Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A substitute for MIikrotik: Firewall, Router, PPPoE, FreeRADIUS, etc

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 4 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      osvaldotcf
      last edited by

      Hi.

      I would ask colleagues to put their experiences in using the pfSense on environment of "internet service provider": ISP and WISP.

      pfSense as a substitute for MIikrotik

      pfSense as a PPPoE concentrator with bandwidth control and configuration via freeradius.
      pfSense as a edge router
      pfSense as a edge firewall
      pfSense as primary DNS server
      pfSense as a central DHCP server

      etc

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        All of that is very widely done by ISPs with the exception of PPPoE. PPPoE is used quite a bit, but not nearly as widely as the rest. There are at least hundreds if not thousands of ISPs who use pfSense for edge router, edge firewall, DNS, DHCP, but only maybe a dozen I'm aware of that use PPPoE. Not saying it won't meet your needs, or has any kind of deficiencies at all, it's just not extremely widely used by ISPs on that part.

        1 Reply Last reply Reply Quote 0
        • O
          osvaldotcf
          last edited by

          Perhaps to WISPs, made ​​sense, separate the router from the firewall.

          In this case, perhaps the BSDRP could be an ideal choice.
          Perhaps in the same server FreeBSD through the Jail: one for pfSense and another for BSDRP.

          What do you think?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            We work with a lot of WISPs. Most combine their edge routing and firewalling in a single box as they don't have nearly the bandwidth to create a need for separating. If you have a very large WISP, then it can be sensible to split those roles, but nearly all WISPs are small by ISP standards where that isn't necessary. Maybe a couple thousand customers tops, a couple hundred Mb of total Internet connectivity at most. The majority come in well under that.

            You won't be able to run firewalls or routers in jails.

            1 Reply Last reply Reply Quote 0
            • L
              luke240778
              last edited by

              @cmb:

              We work with a lot of WISPs. Most combine their edge routing and firewalling in a single box as they don't have nearly the bandwidth to create a need for separating. If you have a very large WISP, then it can be sensible to split those roles, but nearly all WISPs are small by ISP standards where that isn't necessary. Maybe a couple thousand customers tops, a couple hundred Mb of total Internet connectivity at most. The majority come in well under that.

              You won't be able to run firewalls or routers in jails.

              cmb Interesting post.  I run a WiSP (small currently, but growing), i am using pfSense currently for everything except RADIUS for which i have a FreeRADIUS server.  I have a question, is PPPoE not good to use for a WiSP or are you saying that its not good to use pfSense as the PPPoE server?

              I am currently just authenticating users via captive portal and Radius sever, authentication their MAC or Username/Passwords.  I don't really know much about PPPoE but is this a better choice for Authentication that i should be using?  Is it faster? more secure?  thanks in advance..

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                @luke240778:

                I have a question, is PPPoE not good to use for a WiSP or are you saying that its not good to use pfSense as the PPPoE server?

                I'm not saying either or those actually. :) Wasn't expressing an opinion at all, just stating what ISP users typically have deployed, from working with a bunch of them that are customers, and what I've heard talking to others that are users.

                @luke240778:

                I am currently just authenticating users via captive portal and Radius sever, authentication their MAC or Username/Passwords.  I don't really know much about PPPoE but is this a better choice for Authentication that i should be using?  Is it faster? more secure?  thanks in advance..

                What you're doing is typical for WISPs and a fine practice. I wouldn't add PPPoE in that kind of setup, usually authentication is the biggest reason you want it, and as a WISP you can do that via CP easier and without the overhead and configuration hassle of PPPoE. It's additional overhead on every packet, so slightly slower vs. the non-encapsulated you have now, and otherwise has no functional difference for a WISP.

                1 Reply Last reply Reply Quote 0
                • N
                  Nachtfalke
                  last edited by

                  Not sure if it is possible with PPPoE and pfsense but with CaptivePortal and freeradius you are able to limit bandwidth, time and so on for every user.

                  1 Reply Last reply Reply Quote 0
                  • L
                    luke240778
                    last edited by

                    @Nachtfalke:

                    Not sure if it is possible with PPPoE and pfsense but with CaptivePortal and freeradius you are able to limit bandwidth, time and so on for every user.

                    Yes correct, i am currently doing that with FreeRADIUS.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.