Hardware recommendations ATT 1gig up and down
-
haven't really understood what quad NICs give you over a basic unmanaged switch
Run discrete, separate subnets. Although you can mimic this with a VLAN-capable switch. To me, and only to me, discrete subnets easier to visualize than try to keep VLAN configs all in my head. I like things simple and stupid.
Ok. When you use small words like that, it helps dufus like me understand. Thank you.
Since they are separate subnets, then I imagine devices in different subnets cannot and should not be able to talk to each other. For my home network, I have the following devices :
-
Main FreeNAS
-
Backup FreeNAS
-
1 Tablet
-
2 Phones
-
1 desktop
-
2 Laptops - work & personal
-
1 network enabled TV
So I don't see the need to separate them into different subnets as I use my laptops/tablet to sometimes check up on my FreeNAS boxes. The TV is the only thing I can choose to put in a different subnet so it can't be hacked into and access my main network. I might set up a DMZ in the future when I have learnt more about networking to host a webserver. I can set it up via a VLAN then.
I will just go buy a Dual NIC for my new pfSense build and will shutup now and stop hijacking this thread.
Thank you again.
-
-
Inxsible, we’re both in similar boats, so I know I don’t mind your questions.
I have a Shield, two other Kodi boxes, Fire Tv, pc, and two nas’ I could put onto a network with vpn. Some don’t need to talk to each other, some I will want to. Some strictly internal, some possible external down the road.
I’m trying to leave room to grow as well be able to max my throughout as much as I can without having to go crazy cost wise.
Running the PIA apps for vpn on the devices significantly reduces my throughput. I want to offload that to pfsense to get better speeds. My pc will run near the gigabit speeds with PIA turned off. Turn it on, and I’m down to 300 (best ever), but usually between 150 and 30. That’s too much for my liking.
-
Inxsible, we’re both in similar boats, so I know I don’t mind your questions.
I have a Shield, two other Kodi boxes, Fire Tv, pc, and two nas’ I could put onto a network with vpn. Some don’t need to talk to each other, some I will want to. Some strictly internal, some possible external down the road.
I’m trying to leave room to grow as well be able to max my throughout as much as I can without having to go crazy cost wise.
Makes sense. If I buy used, the difference between dual and quad is not huge – about $5-$10 on ebay. I just wanted to understand what quad NICs would provide over dual.
Running the PIA apps for vpn on the devices significantly reduces my throughput. I want to offload that to pfsense to get better speeds. My pc will run near the gigabit speeds with PIA turned off. Turn it on, and I’m down to 300 (best ever), but usually between 150 and 30. That’s too much for my liking.
Then you would surely need a better CPU than what you currently have in your pc.
I intend to go with a J3355B since my internet speed is only 50Mbps down. Gigabit is currently too expensive for me given my usage.
-
I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.
-
I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.
I run my VPN client in pfSense as well and route everything except my work laptop through it. I know you said it works fine on your iPad, but have you tried a different server for PIA?
I had issues with 3 servers with my VPN provider before I settled on the 4th one. And the weird thing is that the 3 that were flaky were in the same city that I am in and the one that I am now using and has been stable ever since is 800 miles away.
-
I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.
I run my VPN client in pfSense as well and route everything except my work laptop through it. I know you said it works fine on your iPad, but have you tried a different server for PIA?
I had issues with 3 servers with my VPN provider before I settled on the 4th one. And the weird thing is that the 3 that were flaky were in the same city that I am in and the one that I am now using and has been stable ever since is 800 miles away.
I’ve tried multiple servers. I switch if I’m not seeing good speeds, hoping to find one. I find the Midwest to be the best for me most of the time. Every once in awhile I’ll need to move to the New York server.
-
I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.
I run my VPN client in pfSense as well and route everything except my work laptop through it. I know you said it works fine on your iPad, but have you tried a different server for PIA?
I had issues with 3 servers with my VPN provider before I settled on the 4th one. And the weird thing is that the 3 that were flaky were in the same city that I am in and the one that I am now using and has been stable ever since is 800 miles away.
I’ve tried multiple servers. I switch if I’m not seeing good speeds, hoping to find one. I find the Midwest to be the best for me most of the time. Every once in awhile I’ll need to move to the New York server.
One thing with using VPN in pfSense instead of using a client on the PC itself is that it's not as easy to quickly change servers. You also cannot change servers for just one device/PC, unless you have already created multiple VPN interfaces in pfSense and route every device through a different interface.
So, if you are using VPN only to hide data from your ISP, it shouldn't be a problem. But if you are using it to avoid geo-location then it might be a pain to constantly switch VPN servers. Also, as you may have noticed many websites/apps don't work behind a VPN.
I recently noticed that TurboTax and TaxAct don't work if I am routing my desktop through the VPN interface. I have to go directly through my ISP. Same with Amazon app on the phone. The Amazon website works, but the phone app only shows me pictures of dogs and tells me "something went wrong"
I am starting to think getting VPN is now more of a hassle especially when my wife starts complaining about not being able to shop on Amazon app while on wifi.
-
I’ve got a fx8320e. It should be enough. I just think the app isn’t that great for the pc nor android. I mean, it works, but the speed hits I take are horrible. Now it could be ATT not liking the vpn, but on my iPad, I max the WiFi at 350-400 with PIA turned off, always over 200 when it’s turned on. So that version works fine.
I run my VPN client in pfSense as well and route everything except my work laptop through it. I know you said it works fine on your iPad, but have you tried a different server for PIA?
I had issues with 3 servers with my VPN provider before I settled on the 4th one. And the weird thing is that the 3 that were flaky were in the same city that I am in and the one that I am now using and has been stable ever since is 800 miles away.
I’ve tried multiple servers. I switch if I’m not seeing good speeds, hoping to find one. I find the Midwest to be the best for me most of the time. Every once in awhile I’ll need to move to the New York server.
One thing with using VPN in pfSense instead of using a client on the PC itself is that it's not as easy to quickly change servers. You also cannot change servers for just one device/PC, unless you have already created multiple VPN interfaces in pfSense and route every device through a different interface.
So, if you are using VPN only to hide data from your ISP, it shouldn't be a problem. But if you are using it to avoid geo-location then it might be a pain to constantly switch VPN servers. Also, as you may have noticed many websites/apps don't work behind a VPN.
I recently noticed that TurboTax and TaxAct don't work if I am routing my desktop through the VPN interface. I have to go directly through my ISP. Same with Amazon app on the phone. The Amazon website works, but the phone app only shows me pictures of dogs and tells me "something went wrong"
I am starting to think getting VPN is now more of a hassle especially when my wife starts complaining about not being able to shop on Amazon app while on wifi.
See, my wife is why I’m only going to do wired connections to the box. The WiFi stuff can go on as they have been. I won’t have to hear about things not loading or working.
If I need my pc to use a non-vpn connection, I’ll just switch cables to the ATT gateway.
-
See, my wife is why I’m only going to do wired connections to the box. The WiFi stuff can go on as they have been. I won’t have to hear about things not loading or working.
If I need my pc to use a non-vpn connection, I’ll just switch cables to the ATT gateway.
That's smart. You could also create an alias and add or remove your PC from that alias depending on whether that alias is being routed via the VPN gateway or the ISP gateway.
For eg. I have an alias for my work laptop so that it goes out the ISP. When I needed to do my taxes, I just put my desktop in the same alias until I was done with the taxes and then removed it from the alias again.
-
Well the pc I was looking at acquiring is not available to me any longer. I’ll keep an eye out for something cheap but functional that’ll support AES-NI.
I have an old Compaq with a Core 2 Duo E8600 in it I’m going to start with once the NIC gets here. It’ll give me a chance to play with and learn Pfsense while hunting a pc or parts.
It’ll have 8gb ram and I’ll use that 16gb ssd as the hd. It should be enough for me to familiarize myself a bit with Pfsense.
-
Well the pc I was looking at acquiring is not available to me any longer. I’ll keep an eye out for something cheap but functional that’ll support AES-NI.
I have an old Compaq with a Core 2 Duo E8600 in it I’m going to start with once the NIC gets here. It’ll give me a chance to play with and learn Pfsense while hunting a pc or parts.
It’ll have 8gb ram and I’ll use that 16gb ssd as the hd. It should be enough for me to familiarize myself a bit with Pfsense.
Keep us posted.
I got myself a i340-T4 as well for the same price as that of T2 (at least when I was looking). Now I have my RAM and motherboard (AsRock J3355B) on order.
-
Well the pc I was looking at acquiring is not available to me any longer. I’ll keep an eye out for something cheap but functional that’ll support AES-NI.
I have an old Compaq with a Core 2 Duo E8600 in it I’m going to start with once the NIC gets here. It’ll give me a chance to play with and learn Pfsense while hunting a pc or parts.
It’ll have 8gb ram and I’ll use that 16gb ssd as the hd. It should be enough for me to familiarize myself a bit with Pfsense.
Keep us posted.
I got myself a i340-T4 as well for the same price as that of T2 (at least when I was looking). Now I have my RAM and motherboard (AsRock J3355B) on order.
Glad you found a t4 for the same price. Makes it easy on which to buy. My nic should be here Saturday so I hope to start this weekend.
-
This is not going as I’d hoped.
The old pic I was going to use to toy with doesn’t have a slot to accommodate the i390-t4. So I decided to use my main pc (amd fx8320e) and just disconnect all the hard drives and use an usb drive to just try out pfsense.
Install went fine. But I can not connect to the web GUI no matter what. Tried from two other computers. Tried reinstalling pfsense from scratch - twice. Tried with leaving the wan cable unplugged when installing. No luck. I can’t even ping the pfsense machine.
I’m lost and confused. Time for a break and see if I can find where I making a mistake.
Good luck inxisble. I hope your build goes well.
-
This is not going as I’d hoped.
The old pic I was going to use to toy with doesn’t have a slot to accommodate the i390-t4. So I decided to use my main pc (amd fx8320e) and just disconnect all the hard drives and use an usb drive to just try out pfsense.
Install went fine. But I can not connect to the web GUI no matter what. Tried from two other computers. Tried reinstalling pfsense from scratch - twice. Tried with leaving the wan cable unplugged when installing. No luck. I can’t even ping the pfsense machine.
I’m lost and confused. Time for a break and see if I can find where I making a mistake.
Good luck inxisble. I hope your build goes well.
Not great luck here either.
Got the J3355B board and RAM… tested well. No errors in memtest+. But once I connect the NIC and restart, I get the AsRock splash screen and then the motherboard shuts down. I might have to RMA the NIC back to Ebay :(
-
Update
Found an old hard drive and used that, coupled with a single port intel nic I got off eBay. Finally got it up and running to play with. The computer has an e7600 core2duo in it.
I did manage to snag a Compaq 6200 pro mt w i5-2400 in it relatively waiting for it to come in.
Next problem is when using the old pc, my speed when connected to Pia are way lower than expected.
Laptop through pfsense gets 400/400 off my gigabit line. Once I turn on PIA, it drops to 50-90/90, down/up.
Changing the port to dmz+ on the 5268ac did nothing to change the speeds. I made sure to reboot the router and pfsense computer.
Hoping it’s an issue with the e7600 not using aes-ni. The onboard nic in the pc is supposed to be intel. New pc is supposed to come in tomorrow. Should have it up and running in an hour if it does.
Here’s hoping for better luck.
Better luck to you to Inxsible
-
What throughput are you expecting to see over OpenVPN?
400Mbps is fast for OpenVPN using a single connection. Also many providers will not reach that speed, though I believe I've seen reports PIA will.
Steve
-
The 400 was with openvpn not setup yet. I was just testing connectivity.
New pc came in yesterday. I can’t get the i340-t4 to work. But I got it all running with the single port nic I picked up.
900+ up and down just testing connectivity. Once OpenVpn was setup for PIA, I got 300-400 down, 250-300 up. That’s with pfsense not set on my 5268ac to DMZ+ To completely bypass the gateway.
That’s faster than I’ve ever been able to get at night with any device in my house for PIA. I’m quite happy with that. I realize I could probably get faster using the DMZ+ function to completely remove my 5268ac gateway from the equation, but I want to make sure I don’t leave the other things using the gateway exposed to the web.
Next, I wouldn’t mind figuring out how to add wireless internet access through pfsense now. The pc doesn’t have any wireless adapter that I setup pfsense on. Reading up on if it’s possible and what would be required to make it work.
-
It's almost always better to use an external access point of some sort. You can usually position it better and you can get whatever the latest greatest wifi technology is. With a wifi device in pfSense you can only use 802.11N.
Steve
-
Thanks Steve.
Is there one that’s recommended?
I have a Netgear R7000 I could try to use if that would work. Never could get it setup the way I wanted. That’s running did-wrt. I can put the firmware to stock too.
-
I have a Netgear R7000 I could try to use if that would work.
Why wouldn't it work? what's wrong with it?
Never could get it setup the way I wanted.
Which is?
If this R7000 has a WAN port, the easiest way to set it up is in bridge mode (no NAT) and simplest to integrated into a LAN with a dedicated FW.
Buy I agree with him, have your WIFI in a separate box because your FW will tend to be in a corner closet, while the WIFI antenna most likely needs to be centrally located, in between other advantages as already mentioned.