New guy questions



  • I'm a DD-WRT guy throwing myself into self taught network security.  I run only a home network with about 25 devices and run OpenVPN and Privoxy Ad Blocker, and DDNS on my current routers (WRT1900ACS or R7000 depending on my mood).

    Just learned about pfSense and interested in taking the plunge.  Trying to decide whether to build a box or buy the SG-2220.

    I have a couple questions:

    Without buying the Wi-Fi on the SG-2220 can I hook another router to the lan port and use it as an access point only for wifi?

    Can I hook a switch up and use a couple of appliances (Time Capsule for mac backups, Apple TV, Mac Mini) directly to the switch?

    And can I then hang that wifi router off the same switch.

    I think the answer to all this is yes but want to make sure.

    Also if anyone has any recommendations on getting started I'm all ears and will take any advice I can get.

    Thanks….....

    John in North Carolina



  • You are correct, the answers to your questions are yes.  You could plug the pfSense LAN port into the switch and hang the rest of your network, including the other router, off the switch.

    https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense

    If you want all your wireless clients in the same subnet as your LAN it's pretty straightforward.

    If you want a separate guest wireless network it gets a little more complicated and you'll probably need a VLAN capable switch, possibly a second wireless AP.  It may be possible with DD-WRT to create another wireless network on your router and use VLANs to connect it a pfSense OPT interface for a guest network, but I haven't done so.



  • Thanks for the answers.  I just pulled the trigger on the SG-2220 and will pick a switch up on Amazon.  Expect to see plenty more of me around here while I'm figuring this out.



  • I have a couple more questions but probably first should explain my network plan

    Simple home network with pfSense SG-2000 WAN side is 200 MBPS cable modem.  LAN side is to a managed 8 port Netgear switch.  I will have 3 LAN devices and a bridged router acting a Wi-Fi AP.  I think I can figure this out on my own. I do want to have a guest network.  I have routers all over as I have a home router fetish so I could just set up a 2nd AP if I had to for ease.  I'd prefer to do this with one.

    I absolutely positively need OpenVPN which I think seems pretty easy to setup.  I need access on the road to my home network.  Also I want to be able to route all traffic through the VPN from the client computer.  I haven't seen much discussion on this but I'm currently doing this on my home router so I think I know how to do this as well.  (Unless pfSense does it differently).

    Also I want to Adblock from pfSense.  What is the best way to go about this with the understanding that I'm not a network whiz bang guru but I can figure most things out (the hard way).

    Is pfBlocker adequate or should I go some other route.

    Currently on my DDWRT router I'm running Privoxy and I find it adequate and configurable.  So anything comparable or better will work.


  • LAYER 8 Global Moderator

    As to running multiple ssid with different vlans.  While this might be possible with something like openwrt or dd-wrt on your old router yours going to use as just AP.  If I recall the vlan support on these devices were dependent on the chipset and not all of the routers that run wrt support the vlans.

    If you really want to run vlans for your wifi I would suggest you go with real AP with this support, the unifi stuff is quite home budget friendly and support up to 4 different ssids per radio and very easy to setup for vlans on your different ssids.  The new AC lite model is only $89 while the pro model is only $149..  I have 3 of these in my house, the lite, the lr and the pro of the new AC line.  I run 3 different ssids all on diffferent networks.  My normal wifi which is eap-tls for auth (my devices like laptops, ipads, phones all use this), my psk network for devices that do not support eap-tls like my nest thermostat, my harmony hub, nest protect, rokustick, etc.  And then your typical other psk authed network that is for my guests.

    The unifi AP bring to the table band steering to put your devices on either 2.4 or 5 with the same ssid, they also support Air Time fairness and just recently enabled the DFS channels for 5ghz band so lots and lots of channels available depending on your clients support for these networks.  The free controller software you can run also brings lots of insight into your wifi network, what clients are connected to what AP, what speeds they are connected at, errors, bandwidth used, etc. etc.

    These wifi networks are all firewalled via pfsense and have varied access into my other networks.

    As to blocking ads, yeah pfblocker package makes this pretty simple to do.

    As to openvpn, yeah this is few clicks of the wizard to setup on pfsense, I vpn into my home network pretty much every day from work.  And yup there is a openvpn app for both ios and android devices that is clickity clickity to use.


Log in to reply