Is pfsense what I need for my home network?

ekym

Hello thanks to everyone great firewall I tried pfsense for for my home network  many years ago.

I have a few pre-build setup and configuration questions:

I need to build a new firewall box before my current hardware fails it's been up and running for 4 or 5 years now, I'm predicting the power supply will fail soon and I'm afraid I won't be able to find a replacement to fit in the small form factor case I used for the build.

I have a typical home network with multiple computers, IPTV streaming devices, HTPC setups running XBMC / Kodi , and so on.

My current box (SW) has three nic's,  red, green, and orange. I had a web server connected to the orange early on, but I have since moved to a hosting plan and no longer use it.

I would like to leave the majority of my network connected to the local network and internet, and be able to connect the IPTV and HTPC devices through a VPN service to help avoid geo blocking and other problems, while still being able to access file servers and shares on the local network from these devices. My currant vpn service is through giganews with the vypervpn client, I'm not married to it, and I would like to avoid multiple vpn service accounts for these multiple streaming devices if possible. The vyper service only provides 2 connections.

My question is can I use pfsense and connect one switch to a NIC and a second switch to another NIC to achieve my goal with a single (PC) box? Or will I need two separate computers to do it? And if I do need two separate computers will the devices connecting through the VPN service through the second computer still be able to access the file shares on the other network? Maybe I only need one PC running pfsense and 2 NIC's?

I have a few dell GX240 pc's ( these only have one open pci slot and could support 2 nic's total ) these might work well if i need two setups, and 1 dell 4500S ( this could support 3 nic's ) I was trying to make use of this hardware if possible.

The setup would be Cable Modem Router > Firewall computer router (1 or2?) > switch A + B

What is the best,  most efficient or correct way to build this network?

Thanks for any advice or comments!

ekym

keyser

I'm not quite sure I understand your needs correctly because it seem more complicated than it needs to. But if I do then:

Yes, pfsense is just what you need. Install in on a machine with two nics. The WAN nic goes to your modem, and the other NIC goes to your internal network with all your servers and equipment.
After installation you configure a VPN service on your Pfsense, that way you can reach your internal network in a secure manner from the internet. No other servers, installations or services are needed.

ekym

Thank you for the response, I wont be using the vpn service (vyprvpn or any service that works with pfsense)  in that way. My main goal is not to connect to my network while I am away but rather  to use the vpn service to keep my communications secure and encrypted when I am at home.

Derelict

Get a VPN service that speaks OpenVPN and chances are you'll be fine.

ekym

@Derelict:

Get a VPN service that speaks OpenVPN and chances are you'll be fine.

I think most of them do, including the service I subscribe to now. Do you think I can do it with one computer 3 nic's or will I need 2 pc's with 2 nic's each? And If I need 2 PC's will I be able to create a path between them for the local traffic?

Derelict

One pfSense with 3 NICs should be fine.  You can create the OpenVPN client so it looks like another interface and policy route whatever you want out of it.

Check out this thread: https://forum.pfsense.org/index.php?topic=76015.0

kejianshi

Your needs are pretty simple.  Not that uncommon and derelicts advice is fine.

In the past I had a power supply die on a otherwise perfectly good box.  I drilled a hole in the case, ran my power supply cables into the tiny strange form factor case, hooked it all up, closed the case and mounted the PSU to the outside of the computer.  Ugly but functional.

I keep a router in my basement, so if I do something like that to the pfsense, its not sitting next to the guests I have over and the fine crystal, screwing up the ambiance or anything.

Other people seem to use the pfsense as the main decorative device in the center of the living room, so not good for those.

ekym

@Derelict:

One pfSense with 3 NICs should be fine.  You can create the OpenVPN client so it looks like another interface and policy route whatever you want out of it.

Check out this thread: https://forum.pfsense.org/index.php?topic=76015.0

WoW, I took a minute to skim over that tutorial and I'm sure it will help me get my system up and working the way I need it to, thank you very much. I am liking this community allot so far, active = good!

ekym

@kejianshi:

I drilled a hole in the case, ran my power supply cables into the tiny strange form factor case, hooked it all up, closed the case and mounted the PSU to the outside of the computer.  Ugly but functional.

Thanks for the tip, I appreciate  a good work around solution as I can relate.

ekym

@Derelict:

One pfSense with 3 NICs should be fine.

Check out this thread: https://forum.pfsense.org/index.php?topic=76015.0

Reading that tutorial, makes it sound as if you can accomplish this with only 2 nic's? was there some reason you thought of that says I should have 3?

Derelict

One more is always better.  They're cheap.  If you don't need 3 go with 2.