Do's and don'ts with pfsense



  • I'm in the process of moving from my ASUS Ac68p to my recently built pfsense box.

    But I'm unsure of what migrate to pfsense, and what to leave to the Asus router.

    Currently my ASUS router is functioning as a : OpenVPN server (with push Lan enabled), single drive samba server, and a wireless router /w Mac-based parental controls.

    The threads that I could find discouraged using openVPN and samba on pfsense, but those threads were from a few years back.

    Is this still the case?

    I was hoping by moving this stuff off of my ASUS, I could improve performance.
    I also want to run an OpenVPN client off the pfsense box as well. (However I could easily setup a few raspberry pis to do the same thing)

    Security is the main reason I set up pfsense, so if this really is bad, I don't mind keeping everything on the ASUS


  • LAYER 8 Netgate

    Samba doesn't belong on a firewall. Period.



  • Samba on pfsense is cool.  You can share with the world!  (-;



  • @kejianshi:

    Samba on pfsense is cool.  You can share with the world!  (-;

    Yeah and think of all the great malware you could collect too :)

    Roy360, put OpenVPN on pfSense (nothing wrong with that) and use the Asus as a WiFi Access Point.  Find somewhere else for the SAMBA server.



  • ubuntu is very easy to set up as a samba server.  I like it better than windows sharing by far.  You can set up a share on something as small as a raspberrypi if needed or on any other computer running behind pfsense.


  • LAYER 8 Global Moderator

    Where did you read not to use openvpn on pfsense?  The best place for vpn send point is the edge.. pfsense is your edge so it makes complete sense for that to be our vpn endpoint.



  • Freenas is good for Samba / SMB. I use Windows Server 2012 R2 with many VMs. One of them is a File server.



  • @biggsy:

    @kejianshi:

    Samba on pfsense is cool.  You can share with the world!  (-;

    Yeah and think of all the great malware you could collect too :)

    Roy360, put OpenVPN on pfSense (nothing wrong with that) and use the Asus as a WiFi Access Point.  Find somewhere else for the SAMBA server.

    Okay, then I'll do openVPN server and pfsense and use the Asus as a wireless Ap and samba server.



  • @kejianshi:

    ubuntu is very easy to set up as a samba server.  I like it better than windows sharing by far.  You can set up a share on something as small as a raspberrypi if needed or on any other computer running behind pfsense.

    A raspberry pi 2 would give me about the same performance as my Ac68p which is ~30MB/s read and write.

    I'll have to look around and see if anyone is selling 2GHz boards for under 50$.

    The brand new AC86u is capable of 100MB/s reads and 90MB/s write on samba and it only had a 1.8GHz processor.



  • @Roy360:

    Okay, then I'll do openVPN server and pfsense and use the Asus as a wireless Ap and samba server.

    If you turn the Asus into an AP you will probably lose its SAMBA function.

    The Pi 2 can only do 30-40 MB/s with SAMBA because its LAN connection is via USB, IIRC.



  • The brand new AC86u is capable of 100MB/s reads and 90MB/s write on samba and it only had a 1.8GHz processor.

    This is then on an eMMC flash storage and not on an SD card as on the RAPI, and on top of this that plastic routers
    came with ASIC and/or FPGA`s that frees up the entire CPU and it is able to do more. pfSense is a x86 software
    firewall and nothing more at this moment. An yes a small samba server should be not installed on it as I see it right
    like other also do, but you will be able to get a NAS with OwnCloud, Samba, Download station and whatever they all
    offers today, and connect it to your pfSense easy to get access from outside with a VPN connection.


Log in to reply