What's new

Recommendations for OPNsense box?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

loganx1121

New Around Here
So I need a firewall for my home lab and settled on OPNsense. I got a Dell recoverpoint box from work. 4 NICS, 12GB of RAM, 2x Six Core E5-2620, 2x 300GB HDD. I had planned on using this as the OPNsense box...but...I feel like it's overkill. I also feel like it's going jack my electric bill up.



So, I'm looking for recommendations. I was going to buy an appliance, but everyone keeps telling me I can build something better for the same money. Been browsing around newegg but I honestly have no idea what I need for what I want to do. If it was a normal server build I could spec it myself but it kind of isn't so looking for some insight.



Here's what I'd like to do:

  • Gig throughput for traffic (routing) + Gig throughput NAT
  • I'm probably going to want to play with the IPS features too, i.e have IPS turned on and still be able to achieve the above speeds
  • IPSEC VPN <-- 100 Mbps to 200Mbps is fine. This is more convenience for friends and myself to access my NAS, etc.


So it looks like some of the pfsense appliance that claim to be able to route a gig are $400-600. I've been looking at some Xeon processors that are in the 200-250 range like this https://www.newegg.com/p/N82E16819117616



But I honestly don't have a clue what I need. I've built dozens of desktops off newegg for myself and others but never tried anything like this.



Any help is appreciated! Thanks in advance.
 
you can always install a hyper visor on your system and use opnsense in a vm and serve also some others servers.

basic home use can even be done with a j1900 with 4gb ram, I do this on a 500mbit line using pfsense with pfblocker, 2 openvpn clients, a openvpn server, snort and a few other packages.

Server grade xeon is usually a lot of overkill.

personally if I had to choose today I would probably choose a mobile i3 or i5 low power fanless box like qotom or something similar.

Verstuurd vanaf mijn SM-G955F met Tapatalk
 
So I need a firewall for my home lab and settled on OPNsense. I got a Dell recoverpoint box from work. 4 NICS, 12GB of RAM, 2x Six Core E5-2620, 2x 300GB HDD. I had planned on using this as the OPNsense box...but...I feel like it's overkill. I also feel like it's going jack my electric bill up.

that's probably a bit of overkill... nice server box - but as you mention, it's power hungry, and I'm thinking it's pretty loud with all those fans 0 but if you have a 10G WAN connection, you'll be right as rain :)

Since OPNSense is basically a fork of pfSense - it's good to have a CPU that is;

a) 64 bit
b) supports AES-NI

From a board perspective - with OPNSense/pfSense - good to have Intel NIC's - they just work, and they work very well - it's a BSD thing, and Intel is good about directly supporting the BSD's unlike other vendors.

I'm still running on a pfSense box with a dual-core C2358, 4GB of RAM, and it's plenty of horsepower to meet my needs on a 300/30 connection where I work from home and this box gets beat up pretty hard with other stuff happening.

I offload all my VPN and other activities over to an Intel NUC7i5 - it's kitted out a bit to the extreme, 32GB RAM/512GB nVME storage on it, but works well as a home server for builds/etc, as well as being wire speed on VPN, as I do have VPN back to the office, and I use this while I'm travelling as a trusted host - no, I don't use commercial VPN hosts...
 
IMHO, the best combo of high-ish clock x86 with low power draw would be an Intel x86 embedded appliance like a 6-port Minisys/Protectli box. All Intel NICs. AES-NI. And they take a 2.5" SSD. I like the i5-7200 model for max throughput, but I'm sure the i3 or even the Celeron would work well enough, presuming you research how much traffic each can push, relative to your needs.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top