I have a couple laptops laying around and thinking about using one for a pfsense box. I was surprised that I have nothing laying around that’s powerful enough to run pfsense, but I do have these two laptops. One is newer than the other, but I’d doesn’t have an ethernet jack. The other does, but it’s 10/100, though both have USB 3.0. Thinking of either using my router as a managed switch or a couple USB 3.0 to gigabit ethernet adapters.
I’ve looked all over and not found much recently of talk about this kind of setup. Most of what I saw was about usb being unreliable, but it was all several years ago. Has anyone tried this that can speak to reliability, resource usage, heat, etc? I’ve seen some mentions that were recent that said they wouldn’t recommend it, but I can’t find anything about any actual testing or reliability results.
I ran PFSense on a laptop for a number of months in router-on-a-stick configuration with a VLAN-capable switch. Just be aware that anything crossing the router (e.g., inter-VLAN traffic, or LAN-to-WAN traffic) will be limited to 500Mbps.
I never liked the Realtek chips that frequently came with cheap USB adapters, nor how they’d often drop off the USB and re-enumerate with a different name, but this was many years ago. I haven’t used the Amazon Basics dongle JDM linked; I’m sure it’s fine.
I have done this exact thing with an old ASUS Transformer Book Trio TX201LA 2-in1 laptop with Android Tablet and my specific build was to avoid using the USB dongles. The Tablet portion stopped working; however but the laptop portion works fine. It has an i5 4200U (with AES-NI), 4GB soldered RAM and I added a super cheap 32GB SATA SSD to run pfsense on. We have AT&T 1G FTTH and for everything we have running at home: 5 PCs, 40 wireless devices to include some additional IoT devices, running two simultaneous OpenVPN connections plus all of our HTPC, NAS, etc services on the back end - it is overkill and doesn’t even break a sweat.
For the build, I pulled off the laptop bottom and removed the pcie wifi card and installed a minipcie to pcie x16 riser kits off ebay for < $10 and an external molex power supply for <$15. I had to use some metal snips to cut a notch in the bottom panel of the laptop that was big enough to run the cable from the laptop to the x16 riser board and still be able to button the panel back up. The cable was taped down to the motherboard using some Kapton tape to help prevent it coming unplugged. The NIC was mounted in a 3d printed riser mount (linked below) to add stability and also keep the NIC firmly seated in the riser. The card was recognized immediately and had no special configuration or drivers to be loaded required. I am specifically using a quad port card because I am using MonkWho’s pfatt bypass available on hit github. This enables a true bridge mode setup with AT&T U-Verse and pfSense but requires a separate ethernet connection on the pfsense box bringing the total up to three - LAN, WAN and pfatt bypass. So even though this quad port card (pcie 2.0) is connected via a pci-e 3.0 x1 slot, the x1 slot running at pcie 2.0 provides more than enough bandwidth for this setup. Theoretically, a pcie 2.0 x1 slot should provide 500MB/s in each direction far exceeding the AT&T gigabit connection bandwidth.
