• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Switchin from USG20-VPN to pFsense need Suggestions (please)

General pfSense Questions
suggestion configuration nat
2
3
480
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    DarkKnight 0
    last edited by Nov 20, 2023, 3:39 AM

    Okay I have a few question here, so i will stat out with a breif explanation.

    I have been using the Zytel UNIfied Gateway/VPN for about 8 years now. I started with the USG20, that Just died so I upgrade to the USG20-VPN and the thr USG60. The reason why I at look at pFsense is about a year and a half ago I upgrade to 1 GIG internet speed and found the USG20-VPN max thoughput was 350 ( UDP ?) I purchase the USG60 as it advertised it was 1 GB thoughput but that was rated at UDP specs real thoughput is about 400 to 600 (TCP).

    Okay test hardware ( this just the parts I had laying around for testing)

    Intel DG41RQ Intel G41 Socket 775 - motherboard
    Intel E2140 CPU (no AES-NA)
    2 x RealTek 81111D/8169D NIC
    4 GB DDR2 RAM
    500 GB SATA Hard Disk.

    What I have done is only replaced the Zytel USG20-VPN in my configuration. The USG60 is still new in the box as the licenses were just to steep to consider, this is a home network and not an enterprise network.

    Configuation

    AT&T fiber modem (bridge mode) -> re0 -> pFsense
    re1 -> NetGear R6220 -> switches (3) to all LAN Devices

    re0 = WAN
    re1 = LAN

    Package install
    pFsenseNG
    NUT - for UPS

    All inbound WAN Traffic block except the following
    OpenVPN -> R6220 VPN (with cert)
    Serviio Media Server -> R6220

    DHCP on pFsense has 1 static address -> LAN 192.168.x.x/24

    Firewall rules for LAN
    default rule to prevent lock-out
    default rule to Allow all LAN outbound

    pFsense WAN Rule NAT set to Port Forward to LAN 192.168.x.x/24
    1 port for Media Server
    1 port for OpenVPN

    Netgear R6220 WAN port connected to pFsense LAN
    Netgear R6220 LAN set to 192.168.0.x with DHCP and Static address
    Static Media Server, OpenVPN (2 - 10)
    Workstation (11-20)
    WiFi devices (21-30)
    Access Control set to filter by MAC Address
    Forwarding set to forward to Media Server and OpenVPN

    The NetGear R6220 is the main router for the LAN with is own DNS and DHCP server and the pFsense is my EDGE router for the WAN with is own DNS and DHCP server.

    I know that is allot and I know that I am double NAT;ng but it works well and has save me time in migrating the configuration to the pFsense box for test while keeping my network working.

    Now the the issues

    I know that the hardware I have needs to be replaced that is okay for now as this ia just a test of concept and is the hardware I has laying around.

    First issue is that my throughput is still 300 to 400 MBPS, been testing cables and NIC, could be the double NAT or the NetGear R6220 any suggetion here would help.

    Second can I leave it in the configuration ? I like the configuration and it allows me to manage my LAN from a central point and really never really have to touch pFsense for configuration just updates on DSNBL and blocks when needed. Suggestion ?

    I am also using the NetGear R6220 a my WiFi router for WiFi devices works well this way as I restrict WiFi access based on MAC and assigned/bound address, so no new devices can attach. Would like to keep this configuration if that is possible.

    Lastly, I have tested moving just the hard disk to another computer and it booted up, and it seemed to work without issue is that recommended ?

    In conclusion I will upgrade to an I7 NUC with 8GB and 2 x Intel I27HT GB NIC's (setting in box) as soon as I get the concept ironed out and the configuration standardized.

    Suggestions please

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Nov 20, 2023, 3:34 PM

      @DarkKnight-0 said in Switchin from USG20-VPN to pFsense need Suggestions (please):

      E2140

      I have no idea what sort of throughput that Netgear device might pass but I can say for sure that Core2 Pentium will not pass 1Gbps. Back when that was vaguely current I run an E4400 C2D and that just passed 1Gbps with Intel NICs. So a system with a 20% slower CPU and Realtek NICs will not.

      Steve

      D 1 Reply Last reply Nov 20, 2023, 7:30 PM Reply Quote 1
      • D
        DarkKnight 0 @stephenw10
        last edited by Nov 20, 2023, 7:30 PM

        @stephenw10

        I agree 100%. the E2140 will not.

        Just a little update there were several other issue other than the CPU.

        1. The Netgear R6220 under powered - disabled Traffic Meter and every thing else, but Access Control, DHCP, port forwarding and WIFI.
        2. The RealTek NIC;s conflict with drivers and version(s), just downloaded updated driver package and replaced drivers.

        After fixing those items I decided to pull the trigger and move this setup to the i7 NUC, just unplugged the hard disk and plugged it into the i7 NUC, ran the installer but select recover previous configuration from the menu, the followed the installation prompts.

        Everything came back configured except the NIC;s just reassigned and set the ip address and bang done.

        I am now hitting 1.1 GBPS on downloads and 940 MBPS on uploads. CPU utilization is between 2 - 5% on average and never peaks above 6%. Still using the Netgear but that is another can of woms I will tackle later (too much configuration) need to document and test the document that it is correct as I have allot of Home Smart Devices (i.e cameras, smart plugs, door bells, door locks, etc,,,,) they were a nightmare to setup and get working, do not want to repeat that.

        But thank you for replying, as I am I noob with pFsense I can offer little help but if you have question for me just ask I will try my best to answer

        DarkKnight

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.