1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Fixed Wireless LTE pfSense router

Discussion in 'General Network Security' started by ronjon, Jul 2, 2018.

?
  1. Verizon

  2. AT&T

  3. T-Mobile

Results are only viewable after voting.
  1. ronjon

    ronjon New Around Here

    Joined:
    Jul 1, 2018
    Messages:
    5
    I will be moving within the next month and a fixed LTE provider will be my best internet option. I will be using at&t since the have numerous towers in my area with multiple band options allowing me the ability to aggregate them. My question pertains to compatibility between three products for an LTE pfSense router build. Will i be running into any issues with these three. I will be running openVPN connected to a nord server. I'm doing this for the sake of encrypting my data (duh) so i am not throttled based on what im streaming or viewing and hopefully they wont be able track how many users are on the one data plan. I am going the pfSense route to avoid some bottlenecking with the encryption. Ideas are welcomed, criticism is encouraged and MC7455 is a must. Also i'll be using a Directional MIMO antenna with lmr300 cable for those wondering, surge arrestors will be used on both lines. Also, how much ram should I get?

    qotom I7-4500u https://www.aliexpress.com/item/QOT...l?spm=2114.10010108.1000023.12.771420652PJhOw

    wireless adapter for broadcasting wifi https://www.amazon.com/dp/B0756YCTY3/?tag=snbforums-20

    AirPrime LTE Modem https://www.aliexpress.com/item/MC7...2925e17&transAbTest=ae803_2&priceBeautifyAB=0
     
  2. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,321
    Location:
    San Diego, CA
    I would go with the i5-5250U model qotom with 4GB ram and the 32gb SSD - anything more is overkill for a pfsense box

    It's a better performer than the i7-4500u, and since this is a fanless PC, the i7 does run quite a bit warmer..

    I suggest a dedicated AP for your WiFI, the realtek chipset is ok for client, not so hot for host AP modes there.

    As for T-Mo, ATT, VZW - shop the rate plans, and coverage - and see what the overage impact will be...
     
  3. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,849
    Location:
    Canada
    I bought one recently, tho my primary use (for now) is run XPC-NG, and move my accounting VM off my NAS' J1900 and into the Qotom's i5 5250U. I swapped the 16 GB microPCI SSD with a 256 GB Samsung 840 Pro that was taken out of my desktop.

    I tested OPNSense this weekend inside a VM, and it seemed to work fine under Xen (just have to ensure that some of the NIC offloading features are disabled - OPNSense had them already disabled by default). Suricata setup also was fairly easy to do (while my last attempt at getting Snort to work under pfsense never succeeded).

    If I had to recommend one, I would recommend OPNSense over pfsense, especially if you intend to run an IDS/IPS. I much prefer Suricata to Snort.
     
  4. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,096
    Location:
    United States
    Except if you are running IPv6....setting Suricata IPS mode on OPNsense kills IPv6 on the interfaces where Suricata is active. A couple of users ,including myself, have reported the problem a couple of months ago. A bit disappointed in the lack of a response.

    BTW...pfsense supports Suricata as a plugin.
     
  5. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,312
    Location:
    UK
    pfSense/OPNSense. Quite sad to read this on Wikipedia :(. Kinda puts me off trying pfSense.
    http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-1828
     
  6. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,321
    Location:
    San Diego, CA
    It's a bit of a complicated story, and one that is well beyond the scope of SNB - let's just say that the whole pfSense/opnsense this has a long and sordid history, with smart and talented people, big egos, and a lot of hard words and feelings -- it's unfortunate, but these things do happen.

    It detracts attention on what I consider to be good distro's (both of them).
     
  7. ronjon

    ronjon New Around Here

    Joined:
    Jul 1, 2018
    Messages:
    5
    Okay so I will go the i5 5250 route. Do you recommend a usb3.0 wireless adapter? I have two rt66u routers so using dedicated ones aren't an issue. I guess I just wanted it compact. And is OpenSense easier to work with? I haven't looked into it yet.
     
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,312
    Location:
    UK
    I suspected as much, these things are rarely black and white.
     
    Last edited: Jul 2, 2018
  9. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,321
    Location:
    San Diego, CA
    USB WiFi adapters and FreeBSD - not the best option - I would convert the RT66U's to AP's, they'll be fine, and a better choice.

    Can't say much about OpnSense - I don't use it - but hey, give it a try, kick the tires on both, and make the decision from there.
     
  10. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,849
    Location:
    Canada
    Would be new, and hopefully works better than the Snort plugin did when I tried it. Worth taking a look at.
     
  11. ronjon

    ronjon New Around Here

    Joined:
    Jul 1, 2018
    Messages:
    5
    When i convert the routers into AP's will they also function as switches? I'll Have some noob questions along the way. Also i won the bid on the house so this build is almost guaranteed to happen now.

    At this point i have together 2 rt66u routers which will be acting as Access Points (and hopefully switches), the Qotom mini pc with an 15 5250u, my LTE mpcie modem (MC7455), and still on the frits between OpenSense or pfSense. Just keeping yall updated.
     
  12. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    709
    Yes they’ll act as switches as well. I’d suggest starting with pfsense first since there are more resources for it online, when you’re comfortable and want to experiment then give OPNSense a try.

    Congratulations on the house!
     
  13. ronjon

    ronjon New Around Here

    Joined:
    Jul 1, 2018
    Messages:
    5
    So I have stumbled upon another LTE modem, which is half the cost and supports more bands and bandwidth (cat 9). The modem in question is the Fibocom L850-GL, HP supports it in their laptops. It has a M.2 (B) interface. Will an adapter cause issues with communicating and what are the chances pfSense will work with it? Also how would I add support for band locking and aggregating in pfSense?

    Fibocom L850-GL https://www.aliexpress.com/item/-/32870801173.html?spm=a2g0s.13010208.99999999.261.37013c00CZYapC
    mini pcie to m.2 (B) adapter https://www.aliexpress.com/item/-/32846396904.html?spm=a2g0s.13010208.99999999.267.730c3c00IyndaR
     
  14. ronjon

    ronjon New Around Here

    Joined:
    Jul 1, 2018
    Messages:
    5
    So I'm kind of doing a 180 here by asking this. What linux based router OS is hardware friendly? I ask this because of my necessity for an LTE modem? Is there one that offers support for band aggregation?
     
  15. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    709
    Probably OpenWRT? As for band aggregation, that's more dependent on the model of the modem and if its Linux driver supports it. Edit: see sfx’s explanation below
     
    Last edited: Jul 8, 2018
  16. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,321
    Location:
    San Diego, CA
    LTE Band Aggregation happens between the modem and the LTE network...

    It's transparent to the router. So it really doesn't matter whether OpenWRT or pfSense - they see it as a WAN end-point - only thing that the user can configure is authentication, and to ensure that the LTE modem has a supported driver at the OS Level
     
  17. kfp

    kfp Very Senior Member

    Joined:
    Jun 26, 2014
    Messages:
    709
    Right, makes sense.
     
  18. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,849
    Location:
    Canada
    Took another look at pfsense tonight. Once again, it left me rather underwhelmed.
     
  19. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,249
    Location:
    texas
    I had a problem with pfsense and SNORT. I had it kind of running but I was doing to much log work. I was reading logs all the time trying to tune SNORT. I finally formatted over and ran pfsense without SNORT. I don't run pfsense now. The new versions were breaking to many things for me. I gave up.
     
  20. Audio-catalyst

    Audio-catalyst Occasional Visitor

    Joined:
    May 6, 2017
    Messages:
    27
    going on holiday soon and need reading material, got a link to this complete story somewhere ?

    send from a mobile device, so typo's are to be expected