Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New to pfSense and wondering about possible setup. Curious if my idea would be viable.

    General pfSense Questions
    3
    4
    409
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SHOTO
      last edited by

      Hi Netgate community. I'm new here so sorry if I'm doing something wrong :)

      I'm looking into a pfSense setup and had some idea but I'm not sure if it would be good. Any advice and/or tips would be highly appreciated.

      We are on an optical fiber ISP connection. I don't use the ISP modem because it's crap. Instead I'm using a TP Link (TL-SG3210 V3) 8 port managed switch.
      The switch handles the ISP connection and the 3 different VLAN's the ISP is broadcasting. In combination with this switch we use a Netgear R7000 router to handle the lan.
      The router is installed with tomato advanced by shibby, this works great but I have a problem with the VPN connection. I installed my VPN provider (nordvpn) directly into the router which works fine.
      The problem is that with this setup all my internet traffic will be running over the VPN which is not what I want for various reasons.
      What I would prefer is to be able to use selective routing to only let a few devices use the VPN tunnel and let the rest use the regular ISP connection.
      Tomato does not have a native selective routing option build into the GUI, I know I could do it with a custom script but that's not the method I prefer.
      So I started doing some digging and found out about pfSense. I never heard of this until today so I studied around for a while but can't really decide which way to go.

      I still have an old intel NUC barebone laying around with a core I3 CPU, 8GB of RAM and a 120GB SSD. The downside is that it only has a single ethernet port.
      There are options to install a 2nd ethernet port through one of the USB ports but in my experience those are not very reliable and maybe a bit heavy on the CPU.
      It should be possible to use this device with just one ethernet port and handle the WAN and LAN connection with the managed switch in combination with pfSense installed on the NUC and the VLAN configuration on both devices.

      Though I'm not sure if this would be a good setup. It's probably better with some other hardware but this NUC works fine and it would be nice if I could get this to work without spending to much money.
      I don't need to run very heavy apps over the connection. It's mostly to secure some business work and handle some geo restrictions.

      So my question basically is, would it be possible to install the NUC with pfSense, without a windows installation, and connect that NUC to the managed switch in order to let the NUC handle the VPN tunneling?
      Does anyone by any chance have any experience with a similar setup? Would it work with just one ethernet port handled with VLAN configuration?
      In case this would be a viable option would it be a good idea to just remove the router and use the pfSense installed NUC as the new main router?
      This are some questions that come to mind... I am by no means a networking expert, I know a little bit about network hardware and settings but I mostly follow guides to be honest.

      Any advice or tips would be very welcome. Thanks in advance!

      S bingo600B 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @SHOTO
        last edited by

        @SHOTO I've not done it but this sounds similar to this picture, though maybe not with multiple WANs.
        https://docs.netgate.com/pfsense/en/latest/multiwan/single-interface.html

        One can create VLANs as desired in pfSense and create/assign interfaces for them, and use as WAN, LAN, or other as desired.
        https://docs.netgate.com/pfsense/en/latest/vlan/index.html

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote šŸ‘ helpful posts!

        S 1 Reply Last reply Reply Quote 0
        • S
          SHOTO @SteveITS
          last edited by SHOTO

          @SteveITS Thanks for your reply.

          Shortly after my post I found this video, it's a bit old but it's relevant.

          https://youtu.be/z59_MWWPL-Q

          I think I'm goin to try and see what happens.
          When I have some results I'll share them here, who knows... Someone might find it useful.

          1 Reply Last reply Reply Quote 0
          • bingo600B
            bingo600 @SHOTO
            last edited by bingo600

            @SHOTO
            There is nothing that would prevent you from doing it, and it would very likely work.

            You never mentioned your Inet bandwidth, or if you have multiple "local lan segments" or Vlans.
            In a "Router on a Stick" solution , both Inet upstrean & downstream, and local inter lan/vlan traffic has to pass through the same IF (and IF bandwidth).

            If you use your NUC/pfSense as the "only" router in your setup, aka. also serving/routing all the inside Vlans. There are some things to be aware of.

            If you just use the NUC/pfSense as the "Internet gateway w. some additional VPN stuff", i'd say try it out. (Aka. still using the Netgear to serve the local lan/vlans)
            If you just have a single lan on the inside, all your local traffic would be "switched" and never pass the NUC .. Go for it.

            But
            In a multi lan/vlan, all traffic has to pass the L3 device (pfSense), in order to traverse from one lan/vlan to another. Aka traffic would also have to pass the "single interface" twice (up & down).

            The big hurdle here is the NUC IF bandwidth ...
            If it's 10Gb go for it.
            If it's 1GB ... It depends .....

            /Bingo

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 23.05.1 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.