Haven’t Decided on an OS yet. Pfsense looks good but, the folks at bufferbloat.net say SQM isn’t 100% on Pfsense. OpenWRT/Open LEDE does have it correctly implement but, there is no installer, you image your drive and drop in or compile your own drivers? UNtangle looks good it does cost $200 for featured at home use for 5 years.
I know i’ll be doing SQM, VLANs, likely VPN Tunnels between my home and lab, Also some DNS (definitely in the LAB i don’t wanna use Active Directory for DNS)
Intel Core I3-8100T (CM8068403377415) [35W 7412 passmark] … {$129.00}
Gigabyte H310N … {$45.00}
HyperX FURY 4GB DDR4-2666MHz PC4-21300 CL15 … {$25.99}
IBM / Intel PRO/1000 PT 39Y6127 39Y6128 … {$12.95}
SuperMicro 1U case with PSU idk what model … {$50??}
Cheapo 8x riser … {$12.50}
32gb SanDisk SSD … {$11.98}
Dynatron K2 1U CPU heatsink … {$19.57}(from another project a few years back)
shouldn’t be bad if i so choose, i had it on my home server witch has a 45 watt i7, it ran toasty but, manageable at 80+C with this fan turned down real low. This Chip is 35watt so hopefully that helps. Hadn’t heard of IPFire.
Hey there,
I’ve had pfSense in the past, however have switched to IPfire for the past two years. For my use case I find it much easier to manage and pretty much set and forget. (Other than weekly firewall updates). I really didn’t like the way pfsense implemented firewall rules and port forwarding.
intuitive interface
easy firewall rules setup
Light resource usage
I use it to manage multiple segregated internal networks with multiple vlans each.
1gig up/down external. Running on an old dell sff i bought for a 100 canadian pesos. i3 2120 with 8 gigs, and it’s still way overpowered.
Compatible with all the intel nic pci cards i’ve tossed into them so far.
My use case, we have HIGHLY asymetrical internet so proper SQM is the utmost important thing i have almost one whole second of buffer bolat delay on speed tests.
HOWEVER the “Why I can’t Recommend Pfsense To Fix Bufferbloat For Gamers” video brings up that ease of use topic because PFsense defaults to “always no” THEN you have to find a way to allow whatever it is you are using. great for enterprise but, not for home!
It sounds like maybe IPfire acts more like a normal firewall??? (as in not blocking everything automatically)
At first install everything on the red interface is blocked, as is standard for most firewalls. It’s just much easier to get things going, and yes you can allow all right off the bat if you so choose.
PFsense worked well, however it was always a bitch when I had to add another set of rules for a new server. I honestly just got pissed of having to go through the guides and forums each time I needed to make a firewall change.
unfortunately i’m in the US, here in order to even call and ask if a company offers service in our area we must survive 60 second of a brutal beating form the brute squad. If you are still conscious you wait on hold for 20 minutes before rep tells you the offer service on 1 street in your town.
Most are! if you read the comments one of the guys form the bufferbloat.net community chimed, he is how i found out after he found one of my threads on reddit last year, there is not enough information on it being shared. if done right it i think it can be helpful on heavily utilized symmetric connections, or at the very least it makes old school standard QoS like crude rocks.
Personally I think the whole QOS doesn’t work in PFsense is wrong. I think that the default wizard config causes it to usually not work like it should but configured correctly it does exactly what you expect from it.
I have been using QOS on PFSense for years and for a long time it wasn’t performing as it should. Lots of reading later I changed some basic configs and it has been working excellently from there.
I’m not saying everyone should use PFSense - just that the “QOS not working” shouldn’t be the reason for not using it.
Just so long as you aren’t lumping SQM and QoS together. Also PFsense doesn’t have a full implementation of SQM, it has FQ Codel it lacks other methods like CAKE. IT WILL WORK but, it isn’t perfect or 100% optimal either. form what i reading it make a big difference but, it still get spikes and what not.
from what i can get gather the REAL deal break is the “always no” and having to reference guides (as commented by a few) to set up a new game server etc etc, in the video linked above some multiplayer game clients didn’t work either or could only allow 1 player.
I don’t think it’s so much a fault of PFsense so much as PF sense being more geared for enterprise security more so that home. Security as talked about on level 1 news is comprise, Ease vs security. the prior for home and the later for business. The same for your QoS, for SQM the YT comments on the video above have lots talking about CAKE even though it isn’t fully developed at this time apparently it’s very promising. I’m sure some tweaking would have FQ codel doing even better too.
I however look forward to some more IPfire and Open LEDE research / testing. SSD should be here soon and another 1151 mobo to for my next router as i need one for home/home lab too. (1 for LAB lab and one for home)
i’ve found untangle doesn’t do BIND so for my big lab i will have to disable DHCP and DNS and spin this up on an R-Pi (i don’t think i really need that much horse power for DNS with with less than 100 devices let alone 50 or less.)
So is FQ_Codel part of SQM implementation or its own entity. Trying to scrub through a lot of blogs and docs and people are using SQm and fq_codel together and others are making them sound seperate. I was about to swap to Pfsense from my USG and supposedly fq_codel is built into gui as of 2.4.4.
fq_ccodel is a second class citizen in pfsense and does not work, this has been proven here.
QoS only goes so far, it is limited, all the forums and stuff you read act like it is the end all be all but, SQM and it’s different implementations like CAKE or FQ_Codel were invented BECAUSE OF QoS’s shittyness.
weather or not it flat replaces QoS or would be part of QoS as a whole is good question but, i can’t member if i read that far or i my brain melted with all the projects going on right now. BUT to answer your question i think of it as different kinds or implementations of SQM, there is FQ_Codel, CAKE etc etc
So i watched the video twice and i cant see where he shows where fq_codel does not work for bufferbloat. He basically complains about upnp implementation not working for two people playing on same lan. Did you have another video in mind by chance?
Also never heard what version of pfsense he was using.
So if he was using one before 2.4 where they added fq-codel option in gui than that also may be why he did not go over it.
Either way i will try and get this setup over next week or two and report back my findings
