I currently have a 150 Mbps cable connection. However my router only has 10/100 Ethernet ports (both WAN and LAN side) so I'm not quite getting my full connection. It isn't much of a problem, but it annoys me. And Gigabit routers are surprisingly pricey.
I heard about PfSense and I wonder if a cheap, low-power PC build with dual Gigabit ports running PfSense would be a better option than buying a new router? I'd use my existing router just for the wireless access point on it which is good enough for phones/tablets.
Stuff I know I need:
Port forwarding for a couple game servers and associated web sites (mapping sites, small wiki, etc)
DHCP and DHCP reservations
I'm also interested in any VPN ability. Right now I do a cert-protected SSH into a VM on my home network, from there I can SSH, SCP, or tunnel additional ports to gain access to other home machines. But a VPN that is really easy to set up and configure from the client end would be great, especially for friends and family that don't really understand the concept of SSH with port tunnels. As a related question, can it do a permanent site-to-site VPN between different PfSense machines? I could see certain friends and family wanting a similar setup and linking our networks together so they can take advantage of my SAN for offsite file backups and such.
I currently have a 150 Mbps cable connection. However my router only has 10/100 Ethernet ports (both WAN and LAN side) so I'm not quite getting my full connection. It isn't much of a problem, but it annoys me. And Gigabit routers are surprisingly pricey.
I heard about PfSense and I wonder if a cheap, low-power PC build with dual Gigabit ports running PfSense would be a better option than buying a new router? I'd use my existing router just for the wireless access point on it which is good enough for phones/tablets.
Stuff I know I need:
Port forwarding for a couple game servers and associated web sites (mapping sites, small wiki, etc)
DHCP and DHCP reservations
I'm also interested in any VPN ability. Right now I do a cert-protected SSH into a VM on my home network, from there I can SSH, SCP, or tunnel additional ports to gain access to other home machines. But a VPN that is really easy to set up and configure from the client end would be great, especially for friends and family that don't really understand the concept of SSH with port tunnels. As a related question, can it do a permanent site-to-site VPN between different PfSense machines? I could see certain friends and family wanting a similar setup and linking our networks together so they can take advantage of my SAN for offsite file backups and such.
Thanks for the link. I might install it to a VM first just to play with it and see how it works, though in production I'd rather it be its own machine so I don't lose Internet if I have to work on my ESXi box.
Or you could save a bunch of money get a managed or dumb switch for ~$20 and either a Ubiquity ER-X or Mikrotik hEXr3 (RB750Gr3) for ~$50, both offer everything you mentioned and then some.
They aren't exactly consumer friendly routers, but neither is pfsense. If you want to have a project building a pfsense box, sure go that way. If you want everything you mentioned at a super cheap price I'd skip pfsense and just get one of those two routers.
Personal opinion despite having the same hardware the ER-X is more user friendly, but lacks the optimization of the hEXr3. EdgeOS is visually more appealing, but RouterOS incorporates more functions without having to result to the CLI. The hEXr3 also runs the Dude. Don't be fooled by these being $50 routers they offer very powerful features and have crazy performance.
Also this guy the Co-founder of the pfSense, and project leader from 2004-July 2016 works for ubiquity now.
I agree with getting an EdgeRouter for saving money. They're ideal for small businesses and offer site-to-site VPN, VLANs, and more.
This channel is pretty good at covering all things Ubiquiti:
I ran pfSense on my main router for about a year now and got a lot out of it. I built my router from an old Supermicro 1U chassis and Supermicro dual-core Atom motherboard with 2GB of RAM. This totaled over $200 from 2 separate ebay purchases.
Even with these low specs it felt overpowered for what I was doing. Had I set up the VPN I would have pushed the CPU a bit harder than idle.
In the end I couldn't really benefit from everything it offered because most of it was over my head. It had plenty of expansion (got a quad-port nic for additional LANs but never set it up) but I just needed a basic router with high throughput on the WAN side. I ended up replacing it with a USG after my OCD kicked in seeing blank spots in Unifi control panel (don't get a USG if you don't have other Unifi hardware on your network). I plan to set up VLANs with my Unifi Switch 16 XG. Also some sort of VPN and port forwarding for my Plex media server but that's about it.
Legit question, can be answered looking at pfsense, routerOS, Edgemax etc.. documentation then comparing that to what those routers do. In addition to what they can achieve, it is the power with which they have to achieve it. Things like VPNs and associated encryption requires some ooomph for decent throughput, same for QoS, and many other things. So even when other routers offer a similar feature the performance using that feature sucks.
Which is why we provided him with the cheapest most quality solution to achieve his needs (with actual room to do more) at prices cheaper than both Pfsense and practically any consumer router.
Didn't have to re-clarify what you already linked lol, I was just restating Spykez intentions and comparing a consumer wireless router's VPN capabilities with a purpose built wired only router is like comparing apples to oranges.
The thing I love about pfsense is it can be setup to share bandwidth fairly among devices dynamically with queues.. so I can be downloading on steam and my mate can play overwatch with minimal ping increase on a 5Mbit down 0.9Mbit up connection. This connection would be useless for multi-user without it.
The thing I love about pfsense is it can be setup to share bandwidth fairly among devices dynamically with queues.. so I can be downloading on steam and my mate can play overwatch with minimal ping increase on a 5Mbit down 0.9Mbit up connection. This connection would be useless for multi-user without it.
Do you have a link to a guide on setting that up, I haven't found a decent guide for setting up queues for 2.3, so far just traffic shapers which don't do what it sounds like you are doing.
Do you have a link to a guide on setting that up, I haven't found a decent guide for setting up queues for 2.3, so far just traffic shapers which don't do what it sounds like you are doing.
I set it up following a blog post quite a while ago that I can't seem to find now, but here are some pictures of my config to try and help.
From what I remember you find the reliable up and download speed of your connection, then go to the limiters part of the traffic shaper section and make the download and upload limiters with the values you decide on, with maybe slightly smaller numbers.. then for each limiter you give them a queue and name it, then you go to the LAN firewall rules page and set the pass rule with the queues set as the in and out pipes under the advanced options.. then you need to go to diagnostics / states / reset states for this to have an effect.
This is all off the top of my head looking at my working config, feel free to ask for help
Didn't have to re-clarify what you already linked lol, I was just restating Spykez intentions and comparing a consumer wireless router's VPN capabilities with a purpose built wired only router is like comparing apples to oranges.
I was under the impression the OP wanted to do VPN, spykez and you suggested or mentioned consumer wireless routers fit that bill, so hence the comparison of VPN capabilities.
The thing I love about pfsense is it can be setup to share bandwidth fairly among devices dynamically with queues.. so I can be downloading on steam and my mate can play overwatch with minimal ping increase on a 5Mbit down 0.9Mbit up connection. This connection would be useless for multi-user without it.
Do you have a link to a guide on setting that up, I haven't found a decent guide for setting up queues for 2.3, so far just traffic shapers which don't do what it sounds like you are doing.
I was under the impression the OP wanted to do VPN, spykez and you suggested or mentioned consumer wireless routers fit that bill, so hence the comparison of VPN capabilities.
OP called gigabit routers pricey which is a bit off base but then again we're missing details such as budget and what his connection is even like. I never recommended a product just said that current modern routers with a VPN capability are cheap as a retort, I'm just waiting till more info is added.
Do you have a link to a guide on setting that up, I haven't found a decent guide for setting up queues for 2.3, so far just traffic shapers which don't do what it sounds like you are doing.
I set it up following a blog post quite a while ago that I can't seem to find now, but here are some pictures of my config to try and help.
From what I remember you find the reliable up and download speed of your connection, then go to the limiters part of the traffic shaper section and make the download and upload limiters with the values you decide on, with maybe slightly smaller numbers.. then for each limiter you give them a queue and name it, then you go to the LAN firewall rules page and set the pass rule with the queues set as the in and out pipes under the advanced options.. then you need to go to diagnostics / states / reset states for this to have an effect.
This is all off the top of my head looking at my working config, feel free to ask for help
I'm not sure, my understanding is that each device / IP gets it's own queue, and it serves queues one after another, so I can have steam going in my queue and it will get served, and my mate can have overwatch in his queue and it will be the next packet served, then back around to me again. if i'm the only one trying to do anything I get full bandwidth, if both of us are using it we get half each or whatever is needed if less than half, if there's a phone also using flat out it it gets split three ways (which is the one downside, 4.3Mbit split 3 ways is not enough for video streaming =\)
Maybe I'm looking in the wrong places, but most Gigabit routers I found were around $150, while I could get a basic SFF build for $200 using a Zotac Zbox.
I don't really have a budget set. I can stick with my current setup indefinitely, it just annoys me that I can't get my full 150 Mbps especially as a game server operator. Not that the current 100 Mbps limit is causing any problems.
I'm interested in PfSense not out of budget, but more out of curiosity. Just hoping to learn something new and upgrade my current setup at the same time.
Maybe I'm looking in the wrong places, but most Gigabit routers I found were around $150, while I could get a basic SFF build for $200 using a Zotac Zbox.
I don't really have a budget set. I can stick with my current setup indefinitely, it just annoys me that I can't get my full 150 Mbps especially as a game server operator. Not that the current 100 Mbps limit is causing any problems.
I'm interested in PfSense not out of budget, but more out of curiosity. Just hoping to learn something new and upgrade my current setup at the same time.
Like I said both Ubiquity and Mikrotik would fulfill that niche. They both are as full fledged as pfsense (The co-founder of pfsense works for ubiquity now). They both run pro level OS's (The hEX is running the same routerOS as it's 72 core brethren are running) so if you are wanting to "learn something", you will have your handful.... The ER-X and hEX r3 are both right around ~$50, and they both have the power to do everything you want to do, and then some. The only downside to each of them is there is no hand holding, so you will have to learn to get them working.
Do what ya want, but they are both hands down the best routers out there for the money.
After digging more into this, it looks like the EdgeRouter ER-X is the way to go. I'm surprised at the price, it's hard to beat $50 with Gigabit and VPN support.
Thanks for the comments. I ended up getting an EdgeRouter ER-X and it seems to work perfectly. Speedtests put me at 130 Mbps download which is in the neighborhood of what I pay for and significantly better than I was getting from my previous cheap router. The web UI is pretty intuitive and responsive. I'm impressed at how much value you get at only $50.
I haven't had a chance to play with the VPN stuff yet, but I'll start by seeing if I can get my laptop and IPsec configured for remote access. Eventually I want to convince a family member a hundred miles away to get an ER-X and set up a site-to-site VPN so I can securely replicate my NAS over the Internet for off-site backups of stuff without relying on third-party hosting.
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Related Threads
?
?
?
?
?
Ask a question
Ask a question
Overclock.net
27.8M posts
541.2K members
Since 2004
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!