[2-4-Flinching]

That is the reason I run a pfsense router/firewall. You never worry they are going to stop supporting your device cause your device is x86 with FreeBSD base.

[kop316]

Actually, that is not strictly so [1]. Starting in 2.5, they are requiring AES-NI instructions. I am a bit irritated with that as I bought one of their "official" routers to support them (The one based on the PC Engine APU2) and I use it as a home router, so I really don't need that support.

[1]https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html

[Fnoord]

You can always swap to OPNSense.

I'm annoyed they discontinued support for x86-32. My Soekris could run with a VPN board and saturate its 100 mbit ports.

Good news there as well is that OPNSense supports x86-32 just fine though.

[stamps]

Said it below, but the APU2 does support AES-NI.

I wanted to make sure you saw this.

[kop316]

Thank you for that, I made a mistake. I was thinking of the APU1.

[ris]

And how much money are you bleeding running that machine 24/7?

[stamps]

Not OP but I run a PC Engines APU2[1] as my pfsense box. It's 6-10 watts.

Updates are easy to manage, I use Pfblocker which is similar functionality to PiHole, and have cloudflares DNS (1.1.1.1) set up.

As for wireless I attach a Ubiquiti AP through a switch.

I've done this at a couple different sites for relatives and it's comforting to know there's some semblence of security and privacy for them.

[1] http://www.pcengines.ch/apu2.htm

[kop316]

I have one of those as well. As a word of caution, they are dropping support for that in 2.5 [1]. Starting in 2.5, they are requiring AES-NI instructions (like I said in my other post, I am a bit irritated they did that, especially when that is a requirement for something I do not need).

[1]https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html

[stamps]

The APU2 does have AES-NI so no need to worry.

Mine is active and working (I use it with OpenVPN right now).

[kop316]

You're right, my mistake, I had the APU1.

[deno]

For 100 MBit/s firewall all you need is Raspberry PI. Most people’s WAN connection is probably less than that. And if you need gigabit then there’s still plenty of options, anything from ODROID-C to 10W Goldmont, the latter a little expensive but it can double as HTPC etc. Idk how any of those work with BSDs but they work fine on Linux.

Also the nic.cz people have a neat new product[1]. It’s really cool, but I think still too pricey.

[1] https://www.indiegogo.com/projects/turris-mox-modular-open-s...

[fulafel]

RPi systems die too frequently unless you get the right kind of sd cards and power adapters.

[sp332]

Last I checked pfsense wasn't running on ARM. And there were worries that it wouldn't even be able to keep up unless you were very careful with your filters, although that might be less of a problem with the more recent hardware.

[deno]

I suppose at gigabit the pi might have some issues. Unfortunately, I don’t have this problem. I doubt Goldmont would break any sweat though. If you don’t want to jump all the way to Intel there’s always this: http://espressobin.net/

[_emacsomancer_]

the SG-1000 that pfsense sells is listed as ARM: https://www.netgate.com/solutions/pfsense/sg-1000.html

[2-4-Flinching]

Not much. Have not noticed a real increase in my electric bill. However, it is a mini desktop and designed to be low power. Probably far less then my Plex Server easily.

There are options for much lower power hardware. I may do an experiment to see. Be kinda interesting but also hard to duplicate traffic effect and CPU loads.

However the reliable updates, advanced firewall, physical multi LAN, and durable VPN can't be understated for my use.

[edwhitesell]

Shouldn't be too much. You can buy one [SG-1000] linked from pfsense that is only 2.5W (idle) draw.