Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User ianfuture
(learned) Mon 07-Aug-17 18:16:48
Print Post

Pfsense -> managed switch - hardware that can cope with VPNs


[link to this post]
 
Wasn't sure if this or one of the other hardware related forums was appropriate, but I'm looking into replacing my current router with a pfsense box and an 8 port managed switch, and eventually some wifi AP's that can reach the back garden not just the house (I'll reuse router for it's wifi until then). The main driver is so i can route all traffic over VPN except those connections/machines/applications that will grumble if they see a non UK IP address. So basically need a lot more control.

Hardware yet to be determined for any of it, but the primary query for here is :

- any recommendations for 8 port managed switches that can handle VLANs and be managed via a web gui , not by some other machine local application? I've previously seen TP link ones come well recommended but not sure if that's the case still ?

- also any recommendations for quiet low power pfsense boxes (self build not an issue) that would be powerful enough to handle VPN traffic on a standard UK FTTC speed connection with overhead to future proof? Assume the budget is approx £200

- are Ubiquiti WiFi access points likely to be the best option to reach back garden through several walls or are there other ways to ensure coverage is more directed or further reaching ?

thanks in advance
Standard User summat
(member) Tue 08-Aug-17 20:44:24
Print Post

Re: Pfsense -> managed switch - hardware that can cope with


[re: ianfuture] [link to this post]
 
I'm using pfSense myself - and plan to do something similar at some point VLAN wise if required, aside for that I'm using roughly what you're looking at.

1. How about a Netgear GS108E (web managed, desktop, fanless, 8 port) which seems to be around £30 ish. Lifetime warranty, too..

2. I recently replaced a very old single core Atom box I've had running for years with an Intel Apollo Lake Celeron (a Gigabyte J3455N-D3H motherboard in my case) which has two gigabit LAN ports. This is in a very small mini ITX case along with a picoPSU, a 4GB stick of DDR3L, and a 16GB SSD. Then a decent 60W 12V laptop style PSU. This solution has been fast and rock solid so far (3 months and counting at this point), and supports AES-NI to accelerate VPN usage. It's passively cooled with zero moving parts. Dead silent, plenty of performance. Not sure how much power it's using but I'm sure it's not much! Not totally certain on cost but I think under £200 for sure. Self build.

3. I use Ubiquiti points - Two AC-Lite APs in my case. I've got them cabled at opposite ends of the house in my case, the range seems pretty good (tested far end of house using a single point plugged in) but I'm not certain you'll get an amazing signal through multiple walls and then at a distance in the garden beyond. Perhaps an AC LR might be more suitable? Not sure really - only way to tell would be to try it!

Consider that to use these AP's (they have no web interface in their own right) you need to run the controller software, buy a 'cloud key', or use a cloud-based controller to manage them. Personally I run mine on a VM on the Google Compute Platform.

If you REALLY can't get an AP closer to the garden, you could buy a second AP and have it uplink wirelessly to the first using the Unifi controller software. That way it can rebroadcast the signal much closer to the garden. Instructions to do this is HERE.

Just bear in mind the potential performance losses using a wireless uplink, given it's having to relay wirelessly.

Edited by summat (Tue 08-Aug-17 20:47:56)

Standard User prlzx
(experienced) Tue 08-Aug-17 21:01:20
Print Post

Re: Pfsense -> managed switch - hardware that can cope with


[re: ianfuture] [link to this post]
 
On the Access points, UniFi would normally be ok, but regardless of vendor you may need one outside. Have a look at the small UniFi Mesh APs (you don't need to use them in a mesh topology but they can be mounted outside).

On the router, have you decided which VPN flavour to run? IPSec will have the best performance as long as hardware crypto accelerated.

EdgeRouter would be well worth considering.

pfSense is worth a look, but you'll need to scan the blog and forums for suitable boards. Previously I would have suggested boards using C2558 / C2758 and up to Xeon D-1541 but there might be more recent / better value hardware.

However. combo of low power / under £200 / FTTC speed VPN may rule out pfSense unless you find a proven model, otherwise start with EdgeRouter (Lite or X). Lite if you don't need to use the router as a switch. X if needing the option to use a built-in switch chip, and doesn't break the bank.

Switches, I find the Cisco SG300 series solid (all features exposed in web UI plus a CLI that is a usable subset of IOS commands), but you might want to look at the SG200 / SG220 / SG250. The TP-Link managed switches were ok but the VLAN interface was a little clunky (but still better than Netgear).



prlzx on iDNET: VDSL / 21CN at ~40Mbps / 10Mbps
with IP4/6 (no v6? - not true Internet)

Edited by prlzx (Tue 08-Aug-17 21:11:00)


Register (or login) on our website and you will not see this ad.

Standard User choppersrock
(regular) Wed 09-Aug-17 09:38:50
Print Post

Re: Pfsense -> managed switch - hardware that can cope with


[re: ianfuture] [link to this post]
 
Re pfsense box I use prebuilt pc engines amd with intel nics on board. 12 volt unit and no fan, has been running for months with no issue. I am on 2.4 beta too.

Slightly over the £200 but well worth it. I obtained mine pre built from linitx.com

Sky Fibre Pro - Zyxel vmg8324 (v14 bridge mode) + PFSENSE 2.4.0 with ipv6 - ECI cab, G.INP disabled as of 8th April 2016

http://www.mydslwebstats.co.uk user upload ID skyECI
Standard User ianfuture
(learned) Thu 10-Aug-17 12:00:15
Print Post

Re: Pfsense -> managed switch - hardware that can cope with


[re: summat] [link to this post]
 
Thanks for the info.

I liked the idea of a build your own mini PC to use as the pfsense box as it gives me room for steady upgrades if necessary, but I've seen that Intel NIC are better regarding encryption as they have better hardware for handling AES I gather that REaltek NIC. So trying to find a board that does that that doesn't break the bank has been tricky. What CPU do you have on that board ? What CPU usage to you see, and RAM usage? Are you using a VPN ?

So the Ubiquiti AP's need their own piece of software running on a machine to configure and run, or just configure ? If it was just configure, that'd be fine, but if i needed another always on piece of software that'd be a bit of a pain.

I'd seen the Netgear GS108E and similar , i suppose for £30ish it'd be reasonable and i've not lost too much if i have to change.
Standard User ianfuture
(learned) Thu 10-Aug-17 12:06:44
Print Post

Re: Pfsense -> managed switch - hardware that can cope with


[re: prlzx] [link to this post]
 
I had considered the outdoor AP a possibility, just hadn't looked into who made them in detail

my VPN uses Open VPN, and I would want that for any VPN now or in future seeing as it's more open and widely offered
Standard User ianfuture
(learned) Thu 10-Aug-17 12:28:53
Print Post

Re: Pfsense -> managed switch - hardware that can cope with


[re: choppersrock] [link to this post]
 
Which model one do you have? These caught my eye, the linitx.com website looks a bit ropey but the machines look good. What wasn't clear was how powerful the CPU's and the amount of RAM they offered as the website is a little bit random in the details I've found. Do you use a VPN? Do you know what your CPU and RAM usage peaks at ?
Standard User choppersrock
(regular) Thu 10-Aug-17 12:47:47
Print Post

Re: Pfsense -> managed switch - hardware that can cope with


[re: ianfuture] [link to this post]
 
I use this one, being the apu2c4 4gb model with ssd. You do need a serial adapter on the first install for the console but once its installed its not needed. Yes I use open vpn from within pfsense for inbound. I havent seen the box break into any sweat yet. Current mem use at 12%. Cpu temp at 55.
A couple of friends are using the same model.

FreeBSD 11.0-RELEASE-p10CPU TypeAMD GX-412TC SOC

4 CPUs: 1 package(s) x 4 core(s)

AES-NI CPU Crypto: Yes (inactive)



https://linitx.com/product/linitx-apu2-c4-4gb-3nicus...

Been using mine nearly a year and very pleased.

Sky Fibre Pro - Zyxel vmg8324 (v14 bridge mode) + PFSENSE 2.4.0 with ipv6 - ECI cab, G.INP disabled as of 8th April 2016

http://www.mydslwebstats.co.uk user upload ID skyECI
Standard User ianfuture
(learned) Thu 10-Aug-17 16:45:48
Print Post

Re: Pfsense -> managed switch - hardware that can cope with


[re: choppersrock] [link to this post]
 
My concern with these is that I might blow £200+ on something I can't upgrade or reuse easily if the CPU is not up to the job. 1GHz and nearly 2 years old CPU and various reports of less than great performance on outbound VPN make me wary.

One of several:
https://www.linuxserver.io/2016/12/17/review-pcengin...

It'd be great if some one had a VPN on Virgin's highspeed fibre connections and one of these boxes could report the throughput over their VPN connection and if it starts to bottleneck. Any of your friends in that boat who could check ?
Standard User choppersrock
(regular) Thu 10-Aug-17 18:09:47
Print Post

Re: Pfsense -> managed switch - hardware that can cope with


[re: ianfuture] [link to this post]
 
One of my friends replied with this.He is a member here too but cant answer himself right now but I am sure he will when its possible.

Tell them I'm using pfsense ap2u on a FTTP 100/100 connection with Vlans and VPN had no problems at all.

I will ask him to respond when he can.

Sky Fibre Pro - Zyxel vmg8324 (v14 bridge mode) + PFSENSE 2.4.0 with ipv6 - ECI cab, G.INP disabled as of 8th April 2016

http://www.mydslwebstats.co.uk user upload ID skyECI
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to