WARNING: NEWB QUESTION
-
Hello all. I am hoping to get a little advice on a setup for my home. I need to warn you all that I am FAR from a networking genius =)
Currently I have a V1.1 WRVS4400N that serves up my main wireless network. The SSID is hidden, and this is only used for my personal devices (phones, computers, tablets, home automation gear, etc…). I have two VLAN's setup. One goes to my "network" which consists of a couple large switches and all my home automation gear and hardwired PC's. The other VLAN is a single port that is connect to a Linksys WRT54g (awesome, I know). This serves up a "Guest Network" that friends and family can use to get online, but can't access all my fireshares and devices living on the network.
I have heard about PF Sense and some of it's capabilities, and have been toying around with copying a system I read about using a SuperMicro rackmount PC. I haven't had time to take on the project. What I have right now works for the most part, but it's messy and I don't have a VPN that I can use from my Android phone or tablets. I want to clean this whole thing up, do it right, and gain VPN access at the same time.
A friend turned me on to this box:http://store.netgate.com/-P218.aspx and I'm wondering if that will do what I need. Also wondering, how from that point I would gain the two wireless networks.
Thanks in advance for your help, and thanks for reading through this super long first post =)
Dan
-
Hi,
the netgate should do it. Not sure, if the Network cards support VLAN but you probably do not need VLANs.
One NIC is for WAN, one for your home network and the last one for your Wireless network.The CPU power ist not that much so it would be interesting how much bandwidth you have on WAN and if it is important for you to route high traffic between LAN and guest network ?
Configuring WAN and LAN should be no problem and I do not explain that.
The guest network - I would do it like this:
Connect a LAN port of the WRT54 to the guest-LAN port of pfsense. So the WRT54 is just like a switch/bridge and is not doing routing or something. So your guests will get the IP from pfsense DHCP server and the firewall rules on pfsense will work for them.Doing VPN (OpenVPN or IPsec) is possible with pfsense. Throughput depends on your needs and on your internet bandwidth.
But with this less CPU power you will be probably not able to use much more and CPU intensive packages like squid or something else.
Hope I could help you and welcom to the forum :)
-
Thanks for the response. The whole reason for the guest network is to PREVENT communication between all my devices and whatever a "guest" would connect to the network in order to gain online access.
I have a TON of high bandwidth traffic WITHIN the network, but that is all running through commercial grade Dell switch gear.
I need to think more on this and do a better job of getting my head around it. What I have right now works, aside from the VPN.
-
The Alix board in that Netgate will do VLANs but its CPU is quite limited. It will firewall/NAT about 85Mbps max. VPN around 10Mbps. (In fact like it says on the page you linked to! ::))
You can add wireless to the box itself if you need to using a cheap Atheros miniPCI card. Doing that you could probably run both wifi APs (one virtually) from the same card.
If you have nice dell managed switches already then use them for VLAN interfaces and use your current wifi routers as APs.Steve
-
The Alix board in that Netgate will do VLANs but its CPU is quite limited. It will firewall/NAT about 85Mbps max. VPN around 10Mbps. (In fact like it says on the page you linked to! ::))
You can add wireless to the box itself if you need to using a cheap Atheros miniPCI card. Doing that you could probably run both wifi APs (one virtually) from the same card.
If you have nice dell managed switches already then use them for VLAN interfaces and use your current wifi routers as APs.Steve
Thanks Steve. I guess I could use the Dell switches for the VLAN interfaces. I am a networking novice (to say the least) and so this is all a learning experience to me. I do pick things up quickly, but I am a long ways from having my head completely around the best way to do this.
-
You're here asking the right questions, you're already way ahead. :)
Steve
-
If I'm not mistaken, wouldn't he just be able to put each AP on a different VLAN, and just set up the routing to not permit the "guest" AP's VLAN access to the "main" VLAN (and if necessary, add a route for the "personal" AP's VLAN to the wired network)?
DISCLAIMER - I'm a pfSense newb myself, so my answer could be entirely incorrect :D
-
Yes, that's what I would do.
To minimise hardware and hence power consumption it may be possible to do something clever. If you are running OpenWRT/DD-WRT on the wrt54 (if not why not!) you can probably have a VAP running to support your guest wifi. Then you could route each wifi AP via VLANs in the wrt54 and send all the traffic via a vlan trunk to the pfSense box. One cable, two devices. Probably a nightmare to get right! ;)
Steve