OPNsense Hardware Recommendations (2023)

post-thumb

Photo by ipuwadol from iStock

Table of Contents

Occasionally I have been asked for hardware recommendations for OPNsense and the question appears on Reddit frequently. So I thought it may be helpful to categorize OPNsense features based on hardware utilization along with a list of products in various price ranges that should perform well for many home users. There are a number of devices that will run OPNsense, which is the great because you have many choices available to you. Depending on your needs and your budget, you should be able to narrow down your selection to a few good choices.

For my recommendation list, I do not have the means to test every item in my list since that would require purchasing all of the hardware or getting review units from companies to test the hardware so I cannot fully endorse all of the options below. However, I hope it will illustrate the many hardware options you have for OPNsense and provide you with a good starting point in your research. I suggest you further research the products below or others not listed before making your final selection to ensure it meets your needs.

How to Choose the Appropriate Firewall Hardware?

How to Select Firewall

If you are new to running a more advanced routing/firewall such as OPNsense, you may not know which is the best device to purchase for your home network. There are a number of considerations you must take into account in order to be satisfied with your hardware selection. To help guide you with your decision keep in mind the following bullet points below when determining your hardware requirements.

Services which Require Minimal Hardware Resources:

  • Routing (<= 10 Gbps)
  • Firewall
  • Basic network services (DHCP, DNS, Dynamic DNS, mDNS Repeater, NTP)
  • Monit
  • SSH
  • CrowdSec

Services which Require a Significant Amount of Memory:

  • Zenarmor (if running Elasticsearch on the OPNsense box)
  • Intrusion Detection (Suricata)

Services which Require a Significant Amount of CPU:

  • Zenarmor (on interfaces faster than 2.5 Gbps)
  • Intrusion Detection (Suricata)
  • VPN services (especially if hardware does not support AES-NI)

General Recommendations

  • If you only want to run the basic router/firewall services, nearly all lower end hardware will be sufficient especially if you only plan to have a 1 Gbps network. You can use a basic dual/quad core system with a low amount of RAM (1-4 GB).

  • However, if you plan to run more resource intensive services, you will need a faster CPU and likely a minimum of 8 GB of RAM (you can run both Zenarmor with Elasticsearch and Suricata with 8 GB of RAM). If you like to tinker, you may want to purchase hardware which has more resources than you currently need so you can have it available later when you are ready for it.

  • If you plan to have a 10 Gbps internal network, routing performance of 10G interfaces should not be an issue on mini-PC appliances, but you will need more performance as you enable additional services such as IDS/IPS/VPNs.

  • If you plan to set up a VPN server to access your home network or use OPNsense as a client to an external VPN provider and you have a large amount of bandwidth, you will want a CPU which supports AES-NI encryption to reduce the load on the CPU. Otherwise, the CPU bottleneck will slow down your network throughput. Throughput using the WireGuard VPN tends to be much better than OpenVPN.

You will need to decide if you wish to purchase new hardware, used hardware, or repurpose existing hardware you already own. Additional considerations are whether to virtualize OPNsense or to run it on bare metal.

In an effort to minimize updates to this page, I am going to generalize the prices by grouping products by approximate cost ranges. Some products may increase or decrease in price over time. The price ranges should help you understand the gain in performance and features as the prices range increases. I will focus primarily on new products, but I will discuss some used hardware options as well.

Since the availability of used products vary greatly depending what is currently available by sellers, it would be more difficult to keep such a list up to date. Prices may flucuate greatly in a used market as well. You may be able to find a rare deal if you are willing to actively search and wait for it.

New Hardware Options

There are many types of new hardware options available. New hardware is not always the most affordable solution, but purchasing new hardware is both convenient (especially if the system is prebuilt) and has the potential to last longer than older hardware. The size and types of hardware you wish to use may vary greatly depending on your needs, preferences, and budget.

Mini-PC Firewall Appliance Hardware

Desktop Hardware

Mini-PC firewall appliance hardware is a good choice for new users to OPNsense since it offers an affordable, quiet, and energy efficient solution in a small form factor (similar to consumer grade routers). Mini-PC appliances include multiple Ethernet ports (typically 2, 4, or 6 ports). Some of them are starting to include 10 Gbps SFP+ interfaces, which is great.

< $200 USD

Zimaboard ZimaBoard 432 (4 GB) (affiliate link) : When I first wrote this guide, I did not have anything under the $200 USD price range that would support OPNsense very well. Now that the ZimaBoard has been released, this may be one of the few low budget options (besides perhaps older used hardware) where the system would offer satisfactory performance for OPNsense. The Intel CPU is a bit older and less performant than some of the newer generation CPUs used in firewall appliances, but it should be up to the task especially for 1 GbE network interfaces because it has about the same CPU score as my old Qotom box. This model has two 1 GbE interfaces so if you want the bare minimum router on a stick network, this may be sufficient. I recommend purchasing the 8 GB version if you wish to use IDS/IPS (it will put you over $200), but if you do not plan to run those things, you could purchase the cheaper 4 GB model. One interesting aspect of the ZimaBoard is that you could connect any PCIe x4 card into the PCIe slot on the side of the ZimaBoard in order to add a 2.5/10 GbE or 10 Gbps SFP+ NIC for faster network connections (but the PCIe card will not be inside an enclosure and would not be as aesthetically pleasing).

$200-$300 USD

PCEngines PCEngines apu4d4 (4 GB): Some users like to use PCEngines hardware for their router/firewall. Some of the components are under $200 USD, but by the time you purchase a case and other parts, you will likely spend over $200 USD. This option is a little more of a DIY system, but the necessary parts to put the system together into an enclosure can be purchased at the same time. The performance of the PCEngines hardware may be fine for most basic routing/firewall purposes for home usage, but if you plan to run other services in OPNsense such as intrusion detection with Suricata, Zenarmor, or a VPN, you will be more satisified purchasing a mini-PC such as the Qotom box listed above. You will have much more performance and will be able to support 8-16 GB of RAM depending on the system you purchase. I would recommend a minimum of 8 GB of RAM if you are running those heavier weight services. I really like the idea of PCEngines to build my own router/firewall at an affordable price in a nice energy efficient package, but the hardware is not quite capable enough to run the heavy weight services.

VNOPN VNOPN Micro Firewall Appliance 2.5 GbE (8 GB) (affiliate link) : The VNOPN brand has some cheaper models which have 2.5 GbE interfaces which may be worth looking into if you are looking for entry level performance with 2.5 GbE networking. The CPU is an older generation Intel N3700, but performance should be decent especially if not using any IDS/IPS. Routing data does not require as large of an amount of processing when IDS/IPS is not used. I have not personally tested the performance with IDS/IPS enabled on the N3700 as I have with the N5100/N5105 CPUs. Worse case scenario is that you see some Internet bandwidth being reduced when using IDS/IPS if you are trying to utilize most of the 2.5 GbE bandwidth. If I have the opportunity to test more hardware appliances, I will update this page with my findings.

Protectli FW2B Protectli Vault FW2B (8 GB) (affiliate link) : If you are interested in getting a Protectli, the Vault FW2B is one of the lowest priced boxes that is not a barebone system. You could save some money if you happen to have some extra RAM and disks laying around. However, these firewall appliances often use laptop SO-DIMM memory so you may not have any laying around unless you scavange it from an unused laptop. When you can get a good deal on the RAM and have an extra SSD laying around, getting the barebones system could save a little bit of money.

Qotom Q750G5-S08 Qotom Q750G5-S08 2.5 GbE (8 GB) (affiliate link) : This Qotom box offers five 2.5 GbE network interfaces and includes 8 GB of RAM as well as a 128 GB SSD for less than $200 USD (at the time of this update), which is a great price. With shipping, the price breaches $200 which is why I placed this device in the $200-300 range. The CPU is an Intel J4125 which is the same as the Protectli VP2410 that I have personally reviewed. While the J4125 CPU handles 1 GbE speeds well even with some IDS/IPS such as Zenarmor, the CPU may be lacking for 2.5 GbE interfaces if you wish to run those CPU intensive services. If you do not plan to run those services, this box should make a great entry level system for use with OPNsense.

Topton X4C-XL Topton X4C-XL N100 2.5 GbE (8GB) (affiliate link) : The Intel Alder Lake CPUs are making a debut in the mini-PC appliances. They offer a great leap in CPU performance as well as DDR5 RAM which further improves performance. If you are looking for next generation performance hardware for your mini-PC that is also power efficient, you should seriously consider the Alder Lake CPUs. They can be reasonably priced compared to the previous generations.

Gowin R86S-U1 Gowin R86S-U1 2.5 GbE/10 Gbps SFP+ (8GB) (affiliate link) : The most budget friendly Gowin R86S-U model is the R86S-U1. It is hard to believe that the price of this model is currently below $300 USD with free shipping at the time of this update. That makes this sytem the cheapest system which has both 2.5 GbE and 10 Gbps SFP+ interfaces! The lower end U-series models uses the weaker Intel N5105 CPU, but if you are not going to do much IDS/IPS on this box, this is a very compelling budget friendly option for higher speed network interfaces. I must note that you cannot upgrade the RAM in this system since it is soldered onto the motherboard. It is a design tradeoff for such a small form factor. If you need more RAM, you need to purchase a higher end model such as the R86S-U2 (affiliate link) , R86S-U3 (affiliate link) or the R86S-U4 (affiliate link) . I reviewed the Gowin R86S-U4 if you are curious how the higher end model performs.

Gowin R86S-T1 Gowin R86S-T1 2.5 GbE (8GB) (affiliate link) : If you do not need or want the 10 Gbps SFP+ interfaces of the Gowin R86S-U series models, you may want to opt for the R86S-T series. This series is an upgrade to the previous P-series models. It uses the same Intel N5105 CPU as the R86S-U1. The price difference at the time of this writing between the two models is $21 USD so the R86S-U1 is a much better deal if you would like to have faster network interfaces.

$300-400 USD

Moginsok MOGINSOK 2.5 GbE Firewall Appliance (8 GB) (affiliate link) : There are some 2.5 GbE options emerging for the mini-PC firewall appliances at a budget friendly price (comparable to some of the 1 Gigabit options). If you are looking for increased bandwidth between some of your devices on your network, this may be an option. Keep in mind that you will need to pair this firewall with a network switch capable of 2.5 GbE and devices which have a 2.5 GbE interface to take full advantage of the increased speeds. Other considerations such as needing to use SSD/NVMe drives or traditional HDDs that use mirroring/RAID/ZFS, etc. are also important to for maximizing bandwidth for large data transfers. The great thing about the 2.5 GbE and 5 GbE standards is that you should be able to use existing Cat 5e cabling so you do not need to replace your Ethernet cables with higher quality cables (unless of course you are encountering issues).

HUNSN RS34g HUNSN RS34g 2.5 GbE (8 GB) (affiliate link) : Another 2.5 GbE option that you may want to consider. This box actually has Amazon reviews which is helpful because there are users which stated the box works for pfSense and OPNsense. The reason that is important is that 2.5 GbE is a relatively new addition to FreeBSD support so the latest versions of OPNsense should work (I have not personally verified that to be true). The $300-400 USD range is pretty reasonable because I paid around $350 USD for my mini-PC firewall appliance which only supports 1 GbE in 2017 before there were electronics shortages and inflated prices. If I were to buy a mini-PC firewall appliance today, I would certainly consider getting a box like this to take full advantage of greater than 1 Gigabit download speeds provided by my ISP.

Fitlet3 Fitlet3: The Fitlet is a build to order device where you can customize the components that meet your needs. This may be a good option for you if you want a feature that may not be standard with other mini-PC/firewall appliances such as a fiber SFP+ port (although it only supports 1 GbE but that may be fine for many home users who do not need/want 10 Gbps interfaces). You can also get WiFi/cellular modules installed as well. If you start adding those sorts of modules, the price will be outside the $300-$400 price bracket. Note: I received feedback that due to supply shortages (at the time of this update), it is possible you would receive a unit with uses a Marvell chipset instead of Intel which may cause driver compatibility issues when using OPNsense. Please keep that in mind when purchasing the Fitlet3.

Protectli FW4B Protectli Vault FW4B (8 GB) (affiliate link) : The Protectli FW4B is an older Protectli model and the price has slowly continued to drop as newer models are released. If you are looking for a solid OPNsense box with four 1 GbE interfaces and have coreboot support, this will be a good choice. However, the price difference between the FW4B and the FW4C is so close ($20 USD difference at the time of this update) that you will likely want to get the FW4C since it has 2.5 GbE interfaces and a faster CPU.

Protectli FW4C Protectli Vault FW4C 2.5 GbE (8 GB) (affiliate link) : The Protectli Vault FW4C is Protectli’s update to the FW4B model which offers 2.5 GbE interfaces as well as a faster CPU. The price of this model recently dropped below $400 USD (at the time of this update). Even if you do not currently have 2.5 GbE devices, you would be adding some future proofing to your network. 2.5 GbE network cards and switches are becoming cheaper as they become more widespread so the upgrade to 2.5 GbE may be a worthwhile investment to get an extra boost to transferring data between devices on your network.

Topton X4C-XL Topton X4C-XL i3-N305 2.5 GbE (8GB) (affiliate link) : If you want a greater boost in performance for the Topton X4C-XL that I mentioned in the $200-$300 USD price range, you could get the version which includes the Intel i3-N305 CPU. It may use a bit more power than the other CPU options but you gain even more performance due to the fact that it has 8 CPU cores instead of 4. A word of caution is that you may not necessarily notice a huge boost in performance in OPNsense due to the fact that not all processes are multi-threaded and some of the processes are pinned to use only 1-2 CPU cores. Since the single thread performance is slightly higher, there might still be some tangible increase in performance. Perhaps this system would be better utilized if you planned to virtualize OPNsense or use it as a light weight server. If you virtualize, you may want to get 32 GB of RAM to ensure you have enough resources depending on what you plan to run on it.

Gowin R86S-U2 Gowin R86S-U2 2.5 GbE/10 Gbps SFP+ (16GB) (affiliate link) : The Gowin R86S-U2 is a cheaper alternative to the R86S-U3 (affiliate link) and the R86S-U4 (affiliate link) models. If you want a moderately priced box with 10 Gbps interfaces, this may be a good choice, but it does come with a weaker Intel N5105 CPU compared to the higher end models which use the Intel N6005 CPU. If you are not planning to do a lot of CPU intenstive tasks such as IDS/IPS/VPNs, this system should handle most tasks well. Please note that the RAM is soldered so you cannot add more RAM later. This was a design compromise since the form factor is so small.

$400-500 USD

Protectli VP2410 Protectli VP2410 (8 GB) (affiliate link) (or Protectli’s website): The Protectli VP-series models are the Vault Pro models which offer more performance as well as additional coreboot features. If you are seeking a device which has the security and other benefits of coreboot, you may want to consider this model even though it is pricier than some of the other 1 GbE models. You could even use this box for non-router/firewall purposes since you can buy them with a TPM and there is an option for secondary storage, etc. This model is the first firewall that I have been able to do a comprehensive hands on review so be sure to check it out if you would like more information. I used this system as my personal OPNsense router/firewall for several months, and it worked great! I even based a full network build guide around the VP2410 if you are interested in learning more about how to create a network using a box such as the VP2410.

Protectli VP2420 Protectli VP2420 2.5 GbE (8 GB) (affiliate link) : The VP2420 is the successor to the VP2410. It has upgraded network interfaces (2.5 GbE instead of 1 GbE), faster CPU (J6412 instead of J4125), and up to 32 GB of RAM (instead of 16 GB). If you are interested in higher performing box with 2.5 GbE from Protectli, the VP2420 will serve you better than the Protectli FW4C due to superior hardware in the VP2420. This is especially true if you wish to run IDS/IPS. In my review of the VP2420, I found that Zenarmor would run at full 2.5 Gbps (after 30 seconds when speeds ramped up). One user mentioned purchasing the VP2420 even for a 1 GbE network instead of the VP2410 in order to have the extra performance. If you are looking for a lightweight, energy efficient mini-PC to use as a server, the fact that the VP2420 allows for up to 32 GB of RAM instead of 16 GB may be very helpful. 32 GB is often seen as the bare minimum recommended to run a virtualization server such as Proxmox. Of course, if you are not running VMs or containers that consume a lot of RAM, you could still do a lot with less than 32 GB. I plan to use the VP2420 to power my own network for the foreseeable future – even if I introduce higher speed interfaces to my network (I would dedicate those interfaces to its own storage/server network so I do not need routing beyond 2.5G).

Gowin R86S-U4 Gowin R86S-U4 2.5 GbE/10 Gbps SFP+ (32GB) (affiliate link) : I had the opportunity to review the Gowin R86S-U4. The R86S-U4 includes 10G SFP+ interfaces in addition to 2.5 GbE interfaces. I think the combination of 2.5 and 10 Gbps interfaces are the perfect combo for higher performance home networks. You can save a bit of money by choosing the R86S-U3 model (affiliate link) which has 16 GB of RAM but keep in mind that the RAM is soldered so you cannot upgrade it later. If you want to save even more money, you could get the R86S-U1 (affiliate link) or R86S-U2 (affiliate link) models without the WiFi module, but they are equipped with the slower Intel N5105 CPU. Keep in mind that the WiFi in these models cannot be used as an access point for OPNsense. It can only be used to connect as a client to existing WiFi networks. If you read or watch my review, you will have a good idea of how far you could push the device with or without IDS/IPS and other services such as Netflow. I did not test the VPN performance at the time of this update, but I may try to do that at some point when I have a chance.

Topton i5-10210U Topton i5-10210U 2.5 GbE/10 Gbps SFP+ (16GB) (affiliate link) : When looking up the Gowin R86S on AliExpress, I came across a Topton model which is similar to the R86S-U model. This model has some interesting features and options which are not available on the R86S-U. The cost is a bit higher than the R86S-U, but you gain other features which you may find valuable. For instance, there are four 2.5 GbE interfaces instead of three and a separate RJ45 console interface. There is also a version of this Topton which has eight 2.5 GbE interfaces if you do not want 10 Gbps SFP+ interfaces. Also the description says it has 6 SATA interfaces so I am not sure how those can be utilized inside such a small form factor. The size of the box appears to be larger than the R86S (I cannot find the exact measurements), but unless it is much larger, I do not see how you can fit six 2.5" SSDs inside the box. I noticed that this unit only supports PCIe 3.0 x1 for NVMe storage so the performance for NVMe will be much less than the R86S, which uses 4 PCIe lanes instead of 1. The performance should still be better than a SSD but not nearly as performant as it could be. Likely it was designed that way in order to free up more lanes for all the SATA/network interfaces on this box. The CPU options available for this Topton are also found on higher end mini-PC models which are generally $500+ such as the 6 port Protectli models. The price of this is slightly below $500 USD with free shipping at the time of this update.

$500+ USD

Protectli Vault 6 Protectli Vault 6 (affiliate link) : The Protectli Vault 6 comes in a number of CPU configurations unlike the models which have fewer ports. If you need a more powerful mini-PC with more interfaces, this model would be a good choice if you are looking to minimize expense in this price bracket. If you are willing to spend a bit more, you may be more satisfied with the Vault Pro models since they use newer generation CPUs, 2.5 GbE interfaces, NVMe storage, and the option to add a second disk for more storage.

OPNsense DEC695 OPNsense Desktop Security Appliance DEC695 (8 GB): This box is one of the most affordable firewall boxes OPNsense produces except for the 4 GB version, but as I have mentioned before, you will not be able to run as many heavy weight services in OPNsense. With that said, their hardware looks very nice and built with quality in mind. I love the dark gray and orange color scheme and the design of the chassis. I have seen some users choose to spend extra in order to support OPNsense to show appreciation for the free firewall software.

Protectli VP 4630 Protectli VP4630 (8 GB) (affiliate link) : This Protectli model has six 2.5 GbE interfaces and a faster Intel CPU than the other Protectli boxes. There are a number of different CPU configurations to choose from. You have the option of upgrading RAM up to 64 GB so this system would be great if you wish to run a hypervisor to virtualize OPNsense and other apps/services on your network. I personally like having a dedicated router/firewall box, but for those into virtualization and wish to have a compact, power efficient option, you may wish to invest in Protectli’s top tier boxes.

OPNsense DEC750 OPNsense Desktop Security Appliance DEC750 (8 GB): If you wish to have 10 Gbps interfaces, this model from OPNsense is the cheapest model which supports 10 Gbps. The prices approaches $900 USD for the 8 GB model. When approaching this price range, you may able to purchase used rackmount servers or possibly build your server to use for OPNsense.

Rackmount Hardware

Rackmount Server

If you have a rack, you may want rack mounted hardware so there are less devices sitting on a shelf on your rack. I know I personally would love to rack “all the things”. I have a shelf in the middle of my rack for all my random boxes that are not rackmount. Rackmount hardware starts at a higher cost than the desktop hardware since the hardware (especially as price increases) offers greater performance and is considered more enterprise level (at least for a smaller-sized business). Medium to large businesses would like want better, more specialized equipment than anything on this list. For home networks, small to medium business grade equipment is more than enough for most users (unless you are wanting to learn how to use the more expensive enterprise gear at home).

$300-400 USD

Qotom Q530G6 Qotom Q530G6 1U Router (8 GB) (affiliate link) : Qotom offers 1U rackmount versions of their firewall appliances, which is very nice for those who want everything rack mounted. This model has 6 interfaces that are 1 Gbps. There are other options to include more or less RAM, SSD, and WiFi depending on your needs. It appears that these rackmount models use similar hardware to the smaller non-rackmount appliances so you should expect similar performance at a reasonably low cost. The shipping costs for Qotom devices is generally high, but the overall cost is often less than alternatives.

$400-600 USD

HUNSN 1U HUNSN 1U Firewall Appliance (8 GB) (affiliate link) : This style of rackmount is likely one of the cheapeast you will find new on Amazon besides the Qotom 1U options. They appear to be more cheaply made than the Qotom 1U units, but the specs are good enough to run OPNsense just fine for a home network. The Intel J4125 is similar to the Protectli VP2410 so I have personally verified it runs IDS/IPS well enough for 1 Gbps interfaces (Zenarmor reduces throughput much less than Suricata).

HUNSN 1U RS14 HUNSN 1U RS14 Firewall Appliance (8 GB) (affiliate link) : This is yet another cheap 1U server but this one has 8 LAN interfaces and a better CPU than the other HUNSN rackmount I have listed. If you need a lot of interfaces in a rackmount form factor and you are on a budget, you may want a device such as this. It is possible that this device will last many years in a home environment. I used my Qotom box, for example, for 5 years with no issues.

$600-800 USD

Supermicro A1SRi-2558F Supermicro A1SRi-2558F Intel Atom C2558 (8 GB, No HDD) (affiliate link) : This Supermicro only has 4 interfaces that are 1 Gbps and the processor may be a bit weak for any CPU intensive tasks. A storage device needs to be added to this 1U server for it to be complete.

$800-1,000 USD

OPNsense DEC2685 OPNsense Desktop Security Appliance DEC2685: The DEC2685 is the most affordable rackmount server that is produced by OPNsense. It should offer plenty of performance for home usage but there are no 10 Gbps interfaces at this price point. As with the desktop version, the aesthetics are quite nice. I would love to have a OPNsense branded rackmount device, but the 10 Gbps rackmount is beyond the price I would like to pay to get for 10 Gbps for home usage.

$1,000+ USD

On the high end of $1,000+ USD, you will find more 10 Gbps options as it is almost standard to have at least 1-2 10 Gbps interfaces. If you wish to have 10 Gbps, purchasing new is likely the most expensive option. You could probably build or buy a used system which has 10 Gbps for much cheaper than new hardware. I have included these higher end options for those who want to purchase new hardware and have larger budgets.

OPNsense DEC2750 OPNsense Desktop Security Appliance DEC2750: The most affordable 10 Gbps rackmount option from OPNsense is the DEC2750. If you want 10 Gbps and want to support OPNsense, this is the option for you unless you have a “money is no object” type of budget.

Supermicro D-1521 Supermicro Xeon D-1521 1U (8 GB) (affiliate link) : This is another 10 Gbps option from Supermicro. It is about the same price point as the OPNsense appliance but with fewer network interfaces.

Build Your Own Router/Firewall

Build Your Own

In addition to all of the prebuilt systems mentioned above, you also have the option to build your own router with new hardware. You can build either a desktop or rackmount system depending on the chassis and parts you buy. One nice thing about this option is that you can customize the hardware to your needs. You could install a 2.5 Gbps card (affiliate link) if you have faster than 1 Gbps Internet and a 10 Gbps or higher card for your internal networks.

You may be able to build a more powerful system for cheaper than some of the prebuilt systems except perhaps some of the more budget friendly options. Even if this option may be more expensive than prebuilt solutions or used solutions, the extra cost could be justified if it allows you to build a system that meets your exact needs using quality components. The nice thing is that you can always repurpose the custom built system if the need arises since OPNsense can run on general purpose hardware (unlike other solutions which require specialized hardware).

Depending on the parts selected for a custom build, it may not be the most energy efficient system especially if you are using desktop/server hardware. There are some lower cost, energy efficent hardware available for purchase. Energy efficient hardware is typically not as performant, but for a home router/firewall, it should be powerful enough for most home users. Energy use is an important consideration for a device which runs 24/7.

Used Hardware Options

Used Hardware

When on a budget, purchasing used and/or reusing existing hardware may be the best option. Depending on the hardware, it may not be the most power efficient or the quietest option, but it will certainly get the job done.

One risk with used hardware is longevity. Enterprise-grade hardware may last longer than consumer-grade hardware but there are pros and cons to use either type of hardware especially when it is used. However, if you may be able to save enough money that it is worth the investment even if you have to buy replacement parts later.

Repurpose Existing Hardware

Repurposing existing hardware such as an old PC or laptop is likely the most affordable option of all options since you already own all or most of the hardware in hand.

  • The main thing you will likely need to purchase is additional network card or adapter such as an Intel 4 port Gigabit Ethernet card (affiliate link) since you will want more than one Ethernet interface on your system.

  • For additional bandwidth if you plan to utilize 10 Gbps or higher, you can purchase various network cards (affiliate link) . Many of them may be pulled from used servers which makes them more affordable than purchasing the hardware new. I have noticed that SFP+ network cards can often be cheaper than 10 Gbps Ethernet cards so if you have all your equipment near each other especially in the same rack, you could purchase SFP+ cards to connect to your servers and switches. You can either purchase short fiber optic cables (affiliate link) or direct attached copper cables (affiliate link) . For longer runs in your house when you do not have fiber optic cable installed, you can use 10 Gbps Ethernet cards for those devices.

  • The advantages of using an old laptop are that it is quiet, power efficient, and has a built-in backup battery. The disadvantage is that options are more limited for adding additional network interfaces. A USB Ethernet adapter (affiliate link) , for example, is not recommended due to how USB interfaces are designed. The connection may not be as stable as a traditional network interface card.

TinyMiniMicro Hardware

Serve the Home coined the term “TinyMiniMicro” to refer to used small form factor PCs that can be reused for homelab/home network purposes. They provide a budget friendly option for systems which are pretty powerful for their size and price. The PCs are often used by businesses as thin clients or low end PCs to do basic office tasks.

There appears to be an abundant supply of used TinyMiniMicro PCs so this is a great way to recycle/upcycle used hardware to give them new life and a new purpose.

Some of the TinyMiniMicro PCs can be upgraded to include higher speed network interfaces. This is a great option to help build a faster, budget friendly home network. Since they are often relatively power efficent, the cost to use them as your primary router/firewall is minimal.

Old Enterprise Hardware

Many homelabbers love to get used enterprise gear because you an get an older generation server that is still pretty fast for a fraction of the original price.

  • Most standard 1U servers can be used as firewall appliances if they have multiple network interfaces. However, they may have a deeper footprint in your rack, be more power hungry, and can be much noiser than alternatives. A general purpose 1U server could possibly provide much greater performance than a lower power alternative, but at the expense of the cost of electricity, noise, etc. There are some more power efficient and quieter exterprise hardware available as described next.

  • The 1U servers which work best as a firewall appliance are typically half depth, lower power, and lower noise servers, which is perfect for most home lab usage. If you have a sealed off room or power and noise levels do not bother you, a standard 1U rackmount server may be a fine option since they are more powerful and possibly cheaper than the smaller 1U servers that are more tailored to function as network/firewall appliances. Supermicro has a few options in this category.

  • There are many websites which sell used enterprise hardware such as Ebay and Server Monkey.

Virtualizing OPNsense

Some users choose to run OPNsense on a virtualization server such as ESXi, Proxmox, or other servers. Virtualization makes it convenient to run new services and apps on your network. Backups and restores of OPNsenes are simple if something goes wrong. However, virtualization can add an extra layer of complexity and may require additional troubleshooting. If you have experience with hypervisors, you will likely be able to run OPNsense without issue.

The hardware requirements for virtualization will be about the same as running on bare metal unless you are planning to run other apps/services on your hypervisor. In that case, you need to have enough hardware resources available for everything you are running on your server.

Conclusion

I hope this information provides you with a good starting point of hardware that is available for purchase at various price ranges based on the types of services you plan to run on your OPNsense installation. Since it is impossible to create a list containing all possible hardware options for OPNsense, I tried to provide a few from each price range and category. I am certain I have not covered other good options as well. If you have some interesting options that I have not covered, please list them in the comments below, and I may add them to this list above since it may help others find hardware that meets their home networking needs.

comments powered by Disqus