** The pfSense Users Thread **

Soldato
Joined
18 Oct 2002
Posts
3,506
Location
UK
I personally find the policy based routing configured via the GUI a god send plus fairly straightforward routing via a VPN client at line speed (since I can choose my own hardware) and also a VPN server to connect to my home LAN easily from anywhere in the world to be the most used features not available on most consumer routers. It's also really straightforward to set up a multiple networks and limit bandwidth per device, subnet or VLAN so I get to keep what I want for my use. I don't use the domain blocking or IDS that's also easy to implement if you have a need which isn't that easy with a consumer modem/router.

If you look at the number of threads on here along the lines of "how do I setup selective network wide VPN" or "my WiFi is poor" then something like a pfSense router with a solid wireless access point solution makes for a very straightforward and rock solid home network that solves all those problems.
 
Associate
Joined
23 Dec 2015
Posts
79
I have Been using Pfsense for years now.
Other advantages are setting up VLAN with firewall in between them, this way I have chose if I want any data routed between them.
I have split my home network up into 7 VLANS
internal only, out only, CCTV, VPN, Servers, NO VPN, Guest

The internet on all VLANS is filtered by PFBLOCKER which blocks domains and IP address ranges and even some countries such as Malaysia, China and Russia as most miscreants seem to be in these countries.

There are some really good guides out there such as https://nguvu.org/pfsense/pfsense-baseline-setup/
 
Soldato
Joined
18 Nov 2007
Posts
3,358
Location
West Lothian
Been using PfSense for years too. Originally ran it as a VM on my UnRaid server using 4 cores but moved to a physical box about a year ago so that I don't lose internet when I reboot the server.

Now using one of these....

3607-04XL.jpg


Can't fault it.
 
Associate
Joined
3 Jun 2007
Posts
2,276
Location
Essex
Been using PfSense for years too. Originally ran it as a VM on my UnRaid server using 4 cores but moved to a physical box about a year ago so that I don't lose internet when I reboot the server.

Now using one of these....

3607-04XL.jpg


Can't fault it.

what is that if you dont mine me asking? im maybe looking for something smaller but needs to have the spec to run a VPN on a high speed connection with AES
 
Associate
Joined
19 Jul 2011
Posts
2,343
Been using pfsense for a few years now. Originally on a jetway miniPC ( older and much lower spec than the one above). These days running it as a VM on my server with a cheap intel dual-nic talking to a BT openreach modem.
 
Associate
Joined
27 Dec 2003
Posts
1,212
Location
Preston, Lancs
I have a custom build mini-itx pfsense box with an i5 4590T and 8GB ram, 16GB SSD. I have 4 x dial in VPN's, one site to site VPN, pfblocker and 2 vlans running. Monitoring in zabbix shows the average CPU usage over the last month to be 2%, so yes a tad overpowered :)
 
Soldato
Joined
28 Dec 2003
Posts
16,056
It's a Jetway JBC313. I have a 350/35 connection with Virgin Media and get around 90Mbps download through VPN with this.

Holy thread resurrection Batman!

I was looking at the JBC313 for a pfsense box and am currently on the same 350/35 VM service but will be upgrading to gigglebit at some point in the near future and I'm concerned whether the Jetway would handle that or not?

I know VPN throughput would obviously be slower but I need to be sure that whatever hardware I go with will be able to support basic routing at full wire-speed.

I notice there's also a version of the JBC313 using a J3455 processor but not sure how this compares to the N3160.
 
Associate
Joined
27 Dec 2003
Posts
1,212
Location
Preston, Lancs
Although larger, I'd do a whitebox mini-itx build. I'm moving my 4590T/Dual Intel NIC setup to a Sugo SG13 case shortly as I had the same choice to make. I've considered the very small boxes like the JBC313 but it's a massive compromise for a non upgradeable and average CPU unit. I'd like my pfsense box to be upgradeable to a 10Gb NIC in the future, past 1Gb internet as FTTP/Virgin 1Gb or higher arrives. If you don't really plan on going higher than 1Gb or using any advanced features like snort/suricata then go for the JBC313 or other unit with the highest CPU you can afford.
 
Soldato
Joined
29 Dec 2002
Posts
7,175
At this point, £50-60ish delivered buys you a full 6th gen Lenovo/Dell i3 or something equivocal from AMD, decent single core speed, hardware AES-NI, quite, OK power consumption and at least one PCIe to add a cheap NBASE-T compatible NIC, but expect the onboard to be Realtek based and it’ll need a low profile bracket. Also be careful with 10Gb, Virgin will likely use NBASE-T initially for the modem switch side, most 10Gb cards don’t support the NBASE-T 2.5/5Gb standards (other than say the Intel X550 or the equivalent 7 series), you could VLAN it in via a 2.5Gb port on a mixed mode switch and out on a 10Gb native port if needs be, but only 1 OEM I can think of offers a managed switch capable of doing that off the top of my head and the price is about the same as a T2 5/7 series anyway.

On a side note, this may be an opportune time to consider if pfsense is really the option you want to go with. I like pfsense, but Netgate have an unfortunate history that just keeps making me cringe. I generally prefer the companies that I put my faith in to do so with solid code and the minimum of open bullying/threatening/vile hate campaigns against other developers. That sadly isn’t Netgate.

https://www.overclockers.co.uk/forums/threads/for-those-of-you-using-pfsense-wg.18923452/
 
Soldato
Joined
28 Dec 2003
Posts
16,056
Thanks both. Yeah maybe I need to bite the bullet and put together a small mini-ITX box, although I want to keep it as small as possible.

I've actually got an old Xeon E5-2430 lying around and more DDR3 RAM than I know what to do with, I wonder if there's an ITX mobo anywhere that would support those.
 
Don
Joined
19 May 2012
Posts
17,050
Location
Spalding, Lincolnshire
I've actually got an old Xeon E5-2430 lying around and more DDR3 RAM than I know what to do with, I wonder if there's an ITX mobo anywhere that would support those.

There won't be any ITX boards for them - the 24xx used a weird socket that wasn't particularly common (it was only used for low end 2P servers). If it was a 26xx you might have had a chance, as I believe there are some cheap chinese boards available
 
Soldato
Joined
28 Dec 2003
Posts
16,056
There won't be any ITX boards for them - the 24xx used a weird socket that wasn't particularly common (it was only used for low end 2P servers). If it was a 26xx you might have had a chance, as I believe there are some cheap chinese boards available

Yeah seems you're right. It's just a left-over from when I upgraded my PowerEdge T420.
 
Soldato
Joined
12 Feb 2004
Posts
7,253
Location
Manchester
Thanks both. Yeah maybe I need to bite the bullet and put together a small mini-ITX box, although I want to keep it as small as possible.

I've actually got an old Xeon E5-2430 lying around and more DDR3 RAM than I know what to do with, I wonder if there's an ITX mobo anywhere that would support those.

I use pfsense on a HP T730 thin client, added a dual nic card and runs my 1Gb Virgin perfectly.
 
Soldato
Joined
29 May 2005
Posts
4,896
Internet facing services, somewhere to land guest WiFi and IoT devices.
I get guest network. But IOT aren’t you just making it prone to be hacked and taken over as part of bot net or worse? Many IOT now are cameras, door bells etc etc. I would think privacy concern is a greater problem?
 
Soldato
Joined
27 Feb 2015
Posts
12,596
I use a qotom box, forgot the model number, but it has a i5 broadwell era processor alongside 4 intel nic ports, 4 gig ram, and internal m.sata ssd. The entire casing is the heatsink. :)
 
Back
Top Bottom