If you plan on using VPNs on your network, then ensuring that you have hardware capable of creating and maintaining VPN tunnels is important. A system that only meets the specifications of pfSense will likely be inadequate. A typical desktop system will be more than capable. Since VPNs use encryption, and encryption (not to mention compression) is a CPU-intensive affair, if you are going to use VPNs, then your budgeting should allow for a more powerful CPU than what you would use otherwise. Researching benchmarks on CPUs is not a bad idea. This will tend to ensure that you not only get a powerful enough CPU, but that you also get the best return on your investment.

One of the factors to consider when choosing a CPU is the fact that pfSense 2.5 will require a processor that supports AES-NI hardware acceleration. Most Intel and AMD processors made since 2013 support AES-NI. For Intel, Westmere and later processors support it, and for AMD, Jaguar and later processors support it. Use due diligence in selecting an AES-NI-compatible processor, before purchasing your hardware.

If you are going to maintain several VPN tunnels simultaneously, you might consider purchasing specialized hardware. Accelerator cards will offload from the computing-intensive tasks of encryption and compression from the CPU. One company that makes such cards that are compatible with pfSense is Soekris, which had the VPN 14x1 product line. Unfortunately, Soekris USA suspended operations in 2017; however, VPN cards are still available (at least for now) from Soekris Europe.