Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advice needed for new setup (VM or not & Subnet/VLAN)

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 211 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Chrisnz
      last edited by

      I want to replace my PC Engines APU box with a Topton N5105 and I'm looking for some advice. At the moment I'm running pfSense 2.6.0 CE bare metal. Every now and then I have hangups where everything becomes unresponsive and I have to pull the plug. I never found out what exactly is causing it but disabling pfBlockeNG helped - the APU is probably underpowered for that.

      Anyway, I have a few questions regarding setting up the new box. It has 12GB RAM and a 256GB Samsung SSD and x4 intel 226 NICs.

      1. From what I read the intel 226 only work with the new pfSense Plus version which I could upgrade to for free but I have to install a 2.6.0 first? Is there not a direct install for it, yet?

      2. I intended to put pfSense in a Proxmox VM this time because of easy backups/snapshots when trying new things and if something goes wrong on bare metal it took quite a bit of effort to get everything up and running again. However, I read there are some issues with the N5105 and N6005 where Proxmox VMs are freezing up irregularly. Does anyone run pfSense in a Proxmox VM on a N5105 stable here? If so, is there a reliable procedure to get there? (I read about microcode updates, BIOS settings etc. over at the Proxmox forum but couldn't find a definitive answer yet)

      3. This question is more about best practice or how to do it and goes beyond pfSense.
        At the moment I'm running 2 subnets (not counting the WAN), 192.168.1.x for LAN devices and 192.168.3.x for WiFi devices. I want to change most devices to the 192.168.1.x subnet because of DLNA and broadcasting issues across subnets. I want to separate my IoT devices (mostly WiFi) though from my 'trusted' devices (LAN and WiFi) and probably also want to isolate them from each other.

      I can think of 2 ways but I'm not sure if they're actually technically possible.
      My WiFi AP C7 Archer (soon running OpenWRT) could run 2 separate WiFi networks (e.g. normal and guest).
      a) I could stick to a separate subnet (192.168.3.x) with client isolation for IoT devices and route access to my HomeAssistant server on the LAN in pfSense and run the second WiFi network for trusted WiFi devices on 192.168.1.x
      I have a feeling this is technically not possible either due to the C7 Archer Hardware limitation or OpenWRT.

      b) Run 2 separate WiFi networks (both 192.168.1.x) and do VLAN tagging for each of them (e.g. SSID Main gets VLAN2 and SSID IoT gets VLAN3) - would that be possible? Probably an OpenWRT question...

      I try no to run 2 separate WiFi AP if possible.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.