Running OPNsense on an old PC is possible but consider performance and compatibility.
Running OPNsense on an old PC is possible but consider performance and compatibility.
You're looking at an older PC paired with a weak router. The idea is to boost your internet performance. Your system has an i5-9600K processor, an ASRock Z390M Pro4 motherboard, and plenty of extra DDR4 RAM and SSDs. You might still need a router for basic access, but you're considering upgrading for better WiFi coverage. The big concern is whether this setup can handle pfSense without needing a dedicated networking card. You're thinking about getting an Intel networking card for more Ethernet ports in the future, but right now you just want a stable connection that doesn't leak signals. It's all about compatibility and performance balance.
These firewalls typically use Celeron processors, which are sufficient for your needs.
This setup is way too heavy on resources for pfSense, but it should function properly. It consumes roughly six times more energy when idle compared to a router designed for continuous operation. Usually, laptops handle the workload efficiently, while desktop chipsets can match or exceed that power use.
Consider selling it and purchasing something more practical/opt for an older setup. That particular CPU is really worth keeping if someone actually needs it, rather than leaving it idle or running PFSense, which requires an i3 from the 3000 series—way too much power. Honestly, PFSense appliances from Netgate (like the SG-1100) work with low-end ARM processors and just a few gigabytes of RAM. You’d be better off swapping it for that SG-1100 and selling the old 9600, or using it for a more complex server setup instead of turning it into a router. Also, PFSense isn’t designed as a switch. Don’t attach a NIC to it to add extra ports like a switch would—just use a single WAN and LAN, then get switches for redundancy if you have multiple ISPs. You can configure interfaces in PFSense, but that’s not the main purpose. For a simple home network with one subnet, avoid using PFSense as a switch; just install physical switches to handle switching tasks.
In this case, if devices never communicate directly, an internet connection works just fine. A software bridge is suitable. Some older routers even used this method to skip buying a switch chip. It’s a practical option for saving power and is required in certain situations—like needing both tagged and untagged VLANs on a single port (rare except for IPv6 or IoT setups). Setting it up as the primary LAN bridge can be tricky because changes must be applied in the correct sequence to keep web access functional.
The logic behind this depends on your specific goals, but it often involves custom routing or segmentation that standard VLANs can't handle. You're asking why regular VLANs aren't enough and what you truly need to achieve.
I believe there might have been a mix-up in tagging and untagging within the same interface on FreeBSD. Regardless, using bridges isn't problematic unless you're directing traffic between devices. It's generally safe as long as it doesn't overload the CPU, which is why it's not advised.
Consents. It’s achievable, but when you can purchase a gigabit switch for fifteen dollars, simply get one if you need one. That’s my take. I do have a test bench close to my PFSense box, and I set up a separate subnet that is isolated from the main network using a third port on my quad NIC. There are definitely scenarios where this works, so I was just trying to remind the person that for most home networks… a switch is still the best choice. Don’t expect PFSense to function as a switch just to save money unless you’re learning or genuinely can’t afford it.
I prefer offering people as many choices as possible. Sometimes it's helpful to preserve an AC outlet, or to choose a router with 4-8 ports if you have them and they suit your needs. The key is having flexibility and understanding when and how to apply each option. For instance, I often set up my Linux devices using bridges, which provides advantages like quick access to spare ports, a consistent MAC address for DHCP when the main NIC fails, and the ability to easily run a VM if you want to try another operating system.
I need to preserve certain components for a broader game hosting setup. Earlier, I operated several virtual machines on the same hardware, using extra DDR4 RAM after upgrading my main system to DDR5. I decided not to purchase additional hardware to prevent potential dissatisfaction with pfSense or OPNsense. I opted for a balanced approach since I have multiple storage devices available. I installed an M.2 slot for OPNsense and removed the SSDs from the previous configuration to test it. I wasn’t aiming for an overly complex setup with both pfSense and OPNsense, choosing OPNsense instead. Obviously, this machine wouldn’t be power-efficient, so I considered using a power meter to monitor consumption. I might even adjust the BIOS settings to lower the voltage and reduce energy use. I also acquired a small network switch for wired connections and added a few extra Ethernet ports on the router—one for the main motherboard port and another as a backup. The router now has three Ethernet ports, with an additional one reserved for the network switch. I intended to replace my existing router (Netgear Nighthawk XR1000) with this OPNsense machine, turning it into a simple access point for devices that don’t support Ethernet. I learned that pfSense offers switching features, but I chose to avoid them because software switches are significantly slower than physical ones.