Help me build my pfsense box please!



  • Basically I'm trying to find:

    Compact+Lowest Power Usage+Very high quality wifi G/N signal & range + enough juice to undergo 50/50mbps throughput OpenVPN 24/7 without drop in speed/performance from it.

    Are there any prebuilt out there that are cheap and would do this well? I really dont feel like going custom if I can avoid it, I just want something neat slim with a good lil case to it, budget preferably under 350$?

    If you can't or don't have a specific unit to recommend, can you tell the ideal cpu's that could do the job well and how much more power would be needed to have 100mbps/100mbps to futureproof it?

    Also the best wifi chipset or adapter to use in the pfsense build?



  • Read previous posts. It is recommended to run wifi separately because pfsense doesn't support 802.11n currently.

    My access point of choice is the Ubiquity Unifi units. They offer enterprise features and reliability at consumer prices.

    There are lots of choices for compact/low power use which will be more than adequate for a 50/50mbps connection with openvpn. Do some research here for builds that work.

    One platform to look at are atom integrated boards which will meet your low power requirements. These can also be run without fans.



  • Any recommandation for which device would be best to run wifi separately? I currently have a linksys E4200 with dd-wrt but Im not that impressed by the quality of the signal and its a fairly decent device.





  • I second the http://www.ubnt.com/unifi/unifi-ap/

    I use these at all my sites and they work great.

    pfsense and wifi  for me was nothing but a nightmare, separate AP and all is well :)



  • This is exactly what I was looking for, thank you very much!!!

    I'm gonna get the unifi ap long-range version!



  • @lostinclarity:

    This is exactly what I was looking for, thank you very much!!!

    I'm gonna get the unifi ap long-range version!

    the Unifi LR (long range) has a HIGH failure rate. keep that in mind and also be aware 3.2.1 of the controller
    software and firmware have been Buggy and NOT horribly reliable. stay with 2.4.x of the controller software
    if you can as well as the firmware on the AP.



  • @SunCatalyst:

    @lostinclarity:

    This is exactly what I was looking for, thank you very much!!!

    I'm gonna get the unifi ap long-range version!

    the Unifi LR (long range) has a HIGH failure rate. keep that in mind and also be aware 3.2.1 of the controller
    software and firmware have been Buggy and NOT horribly reliable. stay with 2.4.x of the controller software
    if you can as well as the firmware on the AP.

    Do you have an alternative to recommend? I dont like failing hardware!



  • I haven't had any LR units fail.  I suspect that most people who are using them and reporting problems aren't using them properly though and assume they're defective.  The most likely issue you'd experience is that many clients have no connectivity even though they're well within the rated range and report a mid-level signal.  What they don't understand is that there are two sides to the conversation and that it doesn't matter if the AP has a LR transmitter which the client can hear if the client device doesn't have the power to send messages back over the same distance.

    If you're going to use Unifi hardware I'd suggest the Pro models.  If you're only using one AP though these things are a hassle.  Just get an Engenius AP (I like the ECB600) or an Apple Airport Extreme.



  • i would use either the standard Unifi or the Pro, the Pro is a Nicer unit as well..
    like i said watchout for version 3 of the controller software,

    on our testing of the UniFi-LR , of the 21 units that arrived  (initial batch), over 25% were DOA.
    had issues with some replacement units as well , in the end , there in the corner of my
    lab , and we ended up deploying Cisco AP instead (unfornately).

    ubiquiti at Times seems to have a QA problem, seems to come in spurts.

    the UniFi Pro tends to run over $200ish in the US…. you can also try the Cisco 1252 which can be had for about $100.
    much more solid AP if you can tolerate the GUI. reliable , solid AP. (i configure them thru the CLI anyways) or the engenius
    AP. (i dont have any of those deployed though).

    i have been a IT/Networking guy since 1983. we deploy everything in the LAB and test for over 30 days 24/7.



  • I also second Ubiquity. I have UAP-PRO, UAP, and UAP-LR. Recommended to me here in the past, and they work marvelously. The LR is real-ly LR  ;D

    It does 150 meter with 100% connection quality according to Windows 7, on a Lenovo T420. Download speed wired for this VDSL is 50 Mb/s, @ 150 meter it drops to 32 Mb/s.



  • @Jason:

    I haven't had any LR units fail.  I suspect that most people who are using them and reporting problems aren't using them properly though and assume they're defective.  The most likely issue you'd experience is that many clients have no connectivity even though they're well within the rated range and report a mid-level signal.  What they don't understand is that there are two sides to the conversation and that it doesn't matter if the AP has a LR transmitter which the client can hear if the client device doesn't have the power to send messages back over the same distance.

    How would you determine if the problem is with the client, Jason?



  • @Hollander:

    @Jason:

    I haven't had any LR units fail.  I suspect that most people who are using them and reporting problems aren't using them properly though and assume they're defective.  The most likely issue you'd experience is that many clients have no connectivity even though they're well within the rated range and report a mid-level signal.  What they don't understand is that there are two sides to the conversation and that it doesn't matter if the AP has a LR transmitter which the client can hear if the client device doesn't have the power to send messages back over the same distance.

    How would you determine if the problem is with the client, Jason?

    Unless you've explicitly bought a client wireless card noted for its "Long Range" abilities (read: high-powered & large antennas) you're going to have issues at the middle-to-edges of the signal area.  Basically, anything without an external antenna will be flaky.  You can test for this case with a specific device by running speed tests as you walk away from the AP.  If you get to a point where you have 1-2 bars of "signal", which would still work fine with a "normal" AP, you'll have essentially zero throughput with the LR.



  • Hey Jason,

    For the wireless i just need something for 1 floor that covers up to 800-1000sqf with a good and strong signal, with the linksys E4200 with dd-wrt Im using, I just go in the bathroom 25 feet away from the router and I get 1 bar of wireless signal and it can be unstable on my galaxy phone.

    I'm trying to spend as little as possible for my needs, not sure some of those pro or extreme 200$+ units are needed I dont have a house or anything overkill to cover either.

    I dont need any crazy features just something durable and power efficient wireless G/N and a very good & strong radio signal that is stable and consistent!



  • It's been my experience (admittedly, I haven't used it in a year or so) that DD-WRT makes things worse unless you know exactly what settings to change.  If you want something simple and reliable then get an Apple AirPort.  I use two, one on the 1st floor of my home and another on the second.



  • unless your stupid with your settings in dd-wrt , its pretty basic setup thru the gui. has its learning curve.

    now.  depending on the construction materials used in your house can vary on how far the signal travels.
    2.4ghz will give you better coverage (distance from the AP) and 5ghz will give you better thru put but it doesnt
    have the same distance in coverage.

    the bonus with something like the engenius or the cisco , there more enterprise AP than the consumer grade
    stuff you pick up locally…PLUS depending on model , you get external antenna's so you can put a higher DBi
    antenna on it for a bit better coverage if need be.

    example . my house , 1600 sq ft,  , i have 1 AP (Cisco 1252) at each end of the house due to the fact
    i have brick walls on the outside AND the inside wall and on the house. then to top it off its insulated and then
    a 2x4 wall built. so towards the center of the house i wouldnt see great coverage with just 1 AP..

    theres alot of factors when it comes to WiFi and house construction that will make every house different.



  • I grabbed an Apple airport express for 85 bucks, I'll see how that go, about the box for pfsense, what kind of minimum cpu is needed (lowest power usage) to perform well for 50mbps openvpn traffic and basic plugins? No intense firewalling or pps or anything else needed much. Also how many gigs of ram would be ideal for it?

    Is it possible to configure pfsense to have a failover/alternate vpn that it would connect to if unable to connect to the main/first?



  • Intel Celeron G1610 should be do the trick. An i3-2120T, 35W if you can find it used would fit into your budget and be cool (pun intended).

    2GB of ram will be more than enough.

    OpenVPN is rock solid once setup properly. Point to point, mobile connections have been problem free for me. However if you feel the absolute need to have a backup, you can setup ipsec as secondary.



  • @thetallkid:

    Intel Celeron G1610 should be do the trick. An i3-2120T, 35W if you can find it used would fit into your budget and be cool (pun intended).

    2GB of ram will be more than enough.

    OpenVPN is rock solid once setup properly. Point to point, mobile connections have been problem free for me. However if you feel the absolute need to have a backup, you can setup ipsec as secondary.

    Thank you very much for this quality post :)



  • @Jason:

    Unless you've explicitly bought a client wireless card noted for its "Long Range" abilities (read: high-powered & large antennas) you're going to have issues at the middle-to-edges of the signal area.  Basically, anything without an external antenna will be flaky.  You can test for this case with a specific device by running speed tests as you walk away from the AP.  If you get to a point where you have 1-2 bars of "signal", which would still work fine with a "normal" AP, you'll have essentially zero throughput with the LR.

    Thanks Jason  ;D

    Shouldn't the bold part be the other way around? Or do you mean 'will work fine with a "normal" AP in it's particular relatively small range'?

    (What I mean is: the "normal" AP will not work fine if it is at the range of the LR, since it won't work at all there).



  • What I meant was that with a normal AP you'd expect your client to be fast at 5/5 and get progressively slower until the signal drops at 0/5.  With the LR AP, the client still thinks it has a decent signal at 1-2/5 but most lack a transmitter powerful enough to get data back to the AP.  My example wasn't talking about absolute distance from the AP, but apparent signal strength on the client.