pfSense on dual cpu server (Dell Poweredge)

az

Yeah, I've seen the power specs. But my cost isn't too high here and I'm on 100% renewable so I don't feel so bad.
Definitely plan on running a vpn (Kind of looking at alternatives to OpenVPN since it can't utilize multiple cores) and I have a new gigabit fiber connection coming so I'm looking to push that. Going to have several VLANs to control my IoT and prevent "smart" devices from calling home, disable as much Windows as tracking as possible for my roommate, etc...
I'm hoping to run some security cameras through as well but 'm always open to suggestions for more stuff to play with!

AZ

stephenw10

What CPUs will it actually have?

I would be tempted to run virtualised on there to make better use of the hardware.

Not at all jealous of your 1Gbps connection.

Steve

az

Getting my own fiber splices and everything (not to rub it in or anything). It's got 2 XEON E5645 (hexa-core 2.4 Ghz). What does running virtualized get me?

provels

@az FWIW, I'd advise that I have run the latest 2.3 pSense on a 1GHz VIA chip with 1GB memory and a 4GB SSD up to 100Mbps speeds (the capability of the NICs), and run it virtualized on a 10-year old quad core Intel box with GB NICs at 300Mbps (max of my ISP). Nothing wrong with hobby boxes, but to run something like this with pfSense only 24/7 would be a waste. And, Lord, the NOISE! If me, maybe, I'd load it up for with Nas4Free for virtualization and storage and run pfSense in VirtualBox there.

Grimson

@provels said in pfSense on dual cpu server (Dell Poweredge):

I'd advise that I have run the latest 2.3 pSense

You know that 2.3 is EOL for quite some time now and has multiple security issues.

run pfSense in VirtualBox there.

Urgh, don't do that for production. Use Proxmox or ESXi, VirtualBox is only useful for testing.

stephenw10

@az said in pfSense on dual cpu server (Dell Poweredge):

Getting my own fiber splices and everything (not to rub it in or anything)

Arggh it stings!

Unless you're running your own VPN concentrator or something that box will be 95% idle almost all the time. If you run virtualised you can use that processing power for something else with other VMs running along side pfSense.

If you are really looking for maximum OpenVPN throughput you are better off with a CPU that offers the best single thread performance you can get. As you said OpenVPN is single threaded. One way of increasing it is to run multiple OpenVPN connections and load balance them.

Steve

provels

@Grimson Yes, I run 2.4.4_2 in VM. The 2.3.5_2 is just there for backup (also an 800 MHz Via backing that up...)
What's "Production" for a hobby user? :)

Grimson

@provels said in pfSense on dual cpu server (Dell Poweredge):

What's "Production" for a hobby user? :)

Your main gateway to the Internet.

az

Here's a question then: I know this strays a little bit away from pfSense but I'm also looking at some supermicro servers to run FreeNAS on. Would it maybe be a decent idea to run both on the same machine as VMs considering I'm running in a very small home environment?

Grimson

@az said in pfSense on dual cpu server (Dell Poweredge):

Here's a question then: I know this strays a little bit away from pfSense but I'm also looking at some supermicro servers to run FreeNAS on. Would it maybe be a decent idea to run both on the same machine as VMs considering I'm running in a very small home environment?

Yes, that is a pretty common use case.

provels

@Grimson Good enough to learn concepts on, though, I think. But, yes, ESXi would be better and also free (and likely better hardware support). At any rate, OP is still total overkill.

az

I've just discovered an 8700k I have sitting around as well so I may use that and build a cheap machine out of spare parts and used stuff from Ebay for my router but I'm still really interested in this conversation.

Grimson

@provels said in pfSense on dual cpu server (Dell Poweredge):

@Grimson Good enough to learn concepts on, though, I think.

For that you setup a virtual LAB environment, even in VirtualBox if you insist on it. For security reasons you don't use your main firewall/gateway for experimenting, or you will be demoted from hobby user to home user.

az

This has been an awesome first experience with forums. Just wanted to thank all of you for an awesome introduction into the community.