PfSense for Home use? Necessary for my needs?
-
pfSense for home use is brilliant. See the thread here: https://forum.pfsense.org/index.php?topic=73518.0;topicseen
Small box, uses 10W when running and laughs at my broadband (160/12).It manages 5 VPN clients and a number of inbound VPN connections with ease. Using OpenVPN connected to PIA in Netherlands I get 200+Mb/s download according to speedtest (due to compression - pointless number). During the tests though the CPU barely moves….
Learning curve? Not much. If you familiar with networking then it's simple.
-
Will the Atom C2358 and 4GB of RAM suffice do you think or should I be looking more at a system with the C2558?
That would be perfectly ok
-
@FarmerB3rd:
pfSense for home use is brilliant. See the thread here: https://forum.pfsense.org/index.php?topic=73518.0;topicseen
Small box, uses 10W when running and laughs at my broadband (160/12).It manages 5 VPN clients and a number of inbound VPN connections with ease. Using OpenVPN connected to PIA in Netherlands I get 200+Mb/s download according to speedtest (due to compression - pointless number). During the tests though the CPU barely moves….
Learning curve? Not much. If you familiar with networking then it's simple.
What CPU are you using with your setup?
-
It's on-board. No option. It's a Celeron
J1900 (2.0 GHz) quad-core processor. I have not been able to get it to really slow down. it is more than enough for my home use. 160/12Mb/s does not do much. With iPerf I get 450MB/s throughput on it IIRC. That might me more to do with the "crappy" NICs though. Ample for my needs…. -
@FarmerB3rd:
It's on-board. No option. It's a Celeron
J1900 (2.0 GHz) quad-core processor. I have not been able to get it to really slow down. it is more than enough for my home use. 160/12Mb/s does not do much. With iPerf I get 450MB/s throughput on it IIRC. That might me more to do with the "crappy" NICs though. Ample for my needs….Nice, that's good to know. I've got 165/75 and really want to max out my site-to-site OpenVPN so I really don't want any limitations from my CPU.
-
The high end Rangeley and Avoton platforms are absolute beasts. The C2558/C2550 and C2758/C2750 are just insanely fast. Probably more than you will ever need. Even without quick assist the C2758 easily pushes 1000 mbps with firewall and NAT running, the C2558 should do the same. The AES-NI instruction set also removes most of the overhead usually associated with VPN encryption. Also, once pfSense gets quick assist support these platforms will get even faster. The C2358 might be just what you are looking for for home use. The C2550 is also an interesting option.
However the Rangeley and Avoton platforms are considered server class and are priced as such. But that also means you get really nice server grade NICs and depending on the motherboard you go with; the stability benefits of ECC RAM and/or enterprise grade out of band remote management on its own dedicated NIC.
These things are also small and use very little power. I just built a router out of:
A small external power supply.
A tiny MiniITX case.
A C2758 server board.
Probably too much ECC RAM.
The cheapest hard drive I could find.
And a little power adapter.I estimate this thing could compete with an ASA 5515 or maybe even a 5525, enterprise devices that go for $3000 and up.
-
The high end Rangeley and Avoton platforms are absolute beasts. The C2558/C2550 and C2758/C2750 are just insanely fast. Probably more than you will ever need. Even without quick assist they the C2758 easily pushes 1000 mbps with firewall and NAT running, the C2558 should do the same. The AES-NI instruction set also removes most of the overhead usually associated with VPN encryption. Also, once pfSense gets quick assist support these platforms will get even faster. The C2358 might be just what you are looking for for home use. The C2550 is also an interesting option.
However the Rangeley and Avoton platforms are considered server class and are priced as such. But that also means you get really nice server grade NICs and depending on the motherboard you go with; the stability benefits of ECC RAM and/or enterprise grade out of band remote management on its own dedicated NIC.
These things are also small and use very little power. I just built a router out of:
A small external power supply.
A tiny MiniITX case.
A C2758 server board.
Probably too much ECC RAM.
The cheapest hard drive I could find.
And a little power adapter.I estimate this thing could compete with an ASA 5515 or maybe even a 5525, enterprise devices that go for $3000 and up.
Nice build. I'd probably go with the 2558 because it would be plenty for my needs.
However this board looks SWEET with the 6 of the 7 NICs operating in bypass mode. If I was gonna go all out I'd go for this one :D.
http://www.servethehome.com/Server-detail/supermicro-a1srm-ln7f-2758-review-awesome/
P.S. Quick question about that case. Is there a dedicated PSU port so you can easily mount that little power supply to so that plugging and unplugging the power adapter is easy?
-
Yes the case has a little hole that perfectly fits the external end of the power adapter. You end up just plugging the power cord into the back of the case as if it was a laptop. It's the little silver plug just below the antenna in this picture.
-
Yes the case has a little hole that perfectly fits the external end of the power adapter. You end up just plugging the power cord into the back of the case as if it was a laptop. It's the little silver plug just below the antenna in this picture.
Sweet, thanks for that. I just wish I could find a mini-ITX board with the C2358 in it. Looks like I'm stuck going with the C2558 even though it should be way more than I need for my home needs. I just need a CPU that can handle a 75Mbps site-to-site OpenVPN connection and some intrusion protection.
-
I've been using DD-WRT routers in my home for the past 5-6 years without any issues. I have two sites (one of which hosts a media server that is heavily accessed by 5-10 users consistently) and the other site (which is connected with a site-to-site OpenVPN connection) houses a server that backups all my media from Site A (UnRAID server via rsync).
Site A is running a Linksys E4200 and Site B is running a Netgear R7000. As you can probably surmise, the CPU on the E4200 is severely limiting the speed of my site-to-site VPN connection. I'm only getting about 10Mbps when the actual connection speed is 75Mbps. So I'm considering buying another R7000 to replace the E4200. I'm hoping the two combined will be able to give me at least 50Mbps on the OpenVPN connection even if I have to OC them a little bit.
My question is mainly this. For someone who has never worked with pfSense before (I'm mainly a Windows and Cisco guy), how big is the learning curve (don't want to spend weeks configuring a new router because I can't really afford the downtime) and is it worth it to go with a solution like pfSense for home needs like my own (Vmware, Plex, Storage server, backups over VPN, etc.)?
Any insight would be greatly appreciated. Thanks.
EDIT: Assuming pfSense is this (http://store.netgate.com/ADI/RCC-VE-2440.aspx) a good option for me, would something like this serve my needs? (75Mbps VPN connection).
EDIT #2: What is the least powerful CPU I can get away with that will handle a 75Mbps site-to-site OpenVPN connection without a hitch? Will the C2358 do the job?
I think ALIX APU4 can do what you want, the CPU has hardware AES encryption support, according to security router you should be able to achieve about 95Mbps SSL VPN throughput with AES encryption.
-
I think ALIX APU4 can do what you want, the CPU has hardware AES encryption support, according to security router you should be able to achieve about 95Mbps SSL VPN throughput with AES encryption.
Is this a Typo, I was thought that this is an "AMD G series T40E"
based system without AES-NI and/or Intel QA? -
Use the opportunity to upgrade your PC. With all the parts you pulled out of your desktop, you could build a solid router.
-
I'm using an Atom D2500 with 4gb ram and it is plenty.
-
Use the opportunity to upgrade your PC. With all the parts you pulled out of your desktop, you could build a solid router.
Huh? Not s who or what post this is in response to.
I'm using an Atom D2500 with 4gb ram and it is plenty.
Are you using OpenVPN? What are your connection speeds?
-
You mention you have vmware. Why not run pfsense as a virtual?
I'm also a windows and cisco guy, and I find pfsense fairly easy to use. If you've used Cisco's ASAs, pfsense takes a bit to get used to.
The biggest frustration with pfsense is the lack of documentation.
-
You mention you have vmware. Why not run pfsense as a virtual?
I'm also a windows and cisco guy, and I find pfsense fairly easy to use. If you've used Cisco's ASAs, pfsense takes a bit to get used to.
The biggest frustration with pfsense is the lack of documentation.
I'm considering running it as a VM but I have some reservations about it. First off my VM box runs my media server which is used very heavily by many users and I'm not sure how well it will work in conjunction with a router/firewall on the same box. Also, I like the idea that I can do maintenence on my VM box without taking down the Internet.
As for the lack of documentation, I'm noticing that. Hopefully I will be able to pickup the basics quickly so I can at least get my network running while I learn the more advanced features.
-
Hopefully I will be able to pickup the basics quickly so I can at least
get my network running while I learn the more advanced features.There is also a book out about pfSense and another one will be released soon
if this would be interesting for you, to get faster skills. -
I came to pfSense from a very Cisco focused background. I work with ASA firewalls, catalyst switches, and IOS routers every day. I found pfSense to be rather easy to learn. At the end of the day a network is a network and they all work the same way.
-
@BlueKobold:
Hopefully I will be able to pickup the basics quickly so I can at least
get my network running while I learn the more advanced features.There is also a book out about pfSense and another one will be released soon
if this would be interesting for you, to get faster skills.Lol, that new book has been going to be released "soon" for over a year now.
-
I came to pfSense from a very Cisco focused background. I work with ASA firewalls, catalyst switches, and IOS routers every day. I found pfSense to be rather easy to learn. At the end of the day a network is a network and they all work the same way.
Well, yes, it is easy to to learn, but the ASA and pfsense seem (to me at least) to require different mindsets when figuring out how to get to where you want to go.
But you are right, at the end of the day, it is all just wrangling bits.