PfSense for Home use? Necessary for my needs?
-
I wouldn't say that it's "no good", but there are some "gotchas" from pop up from time to time. If I had the money, I would go for something with a regular HD. It does have a mSATA SSD port. That does look like a nice little box.
Personally, I'm that kind of guy to build his own stuff.
I'm sure someone will give a better and more experienced response soon.
-
I wouldn't say that it's "no good", but there are some "gotchas" from pop up from time to time. If I had the money, I would go for something with a regular HD. It does have a mSATA SSD port. That does look like a nice little box.
Personally, I'm that kind of guy to build his own stuff.
I'm sure someone will give a better and more experienced response soon.
I'm actually the same way, I prefer to build my own stuff as well. But in this case I'm really looking to maximize my space. I already have a VM box and a big storage server. Prefer not to add another big box if I can still get the performance I need in a small package.
-
As long as you do not want to do proxy-cache or other packages that want to save loads of data to storage, the flash storage is fine. With that box you can have an SSD if you want anyway.
pfSense site-to-site OpenVPN works really easily and is solid. If secure site-to-site is the prime need, then that works great.
In contrast to Harvy66, I had enough messing about with wiring of DB25 and V35 plugs, crappy Emulex early-model disk drives and other hardware pain decades ago. These days I am very happy to buy a pre-assembled box with all the components known to work well together, and have my fun with the software :P
-
I'm a hobby user so I wanted something not too big, not too power hungry and not too expensive… you can't get all three though. My solution was a refurbished small form factor HP 7900 from NewEgg for about $100 and a couple nice Intel NICs for my WAN and LAN, keeping the internal port for testing stuff. I liked it well enough that I added an inexpensive SSD to eliminate the hard drive. Total into it is just over $200 and it is loafing along with under 10% CPU, near zero RAM and disk use even when I do a speed test on my 60 Mbps Cox Cable link.
The initial learning curve is very easy if you have a very basic understanding of networking, adding on to the basic operation isn't difficult as you can take one step at a time and recover from any changes with a simple restore of your last good configuration. Good help options on most of the config pages and great help here on the forums also make things easier.
-
pfSense does have a learning curve, but if you have previous networking experience, it should not be too bad. The GUI can sometimes be a hinderance to power users.
I run the nanobsd (the build used with embedded systems) build in my old Pentium 4 PC. It runs from a Compact Flash card using a CF-to-IDE adapter, so it acts like an HDD. The drop in heat and noise was surprising. It runs well except for some incompatability between the Compact Flash and my motherboard's DMA (I should have probably got an "industrial" CF card).
If you want better support, I would stay away from embedded/nanobsd simply because it is not the most commonly used build. I may be switching back to the standard build myself to keep potential problems to a minimum.
-
Thanks for the feedback everyone. I'm not too worried about the learning curve as I have plenty of networking experience and I work a little bit with Sophos UTM at work. Mainly I'm just concerned about getting the right hardware to get the most out of whatever software I run.
My #1 priority is the speed of my site-to-site VPN. Secondly i want it to be very SFF because I just don't have the space for a PC sized box (so at worst a mini-ITX build).
Will the Atom C2358 and 4GB of RAM suffice do you think or should I be looking more at a system with the C2558?
-
pfsense is actually really great for home use. It does a better job with most of the simi-advanced features that a home user would like. Has a much better state table than DD-WRT. There are lots of home users that want something that will allow alot of state tables for p2p etc, wants user friendly vpn (like openvpn) and likes to be able to set DHCP static addresses etc. Maybe set some timers for kids internet access or whatever. Its good for home.
-
pfSense for home use is brilliant. See the thread here: https://forum.pfsense.org/index.php?topic=73518.0;topicseen
Small box, uses 10W when running and laughs at my broadband (160/12).It manages 5 VPN clients and a number of inbound VPN connections with ease. Using OpenVPN connected to PIA in Netherlands I get 200+Mb/s download according to speedtest (due to compression - pointless number). During the tests though the CPU barely moves….
Learning curve? Not much. If you familiar with networking then it's simple.
-
Will the Atom C2358 and 4GB of RAM suffice do you think or should I be looking more at a system with the C2558?
That would be perfectly ok
-
@FarmerB3rd:
pfSense for home use is brilliant. See the thread here: https://forum.pfsense.org/index.php?topic=73518.0;topicseen
Small box, uses 10W when running and laughs at my broadband (160/12).It manages 5 VPN clients and a number of inbound VPN connections with ease. Using OpenVPN connected to PIA in Netherlands I get 200+Mb/s download according to speedtest (due to compression - pointless number). During the tests though the CPU barely moves….
Learning curve? Not much. If you familiar with networking then it's simple.
What CPU are you using with your setup?
-
It's on-board. No option. It's a Celeron
J1900 (2.0 GHz) quad-core processor. I have not been able to get it to really slow down. it is more than enough for my home use. 160/12Mb/s does not do much. With iPerf I get 450MB/s throughput on it IIRC. That might me more to do with the "crappy" NICs though. Ample for my needs….
-
@FarmerB3rd:
It's on-board. No option. It's a Celeron
J1900 (2.0 GHz) quad-core processor. I have not been able to get it to really slow down. it is more than enough for my home use. 160/12Mb/s does not do much. With iPerf I get 450MB/s throughput on it IIRC. That might me more to do with the "crappy" NICs though. Ample for my needs….
Nice, that's good to know. I've got 165/75 and really want to max out my site-to-site OpenVPN so I really don't want any limitations from my CPU.
-
The high end Rangeley and Avoton platforms are absolute beasts. The C2558/C2550 and C2758/C2750 are just insanely fast. Probably more than you will ever need. Even without quick assist the C2758 easily pushes 1000 mbps with firewall and NAT running, the C2558 should do the same. The AES-NI instruction set also removes most of the overhead usually associated with VPN encryption. Also, once pfSense gets quick assist support these platforms will get even faster. The C2358 might be just what you are looking for for home use. The C2550 is also an interesting option.
However the Rangeley and Avoton platforms are considered server class and are priced as such. But that also means you get really nice server grade NICs and depending on the motherboard you go with; the stability benefits of ECC RAM and/or enterprise grade out of band remote management on its own dedicated NIC.
These things are also small and use very little power. I just built a router out of:
A small external power supply.
A tiny MiniITX case.
A C2758 server board.
Probably too much ECC RAM.
The cheapest hard drive I could find.
And a little power adapter.I estimate this thing could compete with an ASA 5515 or maybe even a 5525, enterprise devices that go for $3000 and up.
-
The high end Rangeley and Avoton platforms are absolute beasts. The C2558/C2550 and C2758/C2750 are just insanely fast. Probably more than you will ever need. Even without quick assist they the C2758 easily pushes 1000 mbps with firewall and NAT running, the C2558 should do the same. The AES-NI instruction set also removes most of the overhead usually associated with VPN encryption. Also, once pfSense gets quick assist support these platforms will get even faster. The C2358 might be just what you are looking for for home use. The C2550 is also an interesting option.
However the Rangeley and Avoton platforms are considered server class and are priced as such. But that also means you get really nice server grade NICs and depending on the motherboard you go with; the stability benefits of ECC RAM and/or enterprise grade out of band remote management on its own dedicated NIC.
These things are also small and use very little power. I just built a router out of:
A small external power supply.
A tiny MiniITX case.
A C2758 server board.
Probably too much ECC RAM.
The cheapest hard drive I could find.
And a little power adapter.I estimate this thing could compete with an ASA 5515 or maybe even a 5525, enterprise devices that go for $3000 and up.
Nice build. I'd probably go with the 2558 because it would be plenty for my needs.
However this board looks SWEET with the 6 of the 7 NICs operating in bypass mode. If I was gonna go all out I'd go for this one :D.
http://www.servethehome.com/Server-detail/supermicro-a1srm-ln7f-2758-review-awesome/
P.S. Quick question about that case. Is there a dedicated PSU port so you can easily mount that little power supply to so that plugging and unplugging the power adapter is easy?
-
Yes the case has a little hole that perfectly fits the external end of the power adapter. You end up just plugging the power cord into the back of the case as if it was a laptop. It's the little silver plug just below the antenna in this picture.
-
Yes the case has a little hole that perfectly fits the external end of the power adapter. You end up just plugging the power cord into the back of the case as if it was a laptop. It's the little silver plug just below the antenna in this picture.
Sweet, thanks for that. I just wish I could find a mini-ITX board with the C2358 in it. Looks like I'm stuck going with the C2558 even though it should be way more than I need for my home needs. I just need a CPU that can handle a 75Mbps site-to-site OpenVPN connection and some intrusion protection.
-
I've been using DD-WRT routers in my home for the past 5-6 years without any issues. I have two sites (one of which hosts a media server that is heavily accessed by 5-10 users consistently) and the other site (which is connected with a site-to-site OpenVPN connection) houses a server that backups all my media from Site A (UnRAID server via rsync).
Site A is running a Linksys E4200 and Site B is running a Netgear R7000. As you can probably surmise, the CPU on the E4200 is severely limiting the speed of my site-to-site VPN connection. I'm only getting about 10Mbps when the actual connection speed is 75Mbps. So I'm considering buying another R7000 to replace the E4200. I'm hoping the two combined will be able to give me at least 50Mbps on the OpenVPN connection even if I have to OC them a little bit.
My question is mainly this. For someone who has never worked with pfSense before (I'm mainly a Windows and Cisco guy), how big is the learning curve (don't want to spend weeks configuring a new router because I can't really afford the downtime) and is it worth it to go with a solution like pfSense for home needs like my own (Vmware, Plex, Storage server, backups over VPN, etc.)?
Any insight would be greatly appreciated. Thanks.
EDIT: Assuming pfSense is this (http://store.netgate.com/ADI/RCC-VE-2440.aspx) a good option for me, would something like this serve my needs? (75Mbps VPN connection).
EDIT #2: What is the least powerful CPU I can get away with that will handle a 75Mbps site-to-site OpenVPN connection without a hitch? Will the C2358 do the job?
I think ALIX APU4 can do what you want, the CPU has hardware AES encryption support, according to security router you should be able to achieve about 95Mbps SSL VPN throughput with AES encryption.
-
I think ALIX APU4 can do what you want, the CPU has hardware AES encryption support, according to security router you should be able to achieve about 95Mbps SSL VPN throughput with AES encryption.
Is this a Typo, I was thought that this is an "AMD G series T40E"
based system without AES-NI and/or Intel QA? -
Use the opportunity to upgrade your PC. With all the parts you pulled out of your desktop, you could build a solid router.
-
I'm using an Atom D2500 with 4gb ram and it is plenty.