Top CPU and motherboard deals under $170 from PF SENSE
Top CPU and motherboard deals under $170 from PF SENSE
Hi, I recently decided to assemble a custom PFSense router. My budget is around 170 dollars for the CPU and motherboard. I checked some YouTube videos but couldn't locate suitable specifications for a device that supports gigabit speeds with a firewall. Initially, I considered Netgate, thinking it might be too costly. Eventually, I thought a custom build inside a 1U server case would be the best fit. I've selected the following components: Ryzen 3 1200 AF processor and an ASRock A320M-DVD R4.0 motherboard, along with an Intel 0HM9JY Ethernet card. I'm not sure if this configuration is optimal, so I'm seeking advice to find a suitable option. Thanks for your help!
I'm not very comfortable with pfSense, but I understand most routers you buy for it typically run a 4C/4T Celeron J3455 with a 1.5GHz base and 2.3GHz boost. It has only about 2MB of cache and uses Intel's 14nm process. This feels like an older i5 7400—its clock speed and cache were halved, which isn't great for performance. The 1200AF is definitely stronger than a Celeron; it matches the power of an i5 7400 quite closely. These Celerons are chosen mainly because they're extremely energy-efficient. The J3455 draws only 10W, while the 1200AF uses more than three times that amount. Since it'll likely run continuously, that extra power usage is definitely something to think about.
Usually it's better to opt for i3 or i5 when using Gigabit speeds on pfSense, even though that might not be very practical given how much has changed over time. The single-thread performance of the J2455 is relatively low (measured by CPU Mark), so you’d likely need roughly half more single-thread power for Gigabit than what you get with standard models. This could depend on whether your ISP uses PPPoE or plain DHCP. That’s why I chose a more expensive 7200U unit since the manufacturer tested it directly on pfSense. Another point is that certain CPUs behave differently on FreeBSD, which might limit performance if you’re not using them at their maximum frequency. For instance, the 7200U runs at 2.4Ghz, but I also have an 8250U with a higher unlocked TDP that I was thinking of swapping in—because the 7200U only supports USB M.2, whereas the newer version uses PCIe. FreeBSD doesn’t adjust its power limits, so it caps at 1.6Ghz compared to Linux’s boosted 3.2Ghz. Unfortunately, since FTTP isn’t available yet here, I can’t try it out. The Ryzen 1200AF should handle Gigabit well, though it uses more power, which is another issue with pfSense/FreeBSD. Their power management is quite poor; when idle it uses twice the CPU usage of Linux, but for a router you probably don’t want that unless you’re okay with extra latency. Overall, it’s quite complex—routing Gigabit NAT isn’t the only factor, and your setup affects everything. I’m particularly interested in the top model listed on AliExpress (https://www.aliexpress.com/item/1005003799551637.html); a Celeron might be sufficient, but it probably won’t match the 8250U when running at base speed, depending on whether it’s boosted by pfSense.
My internet provider uses pppoe, so I considered OpenVpn but am okay with slower speeds if it saves CPU usage. I’m also thinking about a Celeron; though smaller Intel boards cost more, they offer better performance for the price. Ultimately, I’d prefer more power for less money.
It varies based on the perspective, the device I mentioned only provides up to 10W of power, while the Ryzen should handle at least three times that during light use. By the way, ServeTheHome confirmed the Celeron linked in another board, which is likely similar. Essentially, you’d need roughly twice as strong a CPU to run OpenVPN close to gigabit speeds. Nobody seems to test the PPPoE overhead, which is a known problem on pfSense due to its single-threaded PPP client. I believe the Ryzen would manage it despite the extra power draw, if you’re okay with a larger setup and higher consumption. Around 10W is a good balance—perfect for running from an inexpensive 12V UPS for extended periods compared to anything over 24W that demands a full UPS and only lasts 15-30 minutes.
Not every consumer router supports changing the WAN ID, so I have to rely on the ISP router first, which restricts DNS changes. Constant updates from pfSense work well, while the existing Ubiquity mesh and pfSense are significantly more affordable than alternatives like UDM Pro. Other great features include pfblocker.
Certainly. Many users deploy PiHole and pfSense within virtual machines together on the same hardware. From my perspective, this approach increases complexity and potential points of failure. I prefer keeping pfSense on dedicated hardware so I have a backup that can be easily replaced if needed.
It's accurate that the Celeron j4125 generates significantly less power compared to the Ryzen, yet considering its price offers better value. Patric from STH mentioned a minimum of $250 for this compact system, excluding taxes which are around 23% in my country.