1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

pfSense computer bulid

Discussion in 'Routers' started by Chrisgtl, Feb 17, 2020.

  1. Chrisgtl

    Chrisgtl Regular Contributor

    Joined:
    Sep 4, 2018
    Messages:
    98
    I am about to try turn my Plex server computer into a pfSense router.

    The computer is a i7-9700, 16GB RAM and SSD. It has 1 ethernet port on the motherboard so I have ordered a dual port network card.

    I am planning on running pfSense from Windows 10 Hyper-V.

    I also have a Asus 86U which I would like to use as the wireless Access Point.

    Has anyone else done this? Any tips to make it successful?

    I've been reading some guides but many of them are quite old now and hardware has significantly improved so I'm unsure about how much of the resources I should assign to the virtual environment.

    Firstly, will my network end up like this;

    Cable Modem > HyperV (WAN port) > HyperV (LAN port) > Asus 86U

    Then all my LAN clients will plug into the 86U which will also have the wireless clients connecting to it. I will need to change my 86U to Access Point mode.

    Can I use my motherboard LAN port to connect into the 86U so the Plex server works as normal?

    My dual port network card arrives tomorrow so will start setting it up tonight. I have downloaded the pfSense ISO and enabled Hyper-V on the Windows 10 Pro machine.

    If anyone could help me I'd be very grateful.
     
    CrystalLattice likes this.
  2. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,351
    Location:
    texas
    Just be careful and keep all your virtual ports correct and don't share untrusted traffic.
     
    Val D. and Chrisgtl like this.
  3. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,385
    Consider buying a Pfsense manual that exactly matches the version of Pfsense you are going to be running as Pfsense has envolved what worked in past versions maybe different in current releases. Same with watching YouTube videos.

    Good luck.
     
    Chrisgtl likes this.
  4. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    11,370
    I say good luck! Because I didn't see any benefit at all from doing what you're now attempting. :)

    It seems unless you're running dedicated hardware sold to you by pfSense, the promises are just that. ;)
     
    CaptainSTX likes this.
  5. Chrisgtl

    Chrisgtl Regular Contributor

    Joined:
    Sep 4, 2018
    Messages:
    98
    Oh that's not good to hear haha. I thought pfSense was much more flexible/customizable than anything else out there for its price point.

    Are you saying that running pfSense on a VM environment is buggy and buying a netgate with pfSense is much better?
     
  6. coxhaus

    coxhaus Part of the Furniture

    Joined:
    Oct 7, 2010
    Messages:
    3,351
    Location:
    texas
    When I ran pfSense it ran solid. I did not run VM as it was many years ago. It is just not my cup of tea.
     
  7. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,385
    Steep learning curve on Pfsense. I tried it and it wasn't worth it. To get what you want is going to take a major effort. If it was something that you did on a daily basis on many boxes well OK but otherwise you may not get the payback you wanted.
     
    Chrisgtl and L&LD like this.
  8. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    11,370
    @Chrisgtl, I didn't run pfSense in a VM. On a bare metal clean install (done dozens of times) on fully supported (recommended) NICs/platform. With a default install, no bells or whistles at all; it would consistently throttle my 1Gbsp up/down symmetrical connection worse and worse, every passing day. Horrible.

    With anything enabled, even worse. @CaptainSTX is correct about 'steep learning curve', but what made me give up is an i5-6400 processor with 16GB of RAM and 2x Intel NICs would perform worse than an RT-AC68U I had at the time, soon to be upgraded to the RT-AC86U which would just smoke it in ease of use, but in network performance too.

    It didn't even cost me anything except the NICs I bought to be 100% 'in' with pfSense. But in my opinion, not worth what I paid for it either. (And I was able to return the NICs). ;)
     
    Chrisgtl likes this.
  9. Chrisgtl

    Chrisgtl Regular Contributor

    Joined:
    Sep 4, 2018
    Messages:
    98
    I've cancelled my NIC order. I'll stick with my 86U as my router.

    Thanks for the honest opinion.
     
    L&LD likes this.
  10. ddaenen1

    ddaenen1 Senior Member

    Joined:
    Mar 11, 2019
    Messages:
    203
    Location:
    BE
    Well, honest opinions might be interesting but it shouldn't stop you from experimenting. I just (as in "today") switched from a Mikrotik RB3011 to pfsense. Reason for doing so? The ability to have a more customizable solution that can take of certificates (Let's encrypt) and setting up a reverse proxy to protect my nextcloud server from external dangers when i want to be able to access it externally.

    I did do extensive trials offline before merging it into my network but today, i did it. Result: fast,...very fast! I am very happy about my choice and am now working my way through several guides to get my nextcloud in the open.

    Bottom line: don't get scared of trying something different. pfsense is great and offers many features that consumer router don't do and even are a challenge for many business solutions. My device is to try it, but do make sure you have sufficient time to figure it out offline before moving it into your network.
     
    Val D. likes this.
  11. ddaenen1

    ddaenen1 Senior Member

    Joined:
    Mar 11, 2019
    Messages:
    203
    Location:
    BE
    Well, i don't know how many moons ago that was. I am running pfsense on a Dell R210 with an X3430 and 16GB ECC with 2 x 240Gb SSD's in mirror and i can say, i don't see any of that. This performs better than my RB3011 and not even want to mention my RT-AC88U which used to be the core of my entire network.

    I can't believe you would prefer something like an RT-AC86U over that as this never was a high flyer.
     
    Val D. likes this.
  12. MichaelCG

    MichaelCG Very Senior Member

    Joined:
    Jan 4, 2017
    Messages:
    620
    Location:
    Central US
    I ran pfSense on a much older Core2 DUO for many many years with absolutely no issues. Not sure what issues others have experienced here. pfSense having a steep learning curve?? What? For the most basic setup, it is pretty easy. Can it get complex? Yes it can if you want to tinker. Otherwise, basic Firewall functions are pretty easy.

    It really comes down to what your goal is for looking at pfSense. If your 86U is meeting your needs, then yes, pfSense is overly complex. If you want a more full featured firewall with the option for additional services, pfSense has the ability to serve those needs.

    As for running as a VM, start with 1GB of memory and 1 CPU. Unless you are turning on IDS or some other feature, this should be more than enough resources for it to run fine. I ran my house off of a Core2 DUO (e8400 maybe???) just fine....and your i7 would absolutely run circles around it.
     
    Val D. and Marin like this.
  13. chuckt62

    chuckt62 New Around Here

    Joined:
    Jan 2, 2020
    Messages:
    2
    @ddaenen1
    [hijack] I’m curious about your issues with the 3011, SSL Certs etc. I’m using a Mikrotik hEX S and have been considering a similar setup w/Let’s Encrypt certs & Nginx for reverse proxy. If you’ve come across any road blocks with RouterOS I’d like to hear about it before I get too far down that road. [/hijack]
     
  14. Val D.

    Val D. Very Senior Member

    Joined:
    Jun 16, 2019
    Messages:
    1,300
    Yes, because you listen to advice from people who know no better than ASUS router + Asuswrt-Merlin + USB stick. When you land on a predominantly ASUS consumer products users forum, what you expect to hear? The only thing I'm missing on my pfSense setup is the Reboot and Reset. You change the configuration and the thing doesn't even want to reboot... horrible indeed, very disappointing. Coming from the same "gaming" ASUS RT-AC86U, by the way. Only one of my current APs exceeds its WiFi capabilities easily. I'm running pfSense on quad-core i5 CPU with 8GB RAM. The performance is stellar. Whatever is available through Asuswrt-Merlin (due to hardware limitations, the coders here are magicians) is like baby-versions of pfSense packages, both in performance and configuration options.
     
    Last edited: Feb 23, 2020
  15. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    11,370
    @Val D., can you please stop with the sideswipes against my experience. :rolleyes:

    I reported my experience which is less than a year ago today. pfSense did not impress at all, in any sense.

    If the recommended (and much 'above') hardware I used can't keep consistent speeds with a default install of the then-current pfSense version on my 1Gbps up/down symmetrical ISP connection, you expect me to still be supportive?

    I too read the success stories of others with pfSense and I gave it a shot. In my case, it failed miserably. Getting slower and slower each day is not what I expect of networking equipment, particularly one that is based on desktop hardware. And to be clear; this is even after a reboot too.

    I haven't tried it since then and it may have improved, but the posts I've read about it vs. the networking experience I'm realizing with RMerlin + scripts and a mere USB drive doesn't warrant a look in the near future.

    At least for me. :)
     
    CaptainSTX likes this.
  16. Val D.

    Val D. Very Senior Member

    Joined:
    Jun 16, 2019
    Messages:
    1,300
    I don't remember mentioning you specifically. Since you're here, what exactly experience you have with pfSense? You managed to install it once is what I can read here: https://www.snbforums.com/threads/rt-ax88u-swapfile.61649/#post-548228
    In your situation I wouldn't rush to give advice to other people how pfSense works. pfSense is a corporate firewall and many businesses are using it somehow with hundreds of active clients. For some reason I've never seen a consumer router doing routing/firewall in a corporate server rack, have you? Do you really think pfSense was choking your 1Gbps residential ISP line? Think again. I'm sorry for your bad pfSense experience, it requires reading and learning indeed.

    How do you run your ASUS router? Factory defaults, nothing added, nothing changed? Is it good this way?
     
  17. Val D.

    Val D. Very Senior Member

    Joined:
    Jun 16, 2019
    Messages:
    1,300
    Run pfSense on a dedicated hardware, not on a VM. You may encounter some VM direct assess to hardware limitations. Intel i3 CPU with 4GB RAM is more than enough. SSD is not really needed, small HDD is good enough. Intel NICs are recommended, but not mandatory. Install pfSense and start learning the configuration basics. Expand capabilities as you learn. Install one package at a time, test it, learn what it does and how. Go small steps at a time, try to understand the "sense" behind it. It will help you build your network the way you want it, whatever you want from it. Use your current router as a backup, you'll make mistakes and you'll have to start over. You can use it temporary as AP + switch as well, but better get a proper SMB class switch and APs. You'll see the difference right away. Not in benchmark apps, you'll see it. At this point you'll never look back at consumer AIO products.

    Warning:
    Networking is addictive, use responsibly. Some people start with DIY pfSense, OPNsense, Untangle, Sophos, etc. box or an off-lease refurbished server and end-up with full-blown server rack, or so called "home lab". A have a friend of mine, he competes with the Pentagon with his "home lab". If some day Google shuts down, this guy will be the backup.
     
    Last edited: Feb 24, 2020
    ddaenen1 likes this.
  18. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,731
    Location:
    The Land of Smiles
    I have experience with most of the open source router firmware on the market except for OpenSense. I found that pfSense firmware is the best firmware for my use case as a home router. I really like the features available and the OpenVPN performance.

    I require the use of several VPN tunnels and have selective routing requirements. With AES-NI built in, I get approximately 6x the performance of my RT-AC88U and even the RT-AC86U router I support at a remote site. All of the functions I require are built into the GUI or available by installing a package. I've never had a need to write scripts.

    There are some very good tutorials on the internet and the Lawrence Systems YouTube channel has excellent tutorials as well. I'll follow-up with some of the links I have used when I get home.

    I converted an old Windows 7 PC to a router using the USB stick method. I had to spend around 12 USD for another network card. I use an RT-AC68U as the access point. Eventually, I plan to replace it with a Netgate appliance that has a smaller footprint and no fan noise.
     
    Marin and Val D. like this.
  19. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    11,370
    @Val D. I did not just install pfSense 'once'. Don't take quotes out of context either, please. :rolleyes:

    I tried to persevere with it as long as I could. That was for two weeks. That was enough for me to know it was broken at that time. At least for my usage.

    I also don't run my routers or my customers at 'defaults' either. But keep trying to undermine my input and trying to hide behind your finger about who your comments were about.

    I haven't given anyone advice on pfSense.

    I shared my experience. Sorry, it doesn't live up to your expectations. It didn't live up to mine either.

    If someone were to buy even a $10 router and it exhibited the same performance as what I saw out of pfSense, even you would say to junk it. Even at defaults.

    Don't understand what you're trying to prove here? I know enough to have had a good experience, but the software didn't deliver, and not even with the recommended hardware.

    Should pfSense (with a few updates in those two weeks) and the i5, 16GB RAM and SSD with Intel NICs given me a better than an RT-AC86U experience? Sure. I wanted it to and I gave it every chance I could.

    Did it? Not even for a two-hour window. (It was the most times I've rebooted my network in my life, actually).

    Now, let us see how you misinterpret these facts. :rolleyes:
     
  20. Val D.

    Val D. Very Senior Member

    Joined:
    Jun 16, 2019
    Messages:
    1,300
    Your's is very similar to mine. I use an HP 8300 Ultra Small Desktop computer with a second Gigabit NIC attached to the micro PCIe slot, i5-3570 CPU on Adaptive via PowerD (runs on 1.6GHz most of the time), fans on lowest via BIOS (barely noticeable noise), CPU temps stay below 40C most of the time, small but fast HDD (had to find a use for it), one USB port connected to my UPS, etc. RT-AC86U was my AP at the beginning. As expected, this PC with RT-AC86U as AP performs much better than RT-AC86U as a router.

    I don't see any facts presented. Someone tried to run pfSense, it didn't work for a reason not so hard to guess. That's fine. I don't share my experience with my attempts to grow bananas in my living room in a farmers forums though. My "facts" about growing bananas indoors won't be useful for anyone. You know what I mean? Now I'm leaving you with your experiences. You may present more "facts", if you want to. There is no point for me to continue this conversation with you. @Chrisgtl has enough information to read and to decide what to do.
     
    Last edited: Feb 24, 2020