If you're looking to build a small, quiet and cheap box to run OPNsense on then I have a build you might be interested in.
This box has been happily running as my firewall since July 2019. I originally documented the build in this forum post over at serverbuilds.net but for posterity I wanted to record this information here too. Here's the build:
Item | Model | Price in 2019 | Approx 2023 price | Notes |
---|---|---|---|---|
Motherboard | Intel DQ77KB | $37 | $50-60 | Dual on-board Gigabit ethernet |
CPU | Intel i3 3225 | $29 | $6 | |
RAM | 16GB SODIMM | $6* | $25 | Upgraded build from 4gb to 16gb |
PSU | 19v Laptop Brick | $23 | $25 | |
SSD | 60GB mSATA | $19 | $15 | |
Case | Goodisory Tempered Glass Mini-ITX | $49 | $49 | |
2019 - $163 | 2023 - ~$170 |
Since 2019 the only upgrade I have made is from 4gb to 16gb of RAM. When running a few plugins I started to receive a few OOM errors and DDR3 SODIMMs are old and cheap so 16gb was an oppulent upgrade to resolve this issue.
When ordering the Intel DQ77KB from ebay take care to see if the seller includes the right sized IO plate for your needs. Most only ship with low profile which the linked case here doesn't fit. You'll want a full height one most likely.
I also placed a 40mm Noctua fan inside the case just to give things a tiny bit of airflow but I have no real data on how much this helped anything, really.
I liked the build so much I replicated it spec for spec to place at my parents house in the UK to act as a remote WireGuard and Tailscale endpoint in front of my primary off-site backup server which lives there.
The Future
This box is comfortably specced to handle a symmetric Gigabit fiber link up and down. However, when using OPNsense as a software VLAN co-ordinator it could become a bottleneck now that I've made the upgrade elsewhere to 10gig.
Therefore if I were to upgrade I might consider building something with an SFP+ card in it to make inter-VLAN traffic be able to traverse at higher speeds. This is not a bottleneck I currently face due to my network design but it could be in the foreseeable future.
Something like this m720q firewall build might be just the ticket.
If all you're doing is the basics though, this build will serve you well for many years as it has me.