Menu
What's new
By:
Filters Better Search

DIY Router with pfsense and fibrex

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

OGroteKoning

OGroteKoning

Regular Contributor
So, because I was advised by Merlin and others on here to get a more powerful router … I got myself one of those HP 8200 SFF elite PCs and thought - build a router!

It is way overkill but, for a reason. What I want to do is have a router that can manage multiple VPN connections without losing too much throughput and it has to be able to manage the workload. (see here ). I have an Asus RT-n66u with Merlin software - this little beast is quite capable, but unfortunately can not manage the workload. So... go for overkill!! I reckon, the i5 processor with 8GB RAM and 500GB HDD will manage quite well.

My main goal apart from normal routing/security/etc is still:
(a) Run multiple VPN connections (to do away with VPN on all devices)
(b) Force certain connections (websites) through specific VPN connections from any device (to do away with switching VPNs)

I have Vodafone fibrex (200 dl and 20 ul) – in New Zealand.

I have been tinkering away on pfsense but can not get an internet connection. I spoke with customer care at Vodafone and they pointed me to their Network settings for your broadband modem. Here are the settings:
Enable connection: Check
VDSL Name: Internet_VDSL
FibreX Name: Internet_Ethernet
Service type: INTERNET, TR069, VOICE
Connection Type: IP routing (IP)
MTU: 1500
MSS: 0
NAT: NAPT
VLAN: Check
VLAN ID: 10
802.1p: 0
IP protocol version: IPv4 + IPv6
IPv4 address type: DHCP
Static DNS: Uncheck
IPv6 addressing type: DHCP

And this is where I realised how far out of my depth I am. It's greek ... latinish greek! I can not find all the settings in pfsense to set the connection up. And all attempts I made was in vain.

TL:DR
I need to set up my DIY router for Vodafone fibrex
1. Which is the preferred routing software pfsense/OPNsense/Sophos (I have downloaded all three and is currently trying pfsense 2.4.3)
2. Is there an idiot's guide for me to get the connection running (WAN and LAN shows it is up-linked, but no IP for WAN)
3. How do I set it up to have my network running on 192.168.2.x

I did use search, but could not find my solution. If this thread is a duplication - apologies. Please move it to the right thread.
 
Last edited:
sfx2000 said:
Best bet with pfSense is to hit up their forums - lots of good knowledgable folks there...

Good resource here...

https://doc.pfsense.org/index.php/Main_Page
Click to expand...
I asked there too ... someone there told me it is not really a pfsense issue and that I should ask locally. I did respond - will see how that goes. I asked locally too on geekzone, but their forums are quiet ... unless you want to talk about movies and safe disposal of Li-ion batteries.

So, I turned to this forum which in theory should be able to assist.

Having said that, do you know anything about the topic?
 
OGroteKoning said:
So, because I was advised by Merlin and others on here to get a more powerful router … I got myself one of those HP 8200 SFF elite PCs and thought - build a router!

It is way overkill but, for a reason. What I want to do is have a router that can manage multiple VPN connections without losing too much throughput and it has to be able to manage the workload. (see here ). I have an Asus RT-n66u with Merlin software - this little beast is quite capable, but unfortunately can not manage the workload. So... go for overkill!! I reckon, the i5 processor with 8GB RAM and 500GB HDD will manage quite well.

My main goal apart from normal routing/security/etc is still:
(a) Run multiple VPN connections (to do away with VPN on all devices)
(b) Force certain connections (websites) through specific VPN connections from any device (to do away with switching VPNs)

I have Vodafone fibrex (200 dl and 20 ul) – in New Zealand.

I have been tinkering away on pfsense but can not get an internet connection. I spoke with customer care at Vodafone and they pointed me to their Network settings for your broadband modem. Here are the settings:
Enable connection: Check
VDSL Name: Internet_VDSL
FibreX Name: Internet_Ethernet
Service type: INTERNET, TR069, VOICE
Connection Type: IP routing (IP)
MTU: 1500
MSS: 0
NAT: NAPT
VLAN: Check
VLAN ID: 10
802.1p: 0
IP protocol version: IPv4 + IPv6
IPv4 address type: DHCP
Static DNS: Uncheck
IPv6 addressing type: DHCP

And this is where I realised how far out of my depth I am. It's greek ... latinish greek! I can not find all the settings in pfsense to set the connection up. And all attempts I made was in vain.

TL:DR
I need to set up my DIY router for Vodafone fibrex
1. Which is the preferred routing software pfsense/OPNsense/Sophos (I have downloaded all three and is currently trying pfsense 2.4.3)
2. Is there an idiot's guide for me to get the connection running (WAN and LAN shows it is up-linked, but no IP for WAN)
3. How do I set it up to have my network running on 192.168.2.x

I did use search, but could not find my solution. If this thread is a duplication - apologies. Please move it to the right thread.
Click to expand...
I have a GPON fiberhome modem/router. I had my ISP place it in Bridge Mode. This is a setting I used to be able to do myself. But a year ago, they remote into the fiberhome modem/router and make the change that way. I think this is what your issue is. Your modem should not be placed in routing mode as your pfSense box will do the routing. I also recommend turning off DHCP. If you need to connect to it, manually assign an IP address on your ethernet network adapter via the control panel if using Windows. For example, if the modem IP is 192.168.1.1, assign your laptop an IP address of 192.168.1.10. For Gateway, use the IP address of the modem, 192.168.1.1. The modem should just be a pass-thru. The MTU and DNS settings should be configured on the pfSense box, not the modem.

I then run an Ethernet cable from one of the fiberhome's LAN port's to the WAN port of my pfSense box, which is a PC with an Intel i5 with AES-NI enabled. Like you, I wanted better OpenVPN performance than the Asus Router was able to provide. Here is a snip of my WAN settings.

upload_2018-5-17_20-9-40.png


Below this are the fields to enter the username and password assigned by my ISP.

Here are some guides.
https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/
https://nguvu.org/pfsense/pfsense-baseline-setup/

Your VPN provider may also have a guide for pfSense. Mine does, but it is dated. Putting my own guide together is on my to-do list. I really like the Unbound feature and the pfBlockerNG package. The combination of these packages allow me to prevent DNS from leaking, block ads and malware, and make my selective routing real easy.

Were you able to have your Asus router connect to the WAN when it was connected to your modem?

You may want to ask a moderator to move this thread to the Routers forum. Probably a better place for it and you may get more help there.
 
Last edited:
Xentrk said:
I have a GPON fiberhome modem/router. I had my ISP place it in Bridge Mode. This is a setting I used to be able to do myself. But a year ago, they remote into the fiberhome modem/router and make the change that way. I think this is what your issue is. Your modem should not be placed in routing mode as your pfSense box will do the routing. I also recommend turning off DHCP. If you need to connect to it, manually assign an IP address on your ethernet network adapter via the control panel if using Windows. For example, if the modem IP is 192.168.1.1, assign your laptop an IP address of 192.168.1.10. For Gateway, use the IP address of the modem, 192.168.1.1. The modem should just be a pass-thru. The MTU and DNS settings should be configured on the pfSense box, not the modem.

I then run an Ethernet cable from one of the fiberhome's LAN port's to the WAN port of my pfSense box, which is a PC with an Intel i5 with AES-NI enabled. Like you, I wanted better OpenVPN performance than the Asus Router was able to provide. Here is a snip of my WAN settings.
Click to expand...
My ISP gave me a modem box and a Huawei router. I ditched the Huawei for the superior Asus. I connected the modem to WAN port and changing my LAN to 192.168.2.1 and pretty much plug-n-play. It work quite easily. I did have to add VLAN10 though. The modem has only one port - WAN. The ISP provides auto IPs and won't place it in bridge mode. My reckoning is if I can so easily plug-n-play with the Asus, there should be a fairly easy way to setup pfsense to do the same. No?

Here are some guides.
https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/
https://nguvu.org/pfsense/pfsense-baseline-setup/

Your VPN provider may also have a guide for pfSense. Mine does, but it is dated. Putting my own guide together is on my to-do list. I really like the Unbound feature and the pfBlockerNG package. The combination of these packages allow me to prevent DNS from leaking, block ads and malware, and make my selective routing real easy.
Click to expand...
Thanks! Will look into these once I get my internet connected.

Were you able to have your Asus router connect to the WAN when it was connected to your modem?
Click to expand...
Yes.

You may want to ask a moderator to move this thread to the Routers forum. Probably a better place for it and you may get more help there.
Click to expand...
I thought this is more a WAN/LAN issue and not necessarily router. But thanks
 
May not be an issue with the modem since you can plug and play with the Asus router. Another idea...Navigate to
  1. Status
  2. System Logs
  3. System
  4. Gateways
To see if there is any info that may shed light on the issue. Take a look at the PPP log as well.
 
Last edited:
Xentrk said:
I have a GPON fiberhome modem/router. I had my ISP place it in Bridge Mode. This is a setting I used to be able to do myself. But a year ago, they remote into the fiberhome modem/router and make the change that way. I think this is what your issue is. Your modem should not be placed in routing mode as your pfSense box will do the routing. I also recommend turning off DHCP. If you need to connect to it, manually assign an IP address on your ethernet network adapter via the control panel if using Windows. For example, if the modem IP is 192.168.1.1, assign your laptop an IP address of 192.168.1.10. For Gateway, use the IP address of the modem, 192.168.1.1. The modem should just be a pass-thru. The MTU and DNS settings should be configured on the pfSense box, not the modem.

I then run an Ethernet cable from one of the fiberhome's LAN port's to the WAN port of my pfSense box, which is a PC with an Intel i5 with AES-NI enabled. Like you, I wanted better OpenVPN performance than the Asus Router was able to provide. Here is a snip of my WAN settings.

View attachment 13102

Below this are the fields to enter the username and password assigned by my ISP.

Here are some guides.
https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/
https://nguvu.org/pfsense/pfsense-baseline-setup/

Your VPN provider may also have a guide for pfSense. Mine does, but it is dated. Putting my own guide together is on my to-do list. I really like the Unbound feature and the pfBlockerNG package. The combination of these packages allow me to prevent DNS from leaking, block ads and malware, and make my selective routing real easy.

Were you able to have your Asus router connect to the WAN when it was connected to your modem?

You may want to ask a moderator to move this thread to the Routers forum. Probably a better place for it and you may get more help there.
Click to expand...


I recently had fiber installed to my home, and Port Forwarding seems to be disabled on the ISP's modem. This is TOT's ZTE F660 device. Instead of calling them to place the device in bridge mode I plan to buy a media converter Fiber Optic to Ethernet and see how it goes. Tired of calling them. I assume you have AIS or TOT as well? The device is found when searching "Gigabit Fiber Optic Media Converter 100/1000 Mbps. (20KM)" It may be a easier solution. I hope.
 
Cake said:
I recently had fiber installed to my home, and Port Forwarding seems to be disabled on the ISP's modem. This is TOT's ZTE F660 device. Instead of calling them to place the device in bridge mode I plan to buy a media converter Fiber Optic to Ethernet and see how it goes. Tired of calling them. I assume you have AIS or TOT as well? The device is found when searching "Gigabit Fiber Optic Media Converter 100/1000 Mbps. (20KM)" It may be a easier solution. I hope.
Click to expand...
I have 3bb. This is the device I was looking at before I learned about bridge mode. https://www.tp-link.com/in/products/details/TX-6610.html. It is a GPON modem. One WAN Fiber port and one Ethernet LAN port.
 
I should have posted an update earlier. I got it to work. I installed pfsense. In the initial setup just after installation, I created a VLAN10 on my WAN port (igb1). Then set my WAN up to connect to the new igb1.10 port (or is it interface ... ???). Then logged in with GUI and went through the setup motions.

EDIT:
Now I am battling with VPN. I managed to set up various VPN clients and it works in one way or another ...

This is what I am trying to accomplish:

I would need 3 clients on the router (maybe a 4th for my NAS - will explain below)

Client 1: New Zealand - this is where I stay and would like to have a fast connection for general use and for the security and protection.
Client 2: USA - this is for my Netflix fix
Client 3: South Africa (ZA) - this is for my DSTv fix
Client 4: Canada (CA) - for my NAS. This might not be necessary as my NAS can connect to CA internally, but then the NAS have to bypass the VPN on my router. I am not too much worried about this location/connection as it is a simple fix I believe.

I have allocated static IPs to all wired and wireless devices. 192.168.1.2 to 192.168.1.99 is reserved for static. DHCP range is 192.168.1.100 to 192.168.1.200
I have the following aliases for possible firewall rules (I am not sure if this is really the right way):
1. http://asn.blawk.net/2906 for Netflix
2. http://asn.blawk.net/328045 for DSTv
3. http://asn.blawk.net/9901 for Neontv

With NordVPN's help, I managed to set up multiple VPN clients up without a problem. All the gateways showed "up" and running. I also tried my hand at firewall rules. The only one that seemed to work was routing Netflix URLs through the US Client. I could not manage to get a stream from www.now.dstv.com for DSTv or www.NeonTV.co.nz. Both errors indicated that I am not in the country within which the streams are geo-locked
For DSTv - I don't know why I couldn't get it right as seemingly I got the firewall rule to work for Netflix (might have been a fluke).
For NeonTV - This is a mess! Even though the "stock VPN client" was in NZ (according to IPleak and other sites), it gave me the error message that I am not in NZ. This is why I tried to bypass the VPN for NeonTV.

When going through "clean" WAN, I can connect to all of these and get the streams up and running when using the NordVPN app on device. But I want the router to recognise where I am connecting to and route the traffic through that correct tunnel.

I think I think I need to get all the IPs/URLs for each streaming service to enter into an alias, but I do not know how to do that.

Where should I post for help on my next step, or will someone help me here?
 
Last edited:
You must log in or register to reply here.

Similar threads

D
Testing firewalls, WireGuard VPN via pfSense, and other
Replies
2
Views
557
deveals
D
A
INFO: Word of warning about Vodafone UK FTTH/FTTP
Replies
3
Views
792
Ripshod
Ripshod
D
Can I repurpose an outdated gaming machine to be a home networking firewall with Linux and pfSense
Replies
10
Views
512
DubberDewski
D
Oyster1286
Help with Designing Network (noob)
Replies
17
Views
1K
tgl
T
G
Vodafone router issues... vodafone say nothing is wrong
Replies
16
Views
573
Ripshod
Ripshod
Similar threads
Thread starter Title Forum Replies Date
T Setting up Router and Bridge with with a Cable Modem Other LAN and WAN 18
S How do I find out why my router has stopped assigning LAN ip addresses ? Other LAN and WAN 5
J trace route shows private IP range after router Other LAN and WAN 3
N Improve file transfer speeds between my PC (used as a hotspot) with other devices ? Do I need a 2nd router between PC and main router ? Other LAN and WAN 4
Maverick009 Custom Router Box hardware freeze issue Other LAN and WAN 8
B Ubiquiti network or all-in-one router? Other LAN and WAN 39
SpeedThree Failure to connect MB Pro to Synology router. Other LAN and WAN 16
V Router lan wifi hardware Other LAN and WAN 10
D Testing firewalls, WireGuard VPN via pfSense, and other Other LAN and WAN 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 918 (members: 21, guests: 897)
Top