If you’re tired of buying hardware that keeps giving out after a year or two, you might want to build your own pfSense router. Routers that run pfSense (official website) are more robust and reliable than standard consumer-grade hardware, and you can make one using the same parts you would use to construct a regular PC. In fact, since pfSense is relatively lightweight, you can put together a powerful router for around the same price as a mid-high Netgear, Asus, or Linksys.
The only caveat that comes to building a pfSense router is that you’ll have to provide a separate Wi-Fi access point. pfSense is geared towards wired connections, and although it has some Wi-Fi support, it’s not worth the trouble of trying to get a compatible wireless adapter. Instead, you can connect pretty much any Wi-Fi router in AP mode and continue to control your network through pfSense.
What do I need to buy to build a pfSense router?
The minimum specs for pfSense are:
- CPU: 600 MHz or faster
- RAM: 512 MB or more
- 4 GB or larger disk drive (SSD, HDD, etc.)
- One or more compatible network interface cards
- Bootable USB drive or CD/DVD-ROM for initial installation
Pretty much any Intel or AMD CPU-equipped computer made in the last ten years should meet these requirements. However, these system requirements don’t tell the whole story. The CPU of the PC you use has to use the x64 instruction set; there’s no ARM version readily available. You’re also best off using an Intel network adapter, as pfSense doesn’t always work well with Realtek NICs.
Here are a few of the options you can use to build your pfSense router:
Purchase a mini-PC
Since pfSense runs on such a wide array of hardware, you have a wide selection of equipment you can choose from. One of the easiest routes to getting a pfSense router doesn’t require you to put together a new PC at all. There are a host of mini-PCs that are available on retailers like Amazon that are manufactured with this sort of application in mind.
My pfSense router is the Qotom Q355G4-S05. This mini PC is equipped with an Intel i5 5200U, 8 GB of DDR3 RAM, and Intel I211-AT Gigabit LAN. It’s a fanless model that utilizes a large heatsink to dissipate heat, so you can locate it near your existing network hardware without worrying about increased noise. The only issue I’ve had with it is the included generic MSATA drive corrupted, but since it has an empty SATA port, I just installed an old 2.5″ SSD I had, and it’s worked great ever since.
The Qotom Q355G4 is far from the only mini-PC that will work, though. Just make sure the model you have your eyes set on has a 64-bit Intel or AMD CPU and that the network adapter is Intel.
Build a cheap PC to use as a router (or use one you already own)
You can also install pfSense on a regular old PC. If you have an old computer that’s just gathering dust, this is a great way to repurpose it. The only addition you’ll likely need to make is to add an Intel NIC if you use a PC you already own. Your motherboard’s network interface probably only has one ethernet port, and you’ll need at least two to use pfSense, one for your WAN (modem), and one for Wi-Fi.
If you’re looking to build a PC to serve as a pfSense router, it’s okay to just go with what’s cheapest. A top-of-the-line pfSense router only really needs a decent CPU, 8GB of RAM, and an Intel network adapter card. Intel and AMD x64 CPUs both work with pfSense. However, I recommend going with an Intel CPU, as most of them have built-in graphics you can use to save you money on buying a GPU.
I recommend the following hardware:
- CPU: Intel 5th generation (or better) dual-core processor
- RAM: 8 GB DDR3 (or better) RAM
- Network Adapter: Intel 10/100/1000 NIC with x4 ports (an I340-T4 or EXPI9404PTLBLK works great)
You could technically get by running pfSense on even less powerful hardware. However, the above specs should be more than enough to future-proof your router and enable you to use gigabit internet at full speed while hosting a robust home network.
How to use Wi-Fi with a pfSense router
So, your pfSense router is complete, and your wired connections are set up and working. Now, you’ll likely want to get Wi-Fi up and rolling. While pfSense does technically support multiple models of wireless adapter, do yourself a favor and don’t even try to set up Wi-Fi through your pfSense hardware. There’s a much, much easier way of utilizing pfSense to route your Wi-Fi, and you likely already have the equipment to do it on hand.
Almost every Wi-Fi router can work in several different modes. Each manufacturer has their own nomenclature for what these modes are called (I’m using the names from my Asus RT-AX88U), but they all do the same thing. When you’re using it to route traffic, it’s in the aptly named “Wireless router mode.” However, your new pfSense router is going to take care of all the heavy lifting, so you need to turn off your Wi-Fi router’s brain, so it doesn’t interfere.
Before you get started, make sure to assign your Wi-Fi router to a new IP. More than likely, your pfSense router is now set to 192.168.1.1, which may be the same IP your wireless router is set to by default. To avoid network issues, you’ll need to set your wireless router to another IP. I adjusted mine to be 192.168.1.2. It’s still an easy to remember address in case you need to log in, and it shouldn’t interfere with the operation of your pfSense router.
Now that the IP is taken care of, you’ll need to set your wireless router to “dumb mode.” This will typically be called AP mode or Access Point mode in the settings. Once you’ve set the router to AP mode and configured the SSIDs, you’ll be able to access your network via Wi-Fi with no further setup.
If you don’t already have a Wi-Fi router, I recommend future-proofing with something like the Asus RT-AX88U. This model is equipped with 801.11ax, a protocol that should be relevant for the next five years or so. Technically, you could save some money by going with a Wi-Fi extender instead of a full router, but I find those devices to be less reliable overall.