PFsense box

S

Spartaniz

Expert Member
Joined
Oct 7, 2008
Messages
1,259
Reaction score
14
Location
Johannesburg
Hi Guys

Im looking to build a pfsense box for a home network, specifically to route all internet traffic via openvpn.

The hardware Im looking at is as follow:

AMD A4-7300 Socket FM2 3.8GHZ
Asus A88XM-E AMD A88X Chipset FM2/FM2+ Micro-ATX
D-Link DGE-528T - 10/100/1000 Gigabit Network PCI Adapter

I do have 8gb ddr3 and a 120gb SSD lying around which I will also use.

I just need to find a case and a psu.

Any suggestions/recommendations?
 
You need 2 nics.

1gb RAM will be plenty.

PFsense only needs lots of hardware if you are running a lot of traffic through it.
 
Necropolis said:
You need 2 nics.

1gb RAM will be plenty.

PFsense only needs lots of hardware if you are running a lot of traffic through it.
Click to expand...

I actually considered grabbing the AC68U and flashing it with Merlin's firmware. Apparently, and that's what I've read, its cpu can push upto 50mbps through openvpn.

My dsl connection maxes out at around 15mbps, so Im not sure if the pfsense box would be overkill.

The devices utilising our home network consist of two ipads, one macbook, one laptop, one playstation 4, two cell phones and one roku. Of course not all at the same time.

Should I go the pfsense route or just get the ac68u?
 
Spartaniz said:
I actually considered grabbing the AC68U and flashing it with Merlin's firmware. Apparently, and that's what I've read, its cpu can push upto 50mbps through openvpn.

My dsl connection maxes out at around 15mbps, so Im not sure if the pfsense box would be overkill.

The devices utilising our home network consist of two ipads, one macbook, one laptop, one playstation 4, two cell phones and one roku. Of course not all at the same time.

Should I go the pfsense route or just get the ac68u?
Click to expand...

Depends on what you want to do - the Pfsense route is awesome because it gives you flexibility to do all sorts of cool things.
 
Spartaniz said:
I just need to find a case and a psu.

Any suggestions/recommendations?
Click to expand...
I've been using Esquires ATX Midi cases STK# CM-419 for my IPCop builds, just check that they're supplying what's shown on the website though as they didn't have back in March and offered an alternate instead (not as nice).
 
I run pfsense in a vm with 512MB Ram, and it's working beautifully. Concerning two nics - you can get away with using one, if you run your dsl modem in bridge mode. Lan will be the physical nic, and wan will be a pppoe connection.
 
I need to find a small INTEL (unless they support ARM now?) board with 2x nic's so I can run PFSense for home.

Lower power consumption / space would be great.
 
jsheed_sa said:
I need to find a small INTEL (unless they support ARM now?) board with 2x nic's so I can run PFSense for home.

Lower power consumption / space would be great.
Click to expand...

I checked if PFsense would work on a raspberry pi and it does not look like it will.

My first pfsense system was a Pentium 4 box with one 10/100 NIC, 1 GB NIC, 2GB ram and 300GB (overkill but did not have another harddrive) and PFsense worked until the P4 died. Now I have replaced it with a Dell i5 Optiplex 7010 with dual 1 GB NIC with 4 GB RAM (because this is the only available PC to use).
 
ActivateD said:
I checked if PFsense would work on a raspberry pi and it does not look like it will.

My first pfsense system was a Pentium 4 box with one 10/100 NIC, 1 GB NIC, 2GB ram and 300GB (overkill but did not have another harddrive) and PFsense worked until the P4 died. Now I have replaced it with a Dell i5 Optiplex 7010 with dual 1 GB NIC with 4 GB RAM (because this is the only available PC to use).
Click to expand...

Yeah it works so well it will outlast the hardware ;) I've run PFSense in production and i'm very happy with it. The only thing stopping me from using it for home is the lack of small form factor available.
 
jsheed_sa said:
Yeah it works so well it will outlast the hardware ;) I've run PFSense in production and i'm very happy with it. The only thing stopping me from using it for home is the lack of small form factor available.
Click to expand...
Intel NUC. HP Proliant Microserver. Build your own.
 
1234567 said:
Intel NUC. HP Proliant Microserver. Build your own.
Click to expand...

No point at that cost. May as well buy a Mikrotik for <R1000.

Nuc is probably minimum R4000 - same with a Microserver if you're purchasing an additional NIC.

VS small form intel boards you can get overseas for cheap. I may just order something in.
 
jsheed_sa said:
No point at that cost. May as well buy a Mikrotik for <R1000.

Nuc is probably minimum R4000 - same with a Microserver if you're purchasing an additional NIC.

VS small form intel boards you can get overseas for cheap. I may just order something in.
Click to expand...
Mikrotik is great.
 
So i'm in the process of setting up my vm box again and also setting up pfSense on a vm, 2 with nics (will connect it to a wug so i figure its worth isolating wan with modem in bridge mode). 1 question though is this..

I have a 2ndary ap (to test till i get a beefy one) which i want to run the wlan on but i wanted to go with hotspot like features.. i.e. captive portal for non registered devices. Anyone done this before? What i am curious about is what i need to configure on the ap device, i.e. besides turning off dhcp, do u turn off ssid security etc?
 
krycor said:
So i'm in the process of setting up my vm box again and also setting up pfSense on a vm, 2 with nics (will connect it to a wug so i figure its worth isolating wan with modem in bridge mode). 1 question though is this..

I have a 2ndary ap (to test till i get a beefy one) which i want to run the wlan on but i wanted to go with hotspot like features.. i.e. captive portal for non registered devices. Anyone done this before? What i am curious about is what i need to configure on the ap device, i.e. besides turning off dhcp, do u turn off ssid security etc?
Click to expand...

I've done captive portal on a GUEST network. Disabled security on the AP and then just generated vouchers for captive portal and gave those to the users. I did however isolate the GUEST network from the LAN.
 
jsheed_sa said:
I've done captive portal on a GUEST network. Disabled security on the AP and then just generated vouchers for captive portal and gave those to the users. I did however isolate the GUEST network from the LAN.
Click to expand...

Ah ok so u cna't have one ssid and then based on how the machine/user authenticates either push to a vlan or subnet with net access only or internal lan
 
I would highly recommend either:
Cheap: Intel D2500CCE (2x Intel Gigabit NIC)
Expensive: Atom C2550/C2558 (4x Intel Gigabit NIC), eg. Supermicro A1SAi-2550F (uses 12v directly so no need for PSU)

I've run both for PfSense and both worked wonderfully.
Both are passively cooled & low power.

Intel NICs are very important.
They have the best support and performance in FreeBSD (PFSense is FreeBSD underneath) in my experience.

On the whole PfSense vs Mikrotik: There is a big price gap but PfSense is definitely quite far ahead with what it offers. Once you go PfSense you don't easily go back to something less.
 
krycor said:
Ah ok so u cna't have one ssid and then based on how the machine/user authenticates either push to a vlan or subnet with net access only or internal lan
Click to expand...
You can actually:
- If you AP supports multiple SSIDs with VLANing OR
- You have multiple APs on different NICs OR
- You APs support VLAN and put them on a switch.

Have tested all the above with PfSense and it works very well.
Each VLAN appears as a separate NIC to PfSense, so it is really easy to configure.
 
I run a basic Pfsense set up at home with numerous PC's, tablets and devices with content filtering.

Works like a charm and just keeps running.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X