Jump to content

Welcome to ExtremeHW

Welcome to ExtremeHW, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be a part of ExtremeHW by signing in or creating an account.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
  • Take advantage of site exclusive features.

the pfense club


cscoder4ever
 Share

Recommended Posts

?

 

just poking fun, I'd run it in a VM before bothering with dedicated hardware at all though.

 

I ran pfSense that way on my NUC for a bit but my needs are too ... consumer? ... and I scrapped it.

 

I know bud its all good :cool:.

 

Running it in VM is a good idea, I love VM but didn't think of it for pfense.

Link to comment
Share on other sites

EHW Content Creator

The big take away is flexibility. pfSense is completely opensource, and has a lot of community add-on packages. These range from proxies, DNS, VPN server, multi-VLAN routing, boundary ad blocking, or whatever else you want to throw at it. Plus, it's fun to actually build out a router with your own hardware, or repurpose old hardware that you have stashed in the closet.

Link to comment
Share on other sites

The big take away is flexibility. pfSense is completely opensource, and has a lot of community add-on packages. These range from proxies, DNS, VPN server, multi-VLAN routing, boundary ad blocking, or whatever else you want to throw at it. Plus, it's fun to actually build out a router with your own hardware, or repurpose old hardware that you have stashed in the closet.

 

For me the best thing about it is the Ad/script blocking that you can do with it from what I hear (have not played with it) but I have had custom firmware (AsusMerlin) on my Asus router at one point which allowed for some serious ad/script blocking which was fantastic as it was all blocked before it even got to your PC. VPN Server is also a massive bonus. In the future I will get a small PC to do this on and mess about with it.

Link to comment
Share on other sites

EHW Content Creator
For me the best thing about it is the Ad/script blocking that you can do with it from what I hear (have not played with it) but I have had custom firmware (AsusMerlin) on my Asus router at one point which allowed for some serious ad/script blocking which was fantastic as it was all blocked before it even got to your PC. VPN Server is also a massive bonus. In the future I will get a small PC to do this on and mess about with it.

 

Agreed with that. Personally I don't use the boundary ad blocking, but I have read mix results with it. Either, being extremely simple to setup and "it just works", to "this is so customizable, oh god someone please turn off the fire hose this is too mu-".

 

For me, the I use the OpenVPN server. At my old place, my folks were paying for comcast cable, and my brother would use the VPN connection to watch the "In-home" streaming service while at college. Also, it works great for remove management, especially when TeamViewer decides you are using the free service for a commercial use case, but they don't factor in the fact that one person really does own that many computers lol. (If you connect via local IP rather than public ID, TeamViewer doesn't complain).

 

The Multi-Vlan support would have been easier if I didn't decided to do a dot1q trunk to my switch, but whatever lol.

Link to comment
Share on other sites

  • 1 year later...

I was avoiding this "club" because I'm OPNsense, but since you stated we're welcome here too...... 🤣
 

Specs of my firewall:

CPU: i5 4490

mobo: Some B85 mATX board, Asus I think

RAM: G.Skill 8GB ripjaws DDR3 1600

OS drive: 2x WD Green 120GB SSD's RAID1

PSU: Seasonic 350w

NIC: Quad Intel Giga-nic, X350 I think was the model?

Case: 1u Rack (currently in an old Dell beige box though)
Extra:  Adaptec 5808z RAID card (because no onboard RAID)

I use it because I have a "server" setup already for file serving, various VM boxes, game serving, lots of things.  Got a VPN going on one of the LAN's, and have my whole house basically going through wifi through the VPN now.  Having some issues with ports (made a thread on that).  Once I figure out how to get things to go through that I want to go through, I'll be very happy with the setup.

Observations?  Yeah, its a royal PITA to setup.  I've always used consumer grade routers before and was happy with my Netgear R7000 that I've had for years and years.  I decided to try PFsense (and then OPNsense) because I wanted more control over the VPN and the networks.  Only reason I'm not using PFsense is because I could NOT get the VPN to work at all on PFsense, but it works fine on OPNsense.  Just wish I'd have thought that through a little better, because now nothing works right lol.  Eventually, and I'm sure this is possible, but waaaay out of my skillset levels, I'd like to setup a second VPN to have LAN access to my buddy's house across the state.  That + VPN internet + security was my reasonings for making the switch.

Link to comment
Share on other sites

18 hours ago, pioneerisloud said:

I was avoiding this "club" because I'm OPNsense, but since you stated we're welcome here too...... 🤣
 

Specs of my firewall:

CPU: i5 4490

mobo: Some B85 mATX board, Asus I think

RAM: G.Skill 8GB ripjaws DDR3 1600

OS drive: 2x WD Green 120GB SSD's RAID1

PSU: Seasonic 350w

NIC: Quad Intel Giga-nic, X350 I think was the model?

Case: 1u Rack (currently in an old Dell beige box though)
Extra:  Adaptec 5808z RAID card (because no onboard RAID)

I use it because I have a "server" setup already for file serving, various VM boxes, game serving, lots of things.  Got a VPN going on one of the LAN's, and have my whole house basically going through wifi through the VPN now.  Having some issues with ports (made a thread on that).  Once I figure out how to get things to go through that I want to go through, I'll be very happy with the setup.

Observations?  Yeah, its a royal PITA to setup.  I've always used consumer grade routers before and was happy with my Netgear R7000 that I've had for years and years.  I decided to try PFsense (and then OPNsense) because I wanted more control over the VPN and the networks.  Only reason I'm not using PFsense is because I could NOT get the VPN to work at all on PFsense, but it works fine on OPNsense.  Just wish I'd have thought that through a little better, because now nothing works right lol.  Eventually, and I'm sure this is possible, but waaaay out of my skillset levels, I'd like to setup a second VPN to have LAN access to my buddy's house across the state.  That + VPN internet + security was my reasonings for making the switch.

I plan on switching from pfsense to opnsense.   My pfsense works great, but it's no longer 100% opensource so it's getting the axe.

Link to comment
Share on other sites

  • 2 weeks later...

Might be joining the opnsense side of the club. 

 

I had been using Ubiquiti gear for the last 8 years, but my last EdgeRouter ERLite-3 just died and it could not be resuscitated with a new USB drive.  Thinking about repurposing some soon to be retired hardware, and doing a fun 1U 3200G build, running opnsense, to put in my network rack. 

Edited by tictoc
Link to comment
Share on other sites

Hey guys, so I am possibly thinking of doing this whole Pfense thing...or opensense (whichever makes more sense...no pun)

 

I have a spare SFF PC hanging around which meets the specs for either solution. 

 

As it is an SFF I know im limited to two ports per expansion card so far as a network card. I can likely only get the one card in there which to be honest should be fine.

 

Any recommendations on a 10Gb RJ45 network card that does not cost the earth ha.

Link to comment
Share on other sites

On 01/08/2021 at 19:48, tictoc said:

I had been using Ubiquiti gear for the last 8 years, but my last EdgeRouter ERLite-3 just died and it could not be resuscitated with a new USB drive. 

 

If you want to stick with Ubiquiti, I have a USG that I'm not using.  I can send it to you if you cover shipping costs.

Link to comment
Share on other sites

6 hours ago, ENTERPRISE said:

Hey guys, so I am possibly thinking of doing this whole Pfense thing...or opensense (whichever makes more sense...no pun)

 

I have a spare SFF PC hanging around which meets the specs for either solution. 

 

As it is an SFF I know im limited to two ports per expansion card so far as a network card. I can likely only get the one card in there which to be honest should be fine.

 

Any recommendations on a 10Gb RJ45 network card that does not cost the earth ha.

 

1 hour ago, tictoc said:

You should be able to grab a used intel X540-t2 card on Ebay for pretty cheap, if you need a 10Gbase-T NIC.

 

I'm just going to quote myself. 🙂 As long as your 10G devices are on the same switch, subnet, and vLAN, you probably don't need to worry about your router being 10G capable, unless of course you do have faster than gigabit internet.  Additionally if you do for some reason need a 10G router to route between separate vLANs then you are going to want a fast CPU with a decent sized cache. 

Link to comment
Share on other sites

35 minutes ago, firedfly said:

 

If you want to stick with Ubiquiti, I have a USG that I'm not using.  I can send it to you if you cover shipping costs.

 

Thanks for the offer, but the whole update fiasco with EdgeOS has soured my opinion on Ubiquiti, which was already going downhill thanks to a bunch of older unresolved issues along with the long standing issue of dying internal USB storage "bricking" the hardware. I grabbed a cheap EdgeRouter X to stand up my network for the time being, but I am currently running VyOS in a VM and I am thinking about running it on hardware as my permanent router/firewall/VPN solution.

Edited by tictoc
typos
Link to comment
Share on other sites

12 hours ago, tictoc said:

You should be able to grab a used intel X540-t2 card on Ebay for pretty cheap, if you need a 10Gbase-T NIC.

Great, thanks for the suggestion. Gives me a clue on something tried and tested.

10 hours ago, The Pook said:

look for a Super Micro AOC-STG-I2T, they use the Intel X540 controller and can be had for $60-$80 on eBay ezpz. Could send you a spare but shipping would probably cost more than buying one locally. 

 

just be on the lookout for dupes, it's pretty common with X540 

Nice, thanks for the suggestion, will keep my eyes open.

10 hours ago, tictoc said:

 

 

I'm just going to quote myself. 🙂 As long as your 10G devices are on the same switch, subnet, and vLAN, you probably don't need to worry about your router being 10G capable, unless of course you do have faster than gigabit internet.  Additionally if you do for some reason need a 10G router to route between separate vLANs then you are going to want a fast CPU with a decent sized cache. 

Yeah they will be. Unfortunately for me our incoming internet is nowhere near those sorts of speeds haha.

Link to comment
Share on other sites

21 minutes ago, ENTERPRISE said:

Great, thanks for the suggestion. Gives me a clue on something tried and tested.

Nice, thanks for the suggestion, will keep my eyes open.

Yeah they will be. Unfortunately for me our incoming internet is nowhere near those sorts of speeds haha.

I've been using the Intel i350T4 in most of my rigs, I'm nowhere near setup for anything past gig speeds anyway.  The i350T2 I'd imagine would be nearly identical as well if you needed something cheap and solid with just 2 ports.  I chose a 4 port just in case.  I used these in my NAS and VM box too, although I really probably did need 10g NIC's there, but whatever.  It works.

For the OPNsense box, you're going to want to plug that into a switch or something else anyway for the added ports for your LAN.  More than likely anyway.  I mean, you CAN use it as a full on router, even wireless.  However that's going to need a bigger enclosure, and more PCIe NIC's, and its even more setup and troubleshooting on it later.  By all means, try it out if you want to.  Just my experience as an end user switching from commercial grade routers.  I'm happy with mine just as a very intelligent gateway, firewall, dhcp, and vpn.  And in that instance, all that's really needed is equal or faster than your ISP for the NIC's.  1 in / 1 out is all that's "required", but you can assign them to so many things its ridiculous.  If you plan to be any advanced at all in your network, you might want to start off with a 4 port NIC.  I'm using 3 ports, and the headaches are real (but wow its powerful).

I only recommend mine because they were cheap, they're gig speed capable, they were cheap, and they work great in everything.  Also, fair note, I'm by no means intelligent with networking gear.  I make junk work, that's my specialty. 🙂

Link to comment
Share on other sites

7 hours ago, pioneerisloud said:

I've been using the Intel i350T4 in most of my rigs, I'm nowhere near setup for anything past gig speeds anyway.  The i350T2 I'd imagine would be nearly identical as well if you needed something cheap and solid with just 2 ports.  I chose a 4 port just in case.  I used these in my NAS and VM box too, although I really probably did need 10g NIC's there, but whatever.  It works.

For the OPNsense box, you're going to want to plug that into a switch or something else anyway for the added ports for your LAN.  More than likely anyway.  I mean, you CAN use it as a full on router, even wireless.  However that's going to need a bigger enclosure, and more PCIe NIC's, and its even more setup and troubleshooting on it later.  By all means, try it out if you want to.  Just my experience as an end user switching from commercial grade routers.  I'm happy with mine just as a very intelligent gateway, firewall, dhcp, and vpn.  And in that instance, all that's really needed is equal or faster than your ISP for the NIC's.  1 in / 1 out is all that's "required", but you can assign them to so many things its ridiculous.  If you plan to be any advanced at all in your network, you might want to start off with a 4 port NIC.  I'm using 3 ports, and the headaches are real (but wow its powerful).

I only recommend mine because they were cheap, they're gig speed capable, they were cheap, and they work great in everything.  Also, fair note, I'm by no means intelligent with networking gear.  I make junk work, that's my specialty. 🙂

 

Thanks for the additional info. I will update this thread with the specs of the proposed machine, however from what I can tell, it should be powerful enough. So I took a look at the  intel X540-t2 and lots of results on Ebay over here, ultimately looks like I can pick one up for around £60 which is not all that bad. The overall rigs will likely cost about £70, so around £130 for the entire setup. I am just looking for it to sit between my main ISP router and my switch as the filter as it were. So a 2 port NIC should be more than enough. 

 

Ha, I am no network wizard. I know enough that gets me by, but it was never a pathway I was hugely interested in back in the day. I am far more interested these days however.

Link to comment
Share on other sites

So I have an i3 4130 : 

ARK.INTEL.COM

quick reference guide including specifications, features, pricing, compatibility, design documentation, ordering codes, spec codes and more.

 

Just wondering if it would meet the recommended spec so far as the OpenSense requirements details here : 

 

I guess I could upgrade the CPU, but wondering if I can get away with it not being a limiting factor ?

Link to comment
Share on other sites

That CPU should be fine.  It has AES-NI, which will accelerate encryption for WireGuard/IPsec/OpenVPN if you are going to set up a VPN.  If you expand your current network, and start to do any any routing at 10Gbps, then you might see some bottlenecks.  For your current setup it should be more than enough CPU.

Link to comment
Share on other sites

10 minutes ago, tictoc said:

That CPU should be fine.  It has AES-NI, which will accelerate encryption for WireGuard/IPsec/OpenVPN if you are going to set up a VPN.  If you expand your current network, and start to do any any routing at 10Gbps, then you might see some bottlenecks.  For your current setup it should be more than enough CPU.

 

Let's make the assumption I may beef to 10Gbps, What sort of CPU are we talking ? The motherboard I have is a Asus H81M-K whichever CPU it ends up being it would need i-gpu support. With it being a 4th gen CPU and likely fairly cheap, might be able to go for the top one it supports lol. (Intel 4790K)

Link to comment
Share on other sites

I haven't used OPNSense with 10G routing, so I can't say for sure, but a 4790k should be able to get good throughput.  You might need to do some tuning, but a 4790k should be a pretty good all-around performer.  If you need a little more juice, didn't ASUS unlock OC'ing on the H81 boards?  Either way that CPU should be able to handle what you want to do.  I might know a guy, that knows a guy, with a delidded 4790k sitting on a shelf. :scared_animatedfear:

Edited by tictoc
Link to comment
Share on other sites

2 hours ago, tictoc said:

I haven't used OPNSense with 10G routing, so I can't say for sure, but a 4790k should be able to get good throughput.  You might need to do some tuning, but a 4790k should be a pretty good all-around performer.  If you need a little more juice, didn't ASUS unlock OC'ing on the H81 boards?  Either way that CPU should be able to handle what you want to do.  I might know a guy, that knows a guy, with a delidded 4790k sitting on a shelf. :scared_animatedfear:

 

Nice, thanks for the info. No idea if Asus unlocked the H81 boards. Will check that out. Ha, could be a nice guy if he has one lying around. Only issue is that I am kind of limited to a stock cooler/low perf cooler as it is a SFF build. So may not bode well due to clamping pressure.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...

Important Information

This Website may place and access certain Cookies on your computer. ExtremeHW uses Cookies to improve your experience of using the Website and to improve our range of products and services. ExtremeHW has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law. For more information please see our Privacy Policy