Sponsored Links

3 Gbps + PfSense / OPNsense

MrCatDad

Casual Member
Hey all!

I am thinking of making my own pf/OPN sense router/firewall etc. I do have a few bits of old-ish PC parts laying around. I have looked at the pfSense hardware section to get an idea, however just want more an input on the specification's I plan to use from the spare parts I got.

They are :

i7-4770K
CPU Cooler - Noctua NH-D15
Motherboard: Sabertooth z97 Mark S
16 gig ram @ 2333
SSD - 870 EVO, 250
PSU - 600

As for networking cards, is it best to get 2 x 10gigs cards or a duel single 10 gig card?

As I do want to learn pf / OPN sense over time and segment my network up. As I do a lot of editing/WFH/Hybrid stuff.
 
It wont care about whether the ports are on one card or split over two, so the answer to that question is check your motherboard to see if it has the pci express bandwidth to carry that amount of bandwidth on multiple pci express slots. If its all good hardware side, then just make sure the card has FreeBSD14 drivers, It probably will, but check to be sure.
 
Sponsored Links
It wont care about whether the ports are on one card or split over two, so the answer to that question is check your motherboard to see if it has the pci express bandwidth to carry that amount of bandwidth on multiple pci express slots. If its all good hardware side, then just make sure the card has FreeBSD14 drivers, It probably will, but check to be sure.

Thank you for the heads up on the drivers. The old motherboard does have a fair few PCI-E slots.

Specs of slots:

2 x PCIe 3.0/2.0 x16 (Single at x16, dual at x8/x8)
1 x PCIe 2.0 x16 (max at x4 mode, black)
3 x PCIe x1

Intel 10G cards are your safest bet. I've used a lot of X520-DA2 in my time, but they're not cheap.

Thank you for the heads up and yep, I been looking at these as well. I was thinking for the time being while self learning on PF/OPN was thinking getting another TP-Link 10 Gigabit PCI-E as one already in my main computer.
 
An i7 is probably not ideal. Low power draw is better for production.

An advanced approach would be to run the firewall as a virtual machine so the hardware can also be used for other things, but I prefer a bare metal firewall at the perimeter of my network.
 
Your specs are very good. My old pf box was even order i7.
Go with the dual 10Gbit RJ45 from intel (X5xx or X7xx).

You could even run proxmox and then spin VM and/or test VMs so you can learn without downtime (you can break everything and then you just need to wait for your backed-up VM to boot :) )

PS: regarding power consumption, you can try limiting the TDP and the max boost clock. You can even deactivate the intel boost functionality if you don't need it to route 3gbit up and down.
 
I'm doing 10Gbit router on a stick with OPNsense with lower specs than you , so you should be good!. Personally I didn't bother with dual port 10G, one was enough. If you find yourself needing a LAG for your home network, things get a bit expensive when you then start getting two OPNSense routers, two 10G switches. etc.

I can also highly recommend the Mellanox Connect X3 series. You can often pick them up on ebay from server pulls for £20 or so if you don't mind waiting for it to arrive. There's a drive in OPNSense/PFSense for it (sometimes need to enable it)
 
Sponsored Links
I'm doing 10Gbit router on a stick with OPNsense with lower specs than you , so you should be good!. Personally I didn't bother with dual port 10G, one was enough. If you find yourself needing a LAG for your home network, things get a bit expensive when you then start getting two OPNSense routers, two 10G switches. etc.

I can also highly recommend the Mellanox Connect X3 series. You can often pick them up on ebay from server pulls for £20 or so if you don't mind waiting for it to arrive. There's a drive in OPNSense/PFSense for it (sometimes need to enable it)
10g on a stick?!?! :)
 
There are a few cheap 10GbE cards that work great with both of those operating systems.

Intel X520-T2
Intel X540-T2
Intel X550-T2 (has 2.5Gb/5Gb in addition to 10Gb)
Intel X710-T2
Intel X710-T2L (has 2.5Gb/5Gb in addition to 10Gb)

Out of all of those the Intel X710-T2L and its bigger brother the X710-T4L use the least amount of energy. The X540-T2 is likely the one I'd recommend for the price as they can be bought for around £55-£65 on eBay and have two ports.

All of these cards are plug-and-play. No faffing is needed and they're all very stable, you won't have any problems with any of them in pfSense or OPNsense.

I think your overall setup is likely to be fine routing 3Gb/s - You may struggle a little if you use VPN's (on the router itself) to get that speed through your 4770K even with load balancing but just raw internet speed it should be perfectly adequate.
 
An i7 is probably not ideal. Low power draw is better for production.

An advanced approach would be to run the firewall as a virtual machine so the hardware can also be used for other things, but I prefer a bare metal firewall at the perimeter of my network.

Indeed, but its only for self learning purpose at the moment. Once all done then I will make sure I can get it down into production/low watts.

Your specs are very good. My old pf box was even order i7.
Go with the dual 10Gbit RJ45 from intel (X5xx or X7xx).

You could even run proxmox and then spin VM and/or test VMs so you can learn without downtime (you can break everything and then you just need to wait for your backed-up VM to boot :) )

PS: regarding power consumption, you can try limiting the TDP and the max boost clock. You can even deactivate the intel boost functionality if you don't need it to route 3gbit up and down.

Thank you, I will look into proxmox as well. I will most properly play about with the TDP/Clocks vs performance and see from there really. Yes as well to VM, I done that many times with other OS's/Linux etc

I'm doing 10Gbit router on a stick with OPNsense with lower specs than you , so you should be good!. Personally I didn't bother with dual port 10G, one was enough. If you find yourself needing a LAG for your home network, things get a bit expensive when you then start getting two OPNSense routers, two 10G switches. etc.

I can also highly recommend the Mellanox Connect X3 series. You can often pick them up on ebay from server pulls for £20 or so if you don't mind waiting for it to arrive. There's a drive in OPNSense/PFSense for it (sometimes need to enable it)

Thank you! ooo 10Gbit on a stick, nice! Got any links/info about that? Would be nice to see/read up on.

There are a few cheap 10GbE cards that work great with both of those operating systems.

Intel X520-T2
Intel X540-T2
Intel X550-T2 (has 2.5Gb/5Gb in addition to 10Gb)
Intel X710-T2
Intel X710-T2L (has 2.5Gb/5Gb in addition to 10Gb)

Out of all of those the Intel X710-T2L and its bigger brother the X710-T4L use the least amount of energy. The X540-T2 is likely the one I'd recommend for the price as they can be bought for around £55-£65 on eBay and have two ports.

All of these cards are plug-and-play. No faffing is needed and they're all very stable, you won't have any problems with any of them in pfSense or OPNsense.

I think your overall setup is likely to be fine routing 3Gb/s - You may struggle a little if you use VPN's (on the router itself) to get that speed through your 4770K even with load balancing but just raw internet speed it should be perfectly adequate.

Thank you! Yet on the VPN side speed wise, if I do want to implement that later on stage it, it will only be used for my self/family/work. So downloads/uploads wont really matter - As it will be more or less used for back up documents etc.
 
Sponsored Links
Thank you! ooo 10Gbit on a stick, nice! Got any links/info about that? Would be nice to see/read up on.
I didn't read up anything to set it up, it's quite simple. You can google for router on a stick but I don't see any OPNSense official guides on it. Anyway, the way I did it was I setup OPNSense on my Dell Wyse box and during setup I don't think you can avoid it but you need two interfaces, WAN and LAN. So I just plugged in a USB ethernet to make a "WAN" link temporarily just so I could get it setup/installed.

Then I just attach one single DAC cable between my router and my switch. Then I just configure that port on the switch to carry all VLANs (or just add the VLANs you want). Then I can plug in my internets (currently 5G and DSL but hopefully soon FTTP too). Plug them into the switch, give each of them a VLAN too. Then go into OPNSense, go to interfaces, other, VLANs and add a VLAN on the 10G interface for each of your new VLANs. Then go assign those interfaces and boom, it's just like if you had multiple real ports , each has it's own interface, each has it's own firewall ruleset etc.

I'll be happy to help you configure it when you're all ready to go. My major suggestion would be think now about how you want to segment / setup your network. It will help you not have to re-arrange it all later. Mine looks a bit like this

VLAN1 = untagged, untrusted LAN. Clients here can only reach internet, not other devices or other VLANs.
VLAN2 = tagged - DSL - 10.0.2.0/24
VLAN3 = tagged - 5G Modem - 10.0.3.0/24
VLAN4 = tagged - IoT / untrusted but can contact other clients in the same subnet - 10.0.4.0/24

IP addressing for each vlan takes the VLAN ID and makes that a /24
OPNSense handles DHCP for each VLAN, is itself the router for each subnet (e.g. 10.0.1.1 - 10.0.2.1 etc)

Port 1 on the switch here, is the DAC cable connecting to the router, carrying all the traffic, to the router (the dell thingy sitting above the switch)
xVEVCaf.jpg
 
Thank you! Yet on the VPN side speed wise, if I do want to implement that later on stage it, it will only be used for my self/family/work. So downloads/uploads wont really matter - As it will be more or less used for back up documents etc.
fyi, a proxmox + debian vm wireguard server on a 1.2 GHz Intel M-5Y51 Broadwell (from 2015), can push 900mbit up/down.
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6024)
  2. BT (3639)
  3. Politics (2720)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2144)
  8. FTTC (2083)
  9. Statistics (1899)
  10. 4G (1814)
  11. Virgin Media (1763)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1405)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules