What hardware to buy for pfSense router in 2019

This article has been last updated on June 29, 2019

As you guys know we sell quite a lot of open source hardware. Most of our customers are fans of pfSense, the most popular open source operating system for routers. The question we often get is "What hardware should I get for pfSense?". 

It's already 2019, so any hardware you get must be ready to support the next release of pfSense. The upcoming version 2.5 of pfSense has one key requirement that previous versions didn't. The CPU must support AES-NI, the native, hardware encryption instructions. Software encryption will no longer be supported, so you must make sure your CPU has AES-NI.

Update: pfSense has announced that version 2.5 will support hardware without AES-NI. It is still strongly recommended that your processor supports it, but it's not a strict requirement. For details, see the message from the pfSense team.

pfSense 2.5 hardware requirements

Not everyone is the same, but there are some common requirements that any hardware must fulfill. 

  • CPU should support AES-NI
  • CPU must be powerful enough to route your internet traffic
  • CPU should be 64bit Intel or AMD
  • RAM - you must have enough for the packages you want to run. 
  • NICs - LAN ports should be coming from Intel. pfSense still doesn't perform great with Realtec Network Interfaces.
  • WiFi - pfSense supports a very limited number of WiFi adapters. If you plan on using WiFi, make sure you get the right adapter. 

What is AES-NI?

AES-NI (AES New Instructions) is a new encryption instruction set, baked right into CPU that dramatically speeds up cryptography tasks such as encryption/decryption for VPN or SSL. AES-NI was initially developed by Intel, but most modern AMD CPUs also support it now. 

There are a lot of routers sold online that claim to be pfSense compatible and don't support AES-NI. This is theoretically true because pfSense 2.4 does not strictly require it. Once pfSense 2.5 will be released, their routers will be stuck with the old version of pfSense.

All hardware sold by TekLager has AES-NI support and Intel NICs.

pfSense 2.5 release date

pfSense 2.5 development version is already released and can be used, but it's not considered stable. When we tested it in May, it was still causing some problems during installation, so we recommend to wait with the upgrade until the stable version is released

It's not yet known when the stable release will be made, but it's likely that we will see it during summer 2019. 

 

pfSense firewall appliance recommendations

 

Cheap pfSense box - APU2D0

APU is a well known, reliable hardware manufactured by a Swiss company PC Engines. APU2, APU3 and APU4 routers are the most popular hardware firewalls we sell at TekLager. There are few versions of APU, starting at entry level APU2D0, to the latest version of APU4C4.

This is the cheapest pfSense router we sell, but don't be deceived, it's a very capable firewall for home or small office.

Tip: in most applications, this box will perform just as well as the more expensive versions.

APU2D0 router

  • CPU: 4 core, 1Ghz AMD GX-412TC (with AES-NI) 
  • RAM: 2GB DDR3-1333 DRAM
  • NIC: 2x Gigabit Intel i211AT
  • Storage: 16GB mSata SSD
  • Routing throughput: 750Mbit/1Gbit on pfSense. 1Gbit/1Gbit on OpenWRT/IPFire/Linux.
  • VPN: 100Mbit over OpenVPN, 650Mbit over WireGuard. 
  • Cooling: Passive, fanless cooling.
  • Power consumption: 6-10W - very low power consumption

See the full specification here: APU2D0 router 

This hardware is definitely good enough for home usage. It's passively cooled, so it's completely silent. 

Our favorite thing about APU routers is that they are 100% silent, cheap, powerful enough and super reliable. 

PC_ENGINES_APU2D0_ROUTER

APU2D0: 2x Gigabit LAN, Quad Core CPU, 16GB SSD, 2GB RAM

TekLager APU2D0 Router/Firewall. 2x Gigabit LAN, Quad Core CPU, 16GB SSD, 2GB RAM. Compatible with pfSense, IPFire, OPNSense and many others.
1,752 SEK 2099-01-01 1,752 SEK
2190.00 SEK incl. vat

( about $180 USD)

 

APU2.D4 pfSense router (most popular)

For those who would like to have a bit more memory, or LAN ports we recommend APU2D4, which is one step up from APU2C0. It has 4GB of ECC RAM, and has 3x Gigabit LAN ports. 

  • CPU: 4 core, 1Ghz AMD GX-412TC (with AES-NI)
  • RAM: 4GB ECC DDR3-1333 DRAM
  • NIC: 3x Intel i210AT
  • Storage: 16GB mSata SSD
  • Routing throughput: 750Mbit/1Gbit on pfSense. 1Gbit/1Gbit on OpenWRT/IPFire/Linux.
  • VPN: 100Mbit over OpenVPN, 650Mbit over WireGuard. 
  • Cooling: Passive, fanless cooling. 0 noise
  • Power consumption: 6-12W - very low power consumption

See the full specification here: APU2D4

This configuration is very popular. 4 GB of RAM ensures that this hardware will last you for a long time.

PC_ENGINES_APU2D4_ROUTER

APU2D4: 3x Gigabit LAN, Quad Core CPU, 16GB SSD, 4GB RAM

TekLager PC Engines APU2D4 is a state of the art router / firewall for office or home. Ships pre-configured, optimized and ready to use. Compatible with pfSense, IPFire, OPNSense and others.
2,102 SEK 2099-01-01 2,102 SEK
2627.50 SEK incl. vat

( about $219 USD)

TLSense - the high end performance

TLSense i5 is a powerful box. It's great if you plan to use a IDS/IPS packages such as Suricata or Snort for Intrustion detection and prevention. It's also a very good choice for a VPN gateway. This hardware is most often purchased by customers who have a Gigabit internet connection and want to utilize high-throughput OpenVPN connection. 

It has a powerful Intel i5 CPU, 8GB or RAM, and 60GB SSD. It comes with 4 Gigabit Intel LAN ports and a HDMI port.

  • CPU: Intel Core i5 4200U Dual Core, 4 threads, 3M Cache, Up To 2.6GHz
  • RAM: 8GB (1333/1600MHz)
  • NIC: 4x Gigabit Intel i211AT
  • Storage: 60GB mSata SSD
  • Routing throughput: 1 Gigabit on pfSense, and other operating systems
  • VPN: ~500Mbit over OpenVPN, 1Gbit over WireGuard. 
  • Cooling: Passive, fanless cooling. 0 noise
TLSENSE_I5

TLSense i5: 4x Gigabit LAN, Intel i5 CPU, 60GB SSD, 8GB RAM

TekLager TLSense Intel i5 - pfSense Router. 1 Gigabit throughput speed. 475 Mbits/sec encrypted OpenVPN throughput. Compatible with pfSense, OPNSense and IPFire.
4,230 SEK 2099-01-01 4,230 SEK
5287.50 SEK incl. vat

( about $449 USD)

If you are looking for a pfSense WiFi router read this article we wrote about pfSense wireless support

 

To wrap things up: be prepared for the new AES-NI requirements, and make sure your CPU supports it :-)

Cheers! 

 

TekLager sells hardware for building open-source appliances in Sweden, Denmark, Finland, Norway, US and Canada.