7 months later: I have written an update post on how things are going with this pfSense machine.
Links in this post are referral links. Purchasing products via one of these links helps me out.
I've previously talked about my pfSense setup, and it’s now been over six months and pfSense has been working well.
For those six months I used a PC cobbled together from some spare parts. It worked fine but it was pretty noisy (it had a northbridge fan, urgh) and so I evaluated some of the options available.
I first started looking at dedicated hardware; small embedded systems the size of consumer routers that were designed to run pfSense. But I had some concerns about performance (I use OpenVPN, for starters) and for the price you don't really get a lot of hardware (£200-£300 for something about as powerful as my phone). They’re also super-inflexible; they’re only ever going to be good for running pfSense or similar. I tend to re-use and recycle computer components for up to 10 years after I purchase them, often donating them to friends and colleagues to help fix or run their own machines. I might want to run pfSense today, but in a few years time who knows what the hardware might be used for?
So instead I decided to build my own mini-ITX machine. My main focus was budget, but also on buying some decent components that would be way over-specced but handy in the future.
The total cost including delivery was £200 from Scan, but bear in mind that doesn't include the cost of a HDD or PSU (see below).
Case
I chose the Coolermaster Elite 110 because it was cheap, came with a free 120mm fan, supports full ATX power supplies and long graphics cards, and has so many air vents that keeping it cool is going to require no thought whatsoever. It also looks pretty nice, and in my limited experience Coolermaster make good quality products.
Motherboard
The Z97 featureset is massively overkill, but the MSI Z97I AC is a good price (under £90) and crucially has dual NICs, so I didn't need to buy another ethernet adapter. They're Realtek adapters, which tend to result in poor performance compared to the competition, but given the massive performance buffer my build has I'm not expecting this to ever be a problem.
The WiFi doesn't work in FreeBSD, but running pfSense as an access point is a terrible idea anyway.
CPU
The Pentium G3240 is ridiculously cheap (under £50) considering you're getting a dual core processor clocked at 3.1Ghz. Sure, you probably wouldn't want it in your gaming PC, but it's going to spend its entire life at 99% idle routing packets, so is more than enough.
I could've saved £10-20 by buying a Celeron, but it feels like almost a waste of money to buy something so low-specced. If I ever wanted this machine to do something else, I'd hit the limit of such a poor CPU quite quickly.
In such a small case, your cooling options are limited; there's no space for a passive cooler so I stuck with the stock cooler, trusting that the motherboard would probably spin it slow most of the time. The Intel stock cooler is pretty good nowadays anyway.
Other stuff
Whilst the case, motherboard and CPU are the core of my build, I also bought a 4GB stick of cheap RAM (a waste to spend money on less) and I re-used a PSU and HDD from another machine (this is what I mean about re-using components for years!).
Possible improvements
The case is so small that using a non-modular PSU (e.g. one that has all the spare cables you don't need) makes cable management very tricky. If I wanted to do more with this case, it would be essential to buy a modular PSU.
To reduce heat, noise and power consumption and to improve reliability I could replace the HDD with a tiny SSD. I could also run pfSense off a USB memory stick, but something about that screams ghetto the same way running a Raspberry Pi off an SD card does.
The case comes with rubber grommets that it expects you to only use for mounting SSDs, but why on earth would you use rubber grommets on a vibration-free SSD? I managed to use them with my HDD mount points, but it was a bit tricky. Coolermaster, what were you thinking?!
The upgrade process
The HDD was actually out of my old pfSense machine, so everything just carried on working after pfSense prompted me to assign the new interfaces. Hurrah!
As I'd hoped, it's almost silent, which is a big win. It looks pretty good under the desk, though I fear for the amount of dust it's going to inhale through the front mesh. It's also bigger than my old Logitech sub-woofer:
