Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    If you could install just one package - which would it be?

    Scheduled Pinned Locked Moved pfSense Packages
    15 Posts 6 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dstroot
      last edited by

      Home user - but a pretty complex and highly used network and a 50Mbps Internet connection down.  Mix of many types of devices…

      Looking for both improved speed and security.  Both Squid and Snort or Suricata seem like I need a few months of education to really use them well - so I am planning on concentrating on one thing at a time.

      Would Squid actually have a measurable/noticeable performance impact?  Or since >90% of the time it will be a cache miss and now I have added additional latency and processing for the caching will it be actually slower?  Seems like you can get the benefit only if you really know how to tune it well.

      I'd love to hear what is the one package you can't live without!  (because that's where I will start)

      Cheers.

      ps - running a full install on a PC Engines APU1D4, mSATA SSD (30gb)

      1 Reply Last reply Reply Quote 0
      • A
        aGeekhere
        last edited by

        If you want to filter the internet with both http and https sites
        Start here https://forum.pfsense.org/index.php?topic=73640.0

        Also see https://forum.pfsense.org/index.php?topic=79389.0

        Never Fear, A Geek is Here!

        1 Reply Last reply Reply Quote 0
        • D
          dstroot
          last edited by

          Have you jumped through all the hoops?  Seems a bit bleeding edge for may taste.  :-[

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            I'd install no packages.  Block all connections in from WAN and you're done.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              aGeekhere
              last edited by

              There are some websites that cause errors like https://dolphin-emu.org/

              And windows updates and adobe updates are not working yet. But have everything setup and just disable HTTPS/SSL interception this will bring you back to just http filtering until these bugs are fixed.

              Never Fear, A Geek is Here!

              1 Reply Last reply Reply Quote 0
              • A
                aGeekhere
                last edited by

                I'd install no packages.  Block all connections in from WAN and you're done.

                I would use a normal router for that, no point running a server 24/7, save power.

                Never Fear, A Geek is Here!

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  True, but I don't need "packages" to do more.  Actually, the only package I need is "OpenVPN Client Export."

                  But then again I don't run a "server" either.  Just a right-sized atom.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • A
                    aGeekhere
                    last edited by

                    anti-virus and Cache are also a few other bonuses that squid offers.

                    Never Fear, A Geek is Here!

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      unnecessary. IMHO

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • R
                        rjcrowder
                        last edited by

                        dansguardian… of course I couldn't use it without also installing squid - can I install two packages? :D

                        1 Reply Last reply Reply Quote 0
                        • D
                          dstroot
                          last edited by

                          I ran for years with the embedded (Nano) version on a PC Engines ALIX - this meant basically no packages (yes, I know that some packages work but the machine is so low powered that basically it's not a good idea).

                          Now I have a new PC Engines APU machine with 4gb RAM and a 30gb mSATA SSD.  I have the full version of pfSense installed but just using @Derelict's recommendation to stay package-free makes me feel like I could be getting more "usability" out of the new box's capabilities.

                          Thanks for the responses so far - I've made a couple runs at setting up Squid but I need to read  more.

                          1 Reply Last reply Reply Quote 0
                          • chpalmerC
                            chpalmer
                            last edited by

                            I really only need siproxd.  and only at one site. All the others could live as vanilla installs.

                            Triggering snowflakes one by one..
                            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                            1 Reply Last reply Reply Quote 0
                            • K
                              kejianshi
                              last edited by

                              I like the idea of running no packages at all for a home setup unless you have a particular goal to accomplish.

                              I would install openvpn client export and export a client to your laptop so that if/when you ever need to access your pfsense / LAN remotely you can.

                              Also, you might like a VPN when traveling.

                              1 Reply Last reply Reply Quote 0
                              • D
                                dstroot
                                last edited by

                                Since we have a lot of iOS devices in our family and I have a OSX laptop I setup an IPSEC VPN using this guide:

                                https://forum.pfsense.org/index.php?topic=81735.0

                                That way I can use the native clients on the devices.  Having some trouble with stability though…

                                That way when I have my iPad at Starbux no problems...  ;)

                                1 Reply Last reply Reply Quote 0
                                • K
                                  kejianshi
                                  last edited by

                                  It would be very stable with openvpn.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.