Technical Discussion
  >> DSL Hardware Discussion


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Pipexer
(eat-sleep-adslguide) Mon 08-Dec-14 18:11:22
Print Post

pfSense - reliable, stable, trustworthy firewall, IPv6?


[link to this post]
 
I got carried away the other day and bought another HP Proliant Microserver despite not needing another one so I am wondering whether to try pfSense on it. Thing is I don't really have any complaints with my current Draytek Vigor 2860n...

Is anyone willing to try and convince me I absolutely should setup pfSense and use that instead of my Draytek?

If only Firebricks were a bit cheaper..

AAISP Home::1
Standard User Spud2003
(fountain of knowledge) Tue 09-Dec-14 06:15:55
Print Post

Re: pfSense - reliable, stable, trustworthy firewall, IPv6?


[re: Pipexer] [link to this post]
 
I've been running pfSense for a few months now and it looks like becoming my permanent router(and I have some pretty good routers to choose from). In my case I'm using a fanless(including CPU) mini-ITX PC with a SSD - so absolutely zero moving parts(apart from the power switch). I presume you are going to add another network card to your Microserver or use some VLAN trickery?

I've found it reliable, stable, fine as a firewall(though I'm not a firewall nerd), and it runs my Hurricane Electric IPv6 tunnel with no problems.

Spend some time at the pfSense forums and the pfSense sub-reddit. Essentially it's free so try it and see if you like it, you won't lose anything. smile
Standard User Benjanyan
(regular) Tue 09-Dec-14 17:05:23
Print Post

Re: pfSense - reliable, stable, trustworthy firewall, IPv6?


[re: Pipexer] [link to this post]
 
I've found it to be excellent for managing multiple connections to the net. I run it via Virtualbox so the setup is far from ideal but it continues to work well. I also run OpenVPN via it.

If you don't need the extra features I'd have to say "if it's not bust, don't fix it" though.

Ben


Register (or login) on our website and you will not see this ad.

Standard User summat
(member) Tue 09-Dec-14 17:53:48
Print Post

Re: pfSense - reliable, stable, trustworthy firewall, IPv6?


[re: Pipexer] [link to this post]
 
I've been running pfSense since around version 0.31 (alpha days) and even ran a mirror for them for a few years.

Your microserver is way overpowered for it though (unless you're on hyperoptic or something...). I have it installed on a first-gen Atom mITX board, single 1.6ghz core, 512MB of ram with a couple of 100mbit NIC's (yeah, still limited by my 80/20 FTTC anyway.. heh) and maxed-out grabbing a linux ISO torrent the cpu usage is well under 30% and its a pretty damn slow CPU by anything today's machines have.

I've found to to be rock stable even since those early days - not that at the time I was asking a huge amount from it.

Features wise its pretty up there with some of the paid products, and with the packages system you can really extend that functionality further. I've used it for a few different connections at home over the years. This has included routed /29's, native ipv6, tunnelled ipv6 (boo Zen, gief proper v6..). Dynamic and static addresses too. It's really happy doing it all.

These days I have it running a couple of permanent OpenVPN tunnels to a couple of different work sites so I can access the remote networks from any machine on my network without additional configuration, and it also runs an OpenVPN server for me to dial in when I'm not at home.

I've got a few friends who tie entire corporate networks together using it, and even one using it to run a small ISP for users in a block of flats using its PPPoE server. Really can do pretty much anything you throw at it, whether its home networks or multi-gigabit routing. Just need to scale the hardware suitably.

Whether it really gives you any more than you actually need (and currently can get) from your Draytek.. only you can answer that.. but I can say for sure pfSense is a safe bet if you're looking for something low-cost but very capable.

PS. If you want a more compact home for it to run on than a microserver, there are some nice products on LinITX (for example) with 3 GbE ports in a metal chassis which are fully solid-state industrial-style computers. Which also happen to ship with pfSense preinstalled..

Edited by summat (Tue 09-Dec-14 17:57:54)

Standard User stuartfletcheruk
(newbie) Tue 09-Dec-14 19:44:19
Print Post

Re: pfSense - reliable, stable, trustworthy firewall, IPv6?


[re: Pipexer] [link to this post]
 
I also have a couple of HP Microservers N40L model. One runs nas4free and the other is a security gateway

I have Sophos UTM installed. It's free for home use and very easy to set up. With only a few restrictions 50 users/32000 connections, it is the exact same software as Sophos provide on their high end security appliances.

Worth a look if you are after a commercial grade security gateway which comes with 3 years of updates and definitions

You will need a minimum of 4Gb of memory.

Stuart
Standard User fredfox
(experienced) Wed 10-Dec-14 09:23:59
Print Post

Re: pfSense - reliable, stable, trustworthy firewall, IPv6?


[re: stuartfletcheruk] [link to this post]
 
I'd 2nd Sophos UTM, I've been running it for years, I started off just playing with different products and stuck with it. I've got it running on a N40L as well but as a VM under ESXi.

Pipex
Nildram
UKFSN
Be *
Now -> Xilo / Uno (and BT)

Still no fibre frown
Standard User Moto
(fountain of knowledge) Wed 17-Dec-14 23:28:49
Print Post

Re: pfSense - reliable, stable, trustworthy firewall, IPv6?


[re: fredfox] [link to this post]
 
Sophos for me too but turn off IPS if you are running it on an intel atom

laugh A friend surfing in laugh
Standard User Dash
(regular) Thu 15-Jan-15 15:09:08
Print Post

Re: pfSense - reliable, stable, trustworthy firewall, IPv6?


[re: Pipexer] [link to this post]
 
Suck it and see.

I put a second nic into my ESXi host to see if I could get a Linux VM to work as a router, I think my distro was bust as PPPoE wasn't working, but just to be sure I figured I'd install pfSense on a dedicated VM. I wasn't going to look at switching everything over from my DD-WRT setup as I figured it'd take forever to set everything up again with all my complex SNATs and IP blocks etc.

I was mistaken, a couple of hours later I had everything shifted over. I haven't looked back. It's so much slicker than DD-WRT, I don't know how that compares to the Draytek interface. It's been running solidly for ages now. It runs happily along on my Pentium, hardly using any CPU cycles even when switching at full speed for my FTTC connection.

IP is up the same as your existing router and just swap it in and try it. If you don't like it, turn it off and turn your Draytek back on.
Standard User David_W
(fountain of knowledge) Thu 15-Jan-15 18:43:59
Print Post

Re: pfSense - reliable, stable, trustworthy firewall, IPv6?


[re: Dash] [link to this post]
 
I've been using pfSense as my primary router since pfSense 1.2 and recommend it highly.

pfSense 2.2 is probably no more than a few days to a few weeks from release at this time - the last time I looked there were less than ten tickets open against 2.2. Amongst other things, 2.2 changes the underlying operating system from the obsolete FreeBSD 8.3 to the current FreeBSD 10.1, with better support for modern hardware.

If you are going to deploy pfSense in the next few weeks, I'd either wait for 2.2 to release or deploy the current development snapshot, which you can update easily to the release version of 2.2 when available.


As has been said, pfSense is suitable for UK home broadband connections of any speed on modest hardware, though remember that an old PC might have significant power costs if you use it as a router. You can always try pfSense on an old PC booting from a Live CD and using a USB stick for the configuration file, though you cannot use packages such as Snort in this configuration. If you like pfSense, you can then buy suitable embedded hardware and copy across the configuration file from your memory stick.

  Print Thread

Jump to