2 Subnets and 2 Wifi Adapters?
-
I am VERY new to pfSense and firewall setups in general. I've seen videos and read pages on pfSense, but still have questions.
I'm looking that this system to run pfSense on:
https://www.amazon.com/Firewall-Micro-Appliance-Intel-PFSense/dp/B01AJEJG1AI want to that to replace my two WiFi routers (one running OpenVPN client) set up on two different sub-nets (192.168.2.x & 192.168.3.x). I also have various devices plugged into the Ethernet ports of a switch. I have a non-simple setup at home and would like to replace it all with just a single unit like the one on Amazon.
So my questions are:
- Can I run two subnets off pfSense with that hardware? (Assign different subnets to different Ethernet Ports)
- Can I run 2 USB 2.0 Wifi AP Adapters (one for each subnet) that support 2Ghz and 5Ghz bands each? (any recomendations on USB 2,0 Wifi Adapters?)
- Can I run OpenVPN just on one subnet (192.168.3.x) ?
Any assistance to reference to where I can find these answers is greatly appreciated.
-
I am VERY new to pfSense and firewall setups in general. I've seen videos and read pages on pfSense, but still have questions.
I'm looking that this system to run pfSense on:
https://www.amazon.com/Firewall-Micro-Appliance-Intel-PFSense/dp/B01AJEJG1AI want to that to replace my two WiFi routers (one running OpenVPN client) set up on two different sub-nets (192.168.2.x & 192.168.3.x). I also have various devices plugged into the Ethernet ports of a switch. I have a non-simple setup at home and would like to replace it all with just a single unit like the one on Amazon.
So my questions are:
- Can I run two subnets off pfSense with that hardware? (Assign different subnets to different Ethernet Ports)
Yes. They would all be router ports.
- Can I run 2 USB 2.0 Wifi AP Adapters (one for each subnet) that support 2Ghz and 5Ghz bands each? (any recomendations on USB 2,0 Wifi Adapters?)
Yes I have a recommendation. Get an external access point and use that. Don't mess around with USB Wi-Fi (or even internal Wi-Fi cards.) You can probably still use your existing wireless router as an AP if you 1) disable its DHCP server 2) leave its WAN disconnected 3) connect one of its LAN ports to one of the pfSense LANs.
- Can I run OpenVPN just on one subnet (192.168.3.x) ?
You can policy route any traffic you like over an OpenVPN client connection, leaving other traffic out the regular WAN.
-
Thanks for the quick reply!
I was hoping I could replace all my hardware with a single unit, but it sounds like that's not the best solution. In which case, the J1900 box is probably overkill.
Maybe I'll wait until the ARM release is out and load up a Raspberry Pi 3 for just a basic, low-end firewall.
Thanks again!
-
I don't get this logic.. I want 1 box?? You have 1 box.. How is wifi related to not having 1 box. Your AP should be properly placed about the area you want wifi coverage in. Ie ceiling mounting it he best option. I have 1 in my main hallway, one in the kitchen near the patio door to provide better coverage out on the patio. I also have 1 in the guest room ceiling to cover that part of the house, etc.
But you would be ok with this 1 box having usb adapters sticking out of it? That yeah the range on that wifi is going to be freaking fantastic ;)
If got a real AP, or as many as you need to provide proper coverage of the area you want coverage. Real AP support vlans, so you could run your multiple wifi networks with just the AP and no need for adapters for each network, etc. I currently run 4 different wifi segments..
Raspberry pi3 has a 100mbps interface.. Only 1 of them - yeah that would make for low end firewall that would be for sure..
As to your question about multiple segments off that appliance.. Sure you could run 3 lan side segments.. Or even more with vlans on top of those interfaces if you have a vlan capable switch.. As to running openvpn on one of them?? Do you mean as server or as a client to a vpn service, and any device you put on that segment goes out the vpn service??
-
I don't get this logic.. I want 1 box?? You have 1 box.. etc.etc.etc…
You are assuming a lot here. And we all know what happens when you assume….
1st: You assume I'm an idiot.
2nd: You assume that I live in a large house with lots of space and need APs everywhere.
3rd: You assume I need fantastic range.
4th: You assume 100mbs is freaking slow against my ISP
5th: You assume that I need a firewall between all my devices
6th: You assume that I only have 1 AP and nothing else.In answer to you singular question - the only one you did not make an invalid assumption on: it is a VPN Client and I have it set that only devices connected to that segment use that service.
Derelict answered my questions with facts and useful information. I really appreciate that and thank him for all his help.
johnpoz: you need to pull your head out of your assumptions.
-
wow, before this boils up, may we do the maths quick. Anybody hurt? No. Great, let's get on with some networking.
You, DaHai8, were speaking of two USB WiFI cards.
USB WiFi on a FreeBSD system is generally not a good idea. I'd propose as well to use one good AP and have it distribute multiple SSIDs. Basically split your setup into two separate devices which usually makes more sense.A RasPi, with a single NIC only and that one connected via USB internally, is not that great an idea for a router. Sure, router-on-a-stick scenarios are possible. But would I (!) want that and would I want it on a RasPi? Did you have a look at the upcoming SG-1000? Seems way better suited.
-
Wow… WTF?? <rolleyes>Dude your going to make lots of friends here with that sort of assitude
I didn't assume any of that shit.. I made a simple remark to the comment that comes up quite a bit about everything in 1 box mentality.. Which has nothing to do with proper wifi setup.. You seem to have gone off the freaking deep end like I was attacking you in some way??
"1st: You assume I'm an idiot. "
I didn't untiil now ;) with a touch of Douche as well..</rolleyes>
