Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Migration from Draytek to pfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 505 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nfigueir
      last edited by

      Hi all,

      I am new to pfSense and I trying to migrate from my current setup to a better home network with more security and better throughput.

      Currently my setup consists of:

      fibre ONT --> Draytek Router --> Unifi Sw --> Unifi Sw ---> Unifi APs
                                                      \---> Powerline to a couple of Unifi cameras

      I have several subnets with fixed IPs binded to the MAC addresses and 1 subnet with DHCP for guests. My subnets to not have VLAN tagging (something that Draytek router allows) and as such there is no real separation of networks.
      Wifi wise, I only have 1 ssid for all networks since I want to keep things simple for the rest of house users and IoT devices are not very flexible.

      My objectives on this migration are:

      • Try not to create a lot of disruption to existing network setup (I have several IoT things that take a lot of work to setup manually - Tasmota, Shellys, etc)
      • Enhance enhance VPN support (hence pfSense)
      • Have better network throughput
      • Increase network security (specially due to IoT that require internet access)
      • Since port/ssid VLAN separation is not easy in my setup (specially on the wifi and powerline) I need a workaround for this

      After reading several threads, YT videos and questions on the internet, I think I can achieve what I want with the following setup in pfSense:

      • Several sub-networks/Interface with VLAN for real network separation
      • Since I want to fixed IP addresses to most devices I need to keep several lists under (Services -> DHCP Server -> interface -> DHCP Static Mappings)
      • FreeRadius authentication with MAC address to assign VLAN (my idea is that this will allow me to keep only 1 wireless ssid and not have to bind switch ports to specific VLANs)

      Is this a good approach or am missing something really basic that would simplify my life?

      For example today with Draytek, I only have 1 big list of MAC/IP associations, with the new setup I need to keep 2 copies with that information (one for DHCP IP assignment and other for freeRADIUS VLAN assignment).
      I tried to keep the list reduced to just the freeRADIUS by doing IP assignment with FRAMED ROUTING/IP but it seems UNIFI does not like this idea.

      Any suggestion or comment is greatly appreciated :)
      Nuno

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Do it one step at a time. If you try to move from several subnets on one layer2 directly to radius assigned VLANs you are almost certainly going to hit multiple issues! I would first try to create VLANs and make sure they work with your switches/APs. That should definitely work and is not that hard to setup with Unifi gear. Then, once that's working with some test subnet, try moving your current subnets to that to separate then and see what breaks.

        Steve

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.