New to pfsense and need a Plan of Action



  • I have recently built a pfsense box using a MiniATX board and now have it connected to internet via two WAN.

    My ADSL2+ connection generally have 14.5Mbps down and 0.89Mbps up on one and the other 12Mbps and 0.7Mbps.

    I am shifting from a Draytek 2820 which gave me very good service and seemed to provide excellent security. We have about 10 users with a mixture of PC, MAC, tablets, and phones etc.

    What I want to do is as follows.

    1.  Divide the load over the two Wan so as to get the best speed possible.

    2.  Install two different VPN services, one to handle general internet use and this would use a local sever.  The second VPN to handle P2P and torrent traffic and this would use a sever in another country. Automate which traffic goes to which VPN.

    3.  Put in place some bandwidth control so as to limit bandwidth for some traffic. For example we have 4 computers backing up to Crashplan I would like this to use the full bandwidth available if there is nothing else happening but to be restricted when there is other use.

    4.  I want to make the pfsense secure, what packages should I be installing.

    5.  Is there anything else I should be considering before I start any of the above?

    Is there a particular order that I should be looking at to do the above?

    I should mention that I am very new to this and sometimes it takes me a while to understand the terminology my apologies in advance.

    Any help would be greatly appreciated.


  • Netgate

    @DualWaner:

    4.  I want to make the pfsense secure, what packages should I be installing.

    I would argue that the more packages you install the less secure pfSense becomes.


  • Netgate Administrator

    I would exepect pfSense to be at least as 'secure' as the Draytek router as a fresh install.
    Some here would argue that you're not really 'secure' unless you're running Snort (or equivalent). It depends how you define secure really.
    Of your list the only thing I can see any issue with would be redirecting p2p traffic via a specific VPN. How are you planning to catch that traffic? There is a layer 7 filter that can do it but I've personally found it very easy to get wrong.  ;) If you're able to divide out the p2p traffic some other way, like using a separate wifi network, it will be much easier.

    Steve