Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Switchin from USG20-VPN to pFsense need Suggestions (please)

    General pfSense Questions
    suggestion configuration nat
    2
    3
    341
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DarkKnight 0
      last edited by

      Okay I have a few question here, so i will stat out with a breif explanation.

      I have been using the Zytel UNIfied Gateway/VPN for about 8 years now. I started with the USG20, that Just died so I upgrade to the USG20-VPN and the thr USG60. The reason why I at look at pFsense is about a year and a half ago I upgrade to 1 GIG internet speed and found the USG20-VPN max thoughput was 350 ( UDP ?) I purchase the USG60 as it advertised it was 1 GB thoughput but that was rated at UDP specs real thoughput is about 400 to 600 (TCP).

      Okay test hardware ( this just the parts I had laying around for testing)

      Intel DG41RQ Intel G41 Socket 775 - motherboard
      Intel E2140 CPU (no AES-NA)
      2 x RealTek 81111D/8169D NIC
      4 GB DDR2 RAM
      500 GB SATA Hard Disk.

      What I have done is only replaced the Zytel USG20-VPN in my configuration. The USG60 is still new in the box as the licenses were just to steep to consider, this is a home network and not an enterprise network.

      Configuation

      AT&T fiber modem (bridge mode) -> re0 -> pFsense
      re1 -> NetGear R6220 -> switches (3) to all LAN Devices

      re0 = WAN
      re1 = LAN

      Package install
      pFsenseNG
      NUT - for UPS

      All inbound WAN Traffic block except the following
      OpenVPN -> R6220 VPN (with cert)
      Serviio Media Server -> R6220

      DHCP on pFsense has 1 static address -> LAN 192.168.x.x/24

      Firewall rules for LAN
      default rule to prevent lock-out
      default rule to Allow all LAN outbound

      pFsense WAN Rule NAT set to Port Forward to LAN 192.168.x.x/24
      1 port for Media Server
      1 port for OpenVPN

      Netgear R6220 WAN port connected to pFsense LAN
      Netgear R6220 LAN set to 192.168.0.x with DHCP and Static address
      Static Media Server, OpenVPN (2 - 10)
      Workstation (11-20)
      WiFi devices (21-30)
      Access Control set to filter by MAC Address
      Forwarding set to forward to Media Server and OpenVPN

      The NetGear R6220 is the main router for the LAN with is own DNS and DHCP server and the pFsense is my EDGE router for the WAN with is own DNS and DHCP server.

      I know that is allot and I know that I am double NAT;ng but it works well and has save me time in migrating the configuration to the pFsense box for test while keeping my network working.

      Now the the issues

      I know that the hardware I have needs to be replaced that is okay for now as this ia just a test of concept and is the hardware I has laying around.

      First issue is that my throughput is still 300 to 400 MBPS, been testing cables and NIC, could be the double NAT or the NetGear R6220 any suggetion here would help.

      Second can I leave it in the configuration ? I like the configuration and it allows me to manage my LAN from a central point and really never really have to touch pFsense for configuration just updates on DSNBL and blocks when needed. Suggestion ?

      I am also using the NetGear R6220 a my WiFi router for WiFi devices works well this way as I restrict WiFi access based on MAC and assigned/bound address, so no new devices can attach. Would like to keep this configuration if that is possible.

      Lastly, I have tested moving just the hard disk to another computer and it booted up, and it seemed to work without issue is that recommended ?

      In conclusion I will upgrade to an I7 NUC with 8GB and 2 x Intel I27HT GB NIC's (setting in box) as soon as I get the concept ironed out and the configuration standardized.

      Suggestions please

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        @DarkKnight-0 said in Switchin from USG20-VPN to pFsense need Suggestions (please):

        E2140

        I have no idea what sort of throughput that Netgear device might pass but I can say for sure that Core2 Pentium will not pass 1Gbps. Back when that was vaguely current I run an E4400 C2D and that just passed 1Gbps with Intel NICs. So a system with a 20% slower CPU and Realtek NICs will not.

        Steve

        D 1 Reply Last reply Reply Quote 1
        • D
          DarkKnight 0 @stephenw10
          last edited by

          @stephenw10

          I agree 100%. the E2140 will not.

          Just a little update there were several other issue other than the CPU.

          1. The Netgear R6220 under powered - disabled Traffic Meter and every thing else, but Access Control, DHCP, port forwarding and WIFI.
          2. The RealTek NIC;s conflict with drivers and version(s), just downloaded updated driver package and replaced drivers.

          After fixing those items I decided to pull the trigger and move this setup to the i7 NUC, just unplugged the hard disk and plugged it into the i7 NUC, ran the installer but select recover previous configuration from the menu, the followed the installation prompts.

          Everything came back configured except the NIC;s just reassigned and set the ip address and bang done.

          I am now hitting 1.1 GBPS on downloads and 940 MBPS on uploads. CPU utilization is between 2 - 5% on average and never peaks above 6%. Still using the Netgear but that is another can of woms I will tackle later (too much configuration) need to document and test the document that it is correct as I have allot of Home Smart Devices (i.e cameras, smart plugs, door bells, door locks, etc,,,,) they were a nightmare to setup and get working, do not want to repeat that.

          But thank you for replying, as I am I noob with pFsense I can offer little help but if you have question for me just ask I will try my best to answer

          DarkKnight

          1 Reply Last reply Reply Quote 0
          • First post
            Last post