like the one in the link above (not sure if it's the same model), but we only use 3 of the 4 ports. More network segments means more ports. If you just want a dedicated firewall in front of your router, maybe 2 ports is enough?
One of my last Kickstarter products was https://www.zimaboard.com/. At first, I thought, hey, I'll use it for Opnsense at home. But then a local Cloudron instance was more important to me

And in addition to the firewall, we use dedicated Wi-Fi access points with VLAN capability to separate the different use cases on the WLAN. In combination with opnsense it is possible to meet specific security requirements (if you trust VLANs).

privsec

An t620+ with an intel 4 port nic is what I use with opnsense.

I upgraded the ram and the ssd

You could also go the protectli route, or an alibaba comparable

Protectli is nice due to the built in 4g backup SIM card option.

marcusquinn

I like the look of Protectli

• https://protectli.com
• https://protectli.com/integrations/
• https://protectli.com/kb/coreboot-build-guide/

And been quite happy with Bee-Link as a mini Proxmox server:

• https://www.bee-link.com/

And this looks like a good read:

• https://homenetworkguy.com/review/opnsense-hardware-recommendations/#500-usd

humptydumpty

@privsec I’m leaning heavily towards the t620+. I found one on eBay with 4 ports ready to ship. It seems 8GB RAM is the standard for opnsense but should I upgrade it to 16GB? Also, what’s the reason for upgrading the SSD? How much space would opnsense need in a home router setting? I read the t620+ has mobo rev A and B. The A has an additional m.2 port or something like that. Does it matter which rev board I get?

@luckow @marcusquinn the zimaboard looks nice but it seems upgradeability is impossible. I have a bunch of rpi’s laying around but I’m finding them useless in any use case that requires reliability. The only ok use is as an Omv5 nas box. Protectli seems nice but is UK/EU oriented and I’m not sure what adapters I would need for the US. The HP t620 plus might be the ideal hardware for me. I wish I could use one of the SFF I already have (elitedesk 800, lenovo m700, etc.) but I’m not sure how to add a second nic card to them. Thanks for the recommendations!

privsec

@humptydumpty it does matter, I remember finding which version was best on servethehome I think.
One of the models if I recall wasn’t suggested