Pfsense on old laptop

asandiego

Hi,

Need advise on what hardware to use for pfsense. I actually have 2 old laptops. A macbook late 2008 aluminum unibody (core 2 duo, 4gb ram, 80gb hdd) and a dell n4050 (core i3 2nd gen, 4gb ram, 80gb hdd). Prefer not to spend more than 30 usd for this project which is why I'm thinking of just using which ever is better off the two.

I prefer to use the mac for pfsense but i will need to use an Ethernet usb adapter order to add one more ethernet port. Which, based on my research, is not recommended.

For the dell, I did some research and found out that it has a pci express slot that is currently used by the wireless card. I don't need this so I can take it off and was hoping that I can get a pcie riser and a cheap pcie dual/quad nic adapter for this instead. I'll probably put the whole motherboard on another case though.

Appreciate any advise.

Rico

Yeah, don't use USB NICs.
No idea about your laptops and which one would be better to run pfSense...but depending on your bandwidth needs you could run it as a router-on-a-stick to get around your NIC problem: https://docs.netgate.com/platforms/minnowboard/pfsense.html

-Rico

stephenw10

Yeah, spend the $30 on a switch and use VLANs. It will be much more reliable.

Stevce

asandiego

@rico thanks. I'll check that out.

@stephenw10 thanks. I'll check that out as well. Will it work with any switch or does it have to be a managed switch? I also have 2 old routers lying around. It would be great if I can use those for this purpose.

stephenw10

It has to be something managed, capable of VLANs.

What sort of routers?

If they are soho all in one style devices it's unlikely you can run pfSense on them directly but you may be able to turn them into a managed switch using OpenWRT/DD-WRT.

Steve

asandiego

@stephenw10 i saw a YouTube video tutorial on how to do vlans using a managed switch. just wondering, my laptop only has a 100Mbps ethernet card. if i use the vlan approach, won't it lessen the speed of the ethernet card on the laptop? will it affect the overall speed?

stephenw10

That NIC will do 100Mbps full-duplex, both ways at the same time. So if you're send 100M UDP into one VLAN it can send it back out on a different VLAN and not lose speed. For TCP traffic there are also replies and that eats into the total bi-directional so you will see less that 100Mbps.

What is your WAN connection there?

If that laptop only has a 100M NIC I would question using it at all. That's the Mac I assume? Hard to imagine anything with an i3 could not have a Gigabit NIC.

Steve

asandiego

hi @stephenw10,

i've decided to use the dell n4050 instead as it consumes less power compared to the mac. as for my wan speed, i only get a max of 100Mbps for my internet.

this will be one of my options. to use the existing lan card and use a managed switch and setup vlans. i found a cheap ($25) one online (tp-link tl-sg105e). although since this is a smart switch that supports vlan and not a actual managed switch, i'm not sure if it will work.

https://www.tp-link.com/us/business-networking/easy-smart-switch/tl-sg105e/#specifications

i've also been looking into some more options as well.

option #2 is using a mini-pcie to pcie x1 adapter. i found one on-line and it's pretty cheap ($10 more or less).

here are the specs for reference.

PCI Express Mini Card Electromechanical Specification Revision 1.0;
PCI Express base Specification 1.1 (Up to 2.5Gpbs);
USB Specification, Release 2.0 Hi-Speed (Up to 480Mbps);
System Management Bus (SMBus) Specification. Version 1.1;
PCI Express Card Electromechanical (CEM) Specification 1.1;
Power Supply: 3.3V (For PCIe Slot. from Mini PCIe slot). 5V (For USB, from FDD 4 pin). 12V (For PCIe. from FDD 4pin);

based on my understanding from the specs above, i can get a max speed of 2.5Gbps for the pcie so i'm guessing i can use a cheap intel dual nic ethernet adapter instead of a quad nic card.

option #3 is to get this one below which is a mini-pcie to one gigabit ethernet (around $7) and plug the connection to the managed switch from here instead of the 100Mbps built-in lan card. the only concern i have with this is if pfsense will detect it. specs doesn't say which chipset it is using.

Support existing CAT-5 UTP cabling with automatic crossover detection
Fully compliant with PCI-Express Base Specification Revision 1.1
Single-Lane (x1) PCI-Express with throughput up to 2.5Gbps
Compatible with PCI-E Mini Card Electromechanical specification revision 1.2
Compatible with Half size Mini card type form factor
Fully Plug and Play compatible
A high performance 1000BASE-T Ethernet controller card
Backwards compatible to 10/100BASE-T networking
10/100/1000Mbps data rate auto negotiation operatio
Compatible to existing CAT-5 UTP cabling
Fully compliant with IEEE 802.3, 802.3u, 802.3ab
Supports full duplex flow control (IEEE 802.3x)
Supports IEEE 802.1P Layer 2 Priority Encoding
Supports IEEE 802.1Q VLAN tagging
Supports jumbo frame to 9K bytes
Crossover Detection and Auto Correction operation

any advise on which option looks best?

stephenw10

Hmm, I mean by the time you're adding a bunch hardware and spending money I would question using a an old laptop at all. You don't need to spent much on second hand gear to get something with a number of dedicated 1G ports.

There is no way of knowing if that mPCIe adapter will work unless someone has already tried it.

Steve

asandiego

@stephenw10 your response got me thinking and so i did some more research on other options.

1. buying old hardware like dell optiplex etc. just need more research with regards to energy consumption.

2. virtualize pfsense. i already have a freenas (11.3) at home running on a pentium G4600 with 16gb RAM. good thing about this is that the processor supports aes ni (not a requirement for me but nice to have). i've seen others do this. my motherboard has a PCIe x1 2.0 (which based on my research can handle gigabit quad nic). i can dedicate these to the pfsense vm.

what are your thoughts on the #2?

appreciate your feedback.

regards,
allen

johnpoz

@asandiego said in Pfsense on old laptop:

what are your thoughts on the #2?

I ran pfsense as VM for many years.. And many people do that.. There are some things I loved about it.. One being the easy method of taking a snapshot before playing with the latest snap of whatever dev build was being worked on.. Bad thing about it - any time I had to reboot my VM host, had no internet.. Update of VM (esxi) caused loss of internet for the whole house..

So its not like that solution doesn't come with its own little issues. Other thing I like about it - is it made for easy playing with other router distros, or running stable version of pfsense - and then booting a new dev version.. Since I had my VMs using the same mac address for wan and same IPs for lan side.. You could move to this or that VM for your router with very little loss of connectivity, and not even a change in the public IP (using cable modem)..

Again ran that for many years - through multiple generations of esxi.. I finally had to move away from that and use hardware for router when increased internet connection, and the VM way just didn't have enough umph to handle new faster internet speed. So it was either get a beefer VM host, or just put pfsense on its own hardware. I went with downsizing what I was using for VM and storage.. I can still run VMs on the nas, and do run some play with pfsense VMs as downstream routers in my network for testing stuff.. And getting a sg4860 as my router.

Worse case if hardware router took a dump - I could in a pinch fire up a pfsense VM and route the whole network through the nas VM setup..

Now I can reboot my nas with still having internet.. So while VM is a very viable and workable method.. Just be sure you understand it comes with a few grains of salt to running your router on its own hardware.

If your going to spend money to get some hardware you have laying about to work.. And its going to be some sort of frankinbeast. For my 2 cents, I would take that money and put it towards something actually meant to be a router.. The sg1100 is great entry level router.. If your internet isn't all that fast anyway.. Great solution.. Prob out perform your VM version, unless you have a pretty hefty VM host box..

I would either go VM, or something meant to be a router for hardware..

asandiego

@johnpoz Thanks. I'll probably go this route. Forgot to mention that I'll be using dual wan, load balancing, openvpn, dns and probably qos. For the vm, I plan on allocating 1 cpu and 1gb RAM. Will it be enough for my requirements?

The sg-1100 is currently above my budget as it costs around $300 here but maybe sometime in the future.

johnpoz

@asandiego said in Pfsense on old laptop:

Will it be enough for my requirements?

What are the speeds of the wans? What is host cpu(s).. Ram and number of cpus - doesn't always = speed in routing.. Even if you throw 32 gig and 4 cpus to the VM..

My issue was the esxi host VM just couldn't handle 500mbps - no matter how much ram and cpus I gave the VM.. I could only get about 120ish mbps out of it.. Even though everything was gig connected..

asandiego

@johnpoz i recently found out that primary isp boost my speed up to 115mbps (plan on upgrading to probably 400 mbps). the other is around 50mbps (backup lte).

my processor is an Intel Pentium Processor G4600 3M Cache, 3.60 GHz.

CPU Specifications
# of Cores
2

# of Threads
4

Processor Base Frequency
3.60 GHz

Cache
3 MB

Bus Speed
8 GT/s

# of QPI Links
0

TDP
51 W

regards,
allen

HillyWelos

This post is deleted!

HillyWelos

This post is deleted!

Garganzolla

This post is deleted!