If you could install just one package - which would it be?



  • Home user - but a pretty complex and highly used network and a 50Mbps Internet connection down.  Mix of many types of devices…

    Looking for both improved speed and security.  Both Squid and Snort or Suricata seem like I need a few months of education to really use them well - so I am planning on concentrating on one thing at a time.

    Would Squid actually have a measurable/noticeable performance impact?  Or since >90% of the time it will be a cache miss and now I have added additional latency and processing for the caching will it be actually slower?  Seems like you can get the benefit only if you really know how to tune it well.

    I'd love to hear what is the one package you can't live without!  (because that's where I will start)

    Cheers.

    ps - running a full install on a PC Engines APU1D4, mSATA SSD (30gb)



  • If you want to filter the internet with both http and https sites
    Start here https://forum.pfsense.org/index.php?topic=73640.0

    Also see https://forum.pfsense.org/index.php?topic=79389.0



  • Have you jumped through all the hoops?  Seems a bit bleeding edge for may taste.  :-[


  • Netgate

    I'd install no packages.  Block all connections in from WAN and you're done.



  • There are some websites that cause errors like https://dolphin-emu.org/

    And windows updates and adobe updates are not working yet. But have everything setup and just disable HTTPS/SSL interception this will bring you back to just http filtering until these bugs are fixed.



  • I'd install no packages.  Block all connections in from WAN and you're done.

    I would use a normal router for that, no point running a server 24/7, save power.


  • Netgate

    True, but I don't need "packages" to do more.  Actually, the only package I need is "OpenVPN Client Export."

    But then again I don't run a "server" either.  Just a right-sized atom.



  • anti-virus and Cache are also a few other bonuses that squid offers.


  • Netgate

    unnecessary. IMHO



  • dansguardian… of course I couldn't use it without also installing squid - can I install two packages? :D



  • I ran for years with the embedded (Nano) version on a PC Engines ALIX - this meant basically no packages (yes, I know that some packages work but the machine is so low powered that basically it's not a good idea).

    Now I have a new PC Engines APU machine with 4gb RAM and a 30gb mSATA SSD.  I have the full version of pfSense installed but just using @Derelict's recommendation to stay package-free makes me feel like I could be getting more "usability" out of the new box's capabilities.

    Thanks for the responses so far - I've made a couple runs at setting up Squid but I need to read  more.



  • I really only need siproxd.  and only at one site. All the others could live as vanilla installs.



  • I like the idea of running no packages at all for a home setup unless you have a particular goal to accomplish.

    I would install openvpn client export and export a client to your laptop so that if/when you ever need to access your pfsense / LAN remotely you can.

    Also, you might like a VPN when traveling.



  • Since we have a lot of iOS devices in our family and I have a OSX laptop I setup an IPSEC VPN using this guide:

    https://forum.pfsense.org/index.php?topic=81735.0

    That way I can use the native clients on the devices.  Having some trouble with stability though…

    That way when I have my iPad at Starbux no problems...  ;)



  • It would be very stable with openvpn.