Would be great, I have two people on my network that use Steam/Origin and its a pain to download games twice.
@wendell with pfsense there is some hope of patches, and you are not running NetUSB like that Tenda probably is.
1 Like
USB Stick tend to have a lower life span especially if they are getting a large amount of read/writes and pfSense writes a fair bit to data to the storage device such as logs, DHCP leases and RRD graphs, which over a period of time can kill the USB stick, plus not being able to use stuff like caching is a big downside.
However, pfSense has a way to limit the amount of writes to the USB Stick as it supports for RAM disks that can be found in: System > Advanced > Miscellaneous. From here you can allocate space in memory for the logs, DHCP Leases, the RRD graphs and they will be written to the storage device in one chunk at the specified backup interval.
Also as this method suggest the data is stored in RAM so if you power off the machine before the backup period all the data will be lost.
Is it not recommended to involve wireless into a pfSense build, but rather have a separate device (Ubiquity for example) that handles that territory? I live in a studio apartment so there isn't much room, and I can't really justify the cost of even a basic router for such a small square footage. Any feedback regarding this would be much appreciated, thanks guys!
- AK
Wireless network cards do not work very well on pfSense, and I think 802.11/ac doesn't work at all (I might be wrong on this). I did do some testing on wireless cards I had around my house and they either wouldn't let clients connect or after a client was connected it couldn't ping any other client on the network, even with the correct firewall rules.
1 Like
I use pfSense at my house and in the businesses I support. I use a setup which is relatively low cost and high performance for 10 - 50 users and 5-10 VPN users.
I use a HP or Wyse thin client with a pci-e expansion card for extra nic ports
Models include HP T5740, T610 Plus, and Wyse Z90DE7
Most units are $50 - $150 and can support 4gb of ram, and a sata SSD on ebay
Older units use a Intel Atom N280 32-bit and newer ones use a AMD Dual-Core T56N 64-bit
Units with 8gb or larger internal drives use a 1.8" SSD on chip and have the ability for larger drives.
Here is my home unit for now looking to upgrade to a 64-bit model
Feel free to ask any questions I think these thin clients are drastically overlooked for their potential.
3 Likes
Out of curiosity, is that a Dell 790 (first gen core processor)?
Been running a PFsense box for two years now use snort and squid with some DNS overrides.
This has been a great little box for it:
https://m.aliexpress.com/item/1638834276.html?trace=storeDetail2msiteDetail&
Low power, reasonably priced uses the same form factor as the Mac Mini so easy to mount.
Great to see a refresh of the pfSense video! Man, Wendell covered so much in 20 minutes. It's impressive. I've been using pfSense since I saw the old video and love it. While most of it is very plug-and-play and only requires a basic knowledge of networking, a word of warning that if you choose to use Snort - and I recommend that you do - there are almost certainly going to be rules you'll want to disable, as they tend to block legitimate traffic. I'm sure the upcoming Snort video will cover this, but here are some of the SIDs I've had to disable to allow legitimate traffic.
Emerging Threats:
2002024 ET CHAT IRC NICK command
2018959 ET POLICY PE EXE or DLL Windows file download HTTP
2014819 ET INFO Packed Executable Download
2014906 ET INFO .exe File requested over FTP
2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
2013054 ET USER_AGENTS PyCurl Suspicious User Agent Outbound
2018430 ET WEB_CLIENT SUSPICIOUS Possible automated connectivity check (www.google.com)
Preprocessor: (GID:SID)
119:2 HI_CLIENT_DOUBLE_DECODE
119:4 HI_CLIENT_BARE_BYTE
119:7 HI_CLIENT_IIS_UNICODE
119:28 HI_CLIENT_UNBOUNDED POST
119:31 HI_CLIENT_UNKNOWN_METHOD
119:33 HI_CLIENT_UNESCAPED_SPACE_IN_URI
120:3 HI_SERVER_NO_CONTLEN
120:8 HI_CLISRV_MSG_SIZE_EXCEPTION
120:10 HI_SERVER_JS_EXCESS_WS
137:1 SSL_INVALID_CLIENT_HELLO
141:1 IMAP_UNKNOWN_CMD
Disclaimer: I make no claim to the safety of these settings. Use at your own risk. The most effective way to manage intrusion detection is to only disable rules when you find it necessary to do so.
1 Like
It's a 3010. i5-3450 + 8GB ram.
Got a bunch of these for a project and decided to keep a few. Got a good deal from a local business that bought them, then became successful and got a client contract that required them to have TPM chips (and these don't).
one man's loss… : )
3 Likes
I'm sure @meisnick already knows this, but for the rest of you
DON'T USE 32bit PFSENSE
It is deprecated.
https://doc.pfsense.org/index.php/2.4_New_Features_and_Changes
Just use your existing router as a WiFi access point. Just connect to the LAN ports only.
Disable DHCP on the router. This should work unless your router has separate VLANs/APs for guest, etc. If that is the case, you will have to reconfgure the router and make some additional settings changes. But it shouldn't be too hard.
1 Like
I'm still trying to get dynamic DNS to work to update IPv6 records. currently it seems to only update the A record and not the AAAA record. the end goal is to get a OpenVPN IPv6 pipe between 2 pf sense routers that will route the NAT ipv4 between both networks.
Though, my existing router is a modem/router combo, so that's why I would rather buy something new, though I see where you're going with it. Would you agree with purchasing a Ubiquiti router or just something basic (obviously I can't drill holes into the wall to mount it and run cable...) that would get me by? I'm definitely not the basic kind of guy, but spending a ton of money isn't really my cup of tea either.
- AK
I think our current one has that issue, and it would really suck if it persists or worsens when using DMZ passthrough. Will give it a try though! This is much easier for me than my proposed idea in the hierarchy chart.
At work I run pfSense and 3 Ubuquiti Unifi b/g/n Access points. They work amazingly well. You can get a single b/g/n Unifi access point for $56 at Amazon. About $20 more for the AC model, but their AC models were flaky at one point (I haven't looked into them recently to see if they have improved).
I wouldn't run their router, just on principle of it not being pfSense. After using pfSense for the last 3+ years - it would take a very compelling product for me to change.
You could hang it on the wall with a push pin. They don't weigh much.
1 Like
I have one of the AC models and haven't had any issues with it, works as intended and has had at least three firmware updates since I've owned it so they are still supporting it at least.
1 Like
Sounds great to me then, so first will be buying an small device for pfSense and then buying myself probably the AC version since @MichaelLindman hasn't had an issue with his.
- AK