Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Home use, use home server + vmware pfsense or buy sg-2220?

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Spectrum48k
      last edited by

      Hi Guys

      I'm looking at deploying pfSense into my home LAN, to policy route 3 specific IP addresses through OpenVPN

      I currently have a 'home server' running Win7 x64 with core2duo and 4GB, which gets used for media sharing and a few other things. CPU used to be an AtomD525 but was too sluggish.

      Being new to pfsense I notice there's a variety of ways to deploy in this scenario.

      • I can either buy an sg-2220, which is quite pricey for home use at $299

      • I can buy a mini-itx pc with aes-ni equipped celeron,atom or i3

      • I think I can run pfsense as a vmware image on the home server. I'd buy an additional dual intel network card for this

      May I ask what the general consensus would be, in terms of best option on limited budget?

      Also, I think i read somewhere I can buy the netgate sg-2220 board only, and perhaps add a nano-itx case and do the pfsense install myself on it to keep costs down?

      pfSense 2.4.1
      Intel Atom E3845 Quad Core 1.9GHz AES-NI
      Intel Gigabit Ethernet x4
      pico-ITX form factor
      16GB mSATA
      2GB DDR3L

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What sort of throughput do you need?

        You can run pfSense in a VM in this scenario but you need to be sure the WAN side is isolated from the host and the rest of the network. Can you really be sure of that running inside Windows 7?  :-\

        I would want to run a real hypervisor at the very least before considering that option.

        Steve

        1 Reply Last reply Reply Quote 0
        • S
          Spectrum48k
          last edited by

          Thanks for the reply.

          To answer your question, my broadband speed is roughly 100Mbps down / 5 up, here in the UK.

          As it's for home use, I'd be happy to run OpenVPN with AES 256 or 128, if it helped speed things up

          Regards VMware pfSense, perhaps I can switch to a Hypervisor foundation. Would it be asking too much of a core2duo to run both vm's on that Hypervisor?

          vm1 pfsense,
          vm2 windows 7 x64

          pfSense 2.4.1
          Intel Atom E3845 Quad Core 1.9GHz AES-NI
          Intel Gigabit Ethernet x4
          pico-ITX form factor
          16GB mSATA
          2GB DDR3L

          1 Reply Last reply Reply Quote 0
          • B
            biggsy
            last edited by

            A couple of things:

            You don't say what variant of Core2 Duo you are using.

            If you use ESXi:
            -  you would need to increase the memory on your home server - to probably at least 8 GB - just to install ESXi - and give the VMs some space.
            -  you might find that your Win 7 product key can't be "activated" for a Win 7 VM - the VM does not "see" the same "hardware" as the bare metal install.
            -  dual-port Intel NIC yes, for sure.

            An SG-2220 might be easier, if not less expensive.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Depends what you're running in Win 7 among many other factors.

              I personally would not want to run pfSense as the edge firewall in a VM under Windows. I couldn't be sure it would not open up the WAN if you reboot it for example.

              Obviously I'd rather you bought our hardware  ;) But if you have the D525 available still you try that even if only as a test. You won't get 100Mbps OpenVPN traffic through it but you might come close with some tweaking.

              Steve

              1 Reply Last reply Reply Quote 0
              • S
                Spectrum48k
                last edited by

                @biggsy:

                A couple of things:

                You don't say what variant of Core2 Duo you are using.

                If you use ESXi:
                -  you would need to increase the memory on your home server - to probably at least 8 GB - just to install ESXi - and give the VMs some space.
                -  you might find that your Win 7 product key can't be "activated" for a Win 7 VM - the VM does not "see" the same "hardware" as the bare metal install.
                -  dual-port Intel NIC yes, for sure.

                An SG-2220 might be easier, if not less expensive.

                I had a Core2Duo 2.8GHz E5500 spare, so I put that in the home server with 4GB. I have the intel Atom D525TUD lying spare - motherboard, 4GB DDR3 and integrated realtek Gigabit adapter. As I can't stop buying things on ebay (!) I picked up an Intel Pro/1000 PT PCI-E LAN adapter. Upping RAM to 8GB is no problem.

                I suppose its getting a bit elaborate what with having to install the hypervisor, then the two vm's - I should probably just get an sg2220!

                pfSense 2.4.1
                Intel Atom E3845 Quad Core 1.9GHz AES-NI
                Intel Gigabit Ethernet x4
                pico-ITX form factor
                16GB mSATA
                2GB DDR3L

                1 Reply Last reply Reply Quote 0
                • S
                  Spectrum48k
                  last edited by

                  @stephenw10:

                  Depends what you're running in Win 7 among many other factors.

                  I personally would not want to run pfSense as the edge firewall in a VM under Windows. I couldn't be sure it would not open up the WAN if you reboot it for example.

                  Obviously I'd rather you bought our hardware  ;) But if you have the D525 available still you try that even if only as a test. You won't get 100Mbps OpenVPN traffic through it but you might come close with some tweaking.

                  Steve

                  Thanks Steve. Win7 is idle for 90% of the time, waking from its slumber to occasionally serve up the odd document, image and media to a pair of Amazon Fire TV's  and a pair of workstations. I suppose I wanted to leverage that wasted horsepower by using a psfsense VM.

                  Happy to try the D525, but I noted it doesn't possess AES-NI, which would really help performance I'd guess. It has a single Realtek LAN integrated, but I've aqquired a Pro/1000 PT DUAL-LAN card. It'll be a bit bulky by the time I add case, and PSU. I do love how small and efficient the sg-2220 is. I think I'm talking myself into a purchase ;-)

                  pfSense 2.4.1
                  Intel Atom E3845 Quad Core 1.9GHz AES-NI
                  Intel Gigabit Ethernet x4
                  pico-ITX form factor
                  16GB mSATA
                  2GB DDR3L

                  1 Reply Last reply Reply Quote 0
                  • S
                    Spectrum48k
                    last edited by

                    The home server already runs the OpenVPN client.

                    All I really want is the 2 Amazon Fire TV's to share that OpenVPN client.

                    I wonder if there's a way to set the 2 Amazon Fire TV's gateway address to point to the home server's static LAN IP and somehow utilise the OpenVPN client running on it?

                    pfSense 2.4.1
                    Intel Atom E3845 Quad Core 1.9GHz AES-NI
                    Intel Gigabit Ethernet x4
                    pico-ITX form factor
                    16GB mSATA
                    2GB DDR3L

                    1 Reply Last reply Reply Quote 0
                    • B
                      biggsy
                      last edited by

                      Hmmm, the 2.8GHz E5500 is really a Pentium processor, not Core2 Duo.  Two cores, no hyperthreading or AES-NI.  Not an ideal machine for ESXi but it would probably work, especially as you say the Win 7 machine is idle a lot of the time.  Still, you've seen that it would be an effort - and then there's the learning curve if you haven't used ESXi.

                      SG-2220 looking better?  :)

                      1 Reply Last reply Reply Quote 0
                      • S
                        Spectrum48k
                        last edited by

                        @biggsy:

                        Hmmm, the 2.8GHz E5500 is really a Pentium processor, not Core2 Duo.  Two cores, no hyperthreading or AES-NI.  Not an ideal machine for ESXi but it would probably work, especially as you say the Win 7 machine is idle a lot of the time.  Still, you've seen that it would be an effort - and then there's the learning curve if you haven't used ESXi.

                        SG-2220 looking better?  :)

                        Yes, but can the sg2220 do firewall , routing and openvpn all together? Its job would be to replace my existing router, which has a regular firewall. The sg2220 need only offer a basic firewall

                        pfSense 2.4.1
                        Intel Atom E3845 Quad Core 1.9GHz AES-NI
                        Intel Gigabit Ethernet x4
                        pico-ITX form factor
                        16GB mSATA
                        2GB DDR3L

                        1 Reply Last reply Reply Quote 0
                        • B
                          biggsy
                          last edited by

                          @Spectrum48k:

                          … can the sg2220 do firewall , routing and openvpn all together?

                          Maybe I'm missing something but why would you think it might not?

                          The SG-2220 should handle your WAN speed of 100/5 easily - and with somewhat lower power consumption than the E5500.

                          1 Reply Last reply Reply Quote 0
                          • S
                            Spectrum48k
                            last edited by

                            Yes of course, I think I must've mis-read the UK distributor's website, where it states "Stateful packet filtering firewall or pure router"

                            I inferred it could only do one or the other!

                            pfSense 2.4.1
                            Intel Atom E3845 Quad Core 1.9GHz AES-NI
                            Intel Gigabit Ethernet x4
                            pico-ITX form factor
                            16GB mSATA
                            2GB DDR3L

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              I would certainly expect it to. You will only get close to the limit of it's abilities trying to fill the pipe with encrypted traffic. But even then since OpenVPN is single threaded it can only use one core leaving the other to do whatever else may be required.

                              The D525 won't do that.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.