pfSense computer bulid

[Chrisgtl]

I am about to try turn my Plex server computer into a pfSense router.

The computer is a i7-9700, 16GB RAM and SSD. It has 1 ethernet port on the motherboard so I have ordered a dual port network card.

I am planning on running pfSense from Windows 10 Hyper-V.

I also have a Asus 86U which I would like to use as the wireless Access Point.

Has anyone else done this? Any tips to make it successful?

I've been reading some guides but many of them are quite old now and hardware has significantly improved so I'm unsure about how much of the resources I should assign to the virtual environment.

Firstly, will my network end up like this;

Cable Modem > HyperV (WAN port) > HyperV (LAN port) > Asus 86U

Then all my LAN clients will plug into the 86U which will also have the wireless clients connecting to it. I will need to change my 86U to Access Point mode.

Can I use my motherboard LAN port to connect into the 86U so the Plex server works as normal?

My dual port network card arrives tomorrow so will start setting it up tonight. I have downloaded the pfSense ISO and enabled Hyper-V on the Windows 10 Pro machine.

If anyone could help me I'd be very grateful.

 

[coxhaus]

Just be careful and keep all your virtual ports correct and don't share untrusted traffic.

 

[CaptainSTX]

Consider buying a Pfsense manual that exactly matches the version of Pfsense you are going to be running as Pfsense has envolved what worked in past versions maybe different in current releases. Same with watching YouTube videos.

Good luck.

 

[L&LD]

I say good luck! Because I didn't see any benefit at all from doing what you're now attempting.

It seems unless you're running dedicated hardware sold to you by pfSense, the promises are just that.

 

[Chrisgtl]

I say good luck! Because I didn't see any benefit at all from doing what you're now attempting.

It seems unless you're running dedicated hardware sold to you by pfSense, the promises are just that.

Oh that's not good to hear haha. I thought pfSense was much more flexible/customizable than anything else out there for its price point.

Are you saying that running pfSense on a VM environment is buggy and buying a netgate with pfSense is much better?

 

[coxhaus]

When I ran pfSense it ran solid. I did not run VM as it was many years ago. It is just not my cup of tea.

 

[CaptainSTX]

Steep learning curve on Pfsense. I tried it and it wasn't worth it. To get what you want is going to take a major effort. If it was something that you did on a daily basis on many boxes well OK but otherwise you may not get the payback you wanted.

 

[L&LD]

@Chrisgtl, I didn't run pfSense in a VM. On a bare metal clean install (done dozens of times) on fully supported (recommended) NICs/platform. With a default install, no bells or whistles at all; it would consistently throttle my 1Gbsp up/down symmetrical connection worse and worse, every passing day. Horrible.

With anything enabled, even worse. @CaptainSTX is correct about 'steep learning curve', but what made me give up is an i5-6400 processor with 16GB of RAM and 2x Intel NICs would perform worse than an RT-AC68U I had at the time, soon to be upgraded to the RT-AC86U which would just smoke it in ease of use, but in network performance too.

It didn't even cost me anything except the NICs I bought to be 100% 'in' with pfSense. But in my opinion, not worth what I paid for it either. (And I was able to return the NICs).

 

[Chrisgtl]

I've cancelled my NIC order. I'll stick with my 86U as my router.

Thanks for the honest opinion.

 

[ddaenen1]

I've cancelled my NIC order. I'll stick with my 86U as my router.

Thanks for the honest opinion.

Well, honest opinions might be interesting but it shouldn't stop you from experimenting. I just (as in "today") switched from a Mikrotik RB3011 to pfsense. Reason for doing so? The ability to have a more customizable solution that can take of certificates (Let's encrypt) and setting up a reverse proxy to protect my nextcloud server from external dangers when i want to be able to access it externally.

I did do extensive trials offline before merging it into my network but today, i did it. Result: fast,...very fast! I am very happy about my choice and am now working my way through several guides to get my nextcloud in the open.

Bottom line: don't get scared of trying something different. pfsense is great and offers many features that consumer router don't do and even are a challenge for many business solutions. My device is to try it, but do make sure you have sufficient time to figure it out offline before moving it into your network.

 

[ddaenen1]

@Chrisgtl, I didn't run pfSense in a VM. On a bare metal clean install (done dozens of times) on fully supported (recommended) NICs/platform. With a default install, no bells or whistles at all; it would consistently throttle my 1Gbsp up/down symmetrical connection worse and worse, every passing day. Horrible.

With anything enabled, even worse. @CaptainSTX is correct about 'steep learning curve', but what made me give up is an i5-6400 processor with 16GB of RAM and 2x Intel NICs would perform worse than an RT-AC68U I had at the time, soon to be upgraded to the RT-AC86U which would just smoke it in ease of use, but in network performance too.

It didn't even cost me anything except the NICs I bought to be 100% 'in' with pfSense. But in my opinion, not worth what I paid for it either. (And I was able to return the NICs).

Well, i don't know how many moons ago that was. I am running pfsense on a Dell R210 with an X3430 and 16GB ECC with 2 x 240Gb SSD's in mirror and i can say, i don't see any of that. This performs better than my RB3011 and not even want to mention my RT-AC88U which used to be the core of my entire network.

I can't believe you would prefer something like an RT-AC86U over that as this never was a high flyer.

 

[MichaelCG]

I ran pfSense on a much older Core2 DUO for many many years with absolutely no issues. Not sure what issues others have experienced here. pfSense having a steep learning curve?? What? For the most basic setup, it is pretty easy. Can it get complex? Yes it can if you want to tinker. Otherwise, basic Firewall functions are pretty easy.

It really comes down to what your goal is for looking at pfSense. If your 86U is meeting your needs, then yes, pfSense is overly complex. If you want a more full featured firewall with the option for additional services, pfSense has the ability to serve those needs.

As for running as a VM, start with 1GB of memory and 1 CPU. Unless you are turning on IDS or some other feature, this should be more than enough resources for it to run fine. I ran my house off of a Core2 DUO (e8400 maybe???) just fine....and your i7 would absolutely run circles around it.

 

[chuckt62]

Well, honest opinions might be interesting but it shouldn't stop you from experimenting. I just (as in "today") switched from a Mikrotik RB3011 to pfsense. Reason for doing so? The ability to have a more customizable solution that can take of certificates (Let's encrypt) and setting up a reverse proxy to protect my nextcloud server from external dangers when i want to be able to access it externally.

I did do extensive trials offline before merging it into my network but today, i did it. Result: fast,...very fast! I am very happy about my choice and am now working my way through several guides to get my nextcloud in the open.

Bottom line: don't get scared of trying something different. pfsense is great and offers many features that consumer router don't do and even are a challenge for many business solutions. My device is to try it, but do make sure you have sufficient time to figure it out offline before moving it into your network.

@ddaenen1
[hijack] I’m curious about your issues with the 3011, SSL Certs etc. I’m using a Mikrotik hEX S and have been considering a similar setup w/Let’s Encrypt certs & Nginx for reverse proxy. If you’ve come across any road blocks with RouterOS I’d like to hear about it before I get too far down that road. [/hijack]

 

[Val D.]

I've cancelled my NIC order. I'll stick with my 86U as my router.

Yes, because you listen to advice from people who know no better than ASUS router + Asuswrt-Merlin + USB stick. When you land on a predominantly ASUS consumer products users forum, what you expect to hear? The only thing I'm missing on my pfSense setup is the Reboot and Reset. You change the configuration and the thing doesn't even want to reboot... horrible indeed, very disappointing. Coming from the same "gaming" ASUS RT-AC86U, by the way. Only one of my current APs exceeds its WiFi capabilities easily. I'm running pfSense on quad-core i5 CPU with 8GB RAM. The performance is stellar. Whatever is available through Asuswrt-Merlin (due to hardware limitations, the coders here are magicians) is like baby-versions of pfSense packages, both in performance and configuration options.

 

[L&LD]

@Val D., can you please stop with the sideswipes against my experience.

I reported my experience which is less than a year ago today. pfSense did not impress at all, in any sense.

If the recommended (and much 'above') hardware I used can't keep consistent speeds with a default install of the then-current pfSense version on my 1Gbps up/down symmetrical ISP connection, you expect me to still be supportive?

I too read the success stories of others with pfSense and I gave it a shot. In my case, it failed miserably. Getting slower and slower each day is not what I expect of networking equipment, particularly one that is based on desktop hardware. And to be clear; this is even after a reboot too.

I haven't tried it since then and it may have improved, but the posts I've read about it vs. the networking experience I'm realizing with RMerlin + scripts and a mere USB drive doesn't warrant a look in the near future.

At least for me.

 

[Val D.]

@Val D., can you please stop with the sideswipes against my experience.

I don't remember mentioning you specifically. Since you're here, what exactly experience you have with pfSense? You managed to install it once is what I can read here: https://www.snbforums.com/threads/rt-ax88u-swapfile.61649/#post-548228

pfSense router I built around this time last year. Defaults used. Nothing added. Nothing changed.

In your situation I wouldn't rush to give advice to other people how pfSense works. pfSense is a corporate firewall and many businesses are using it somehow with hundreds of active clients. For some reason I've never seen a consumer router doing routing/firewall in a corporate server rack, have you? Do you really think pfSense was choking your 1Gbps residential ISP line? Think again. I'm sorry for your bad pfSense experience, it requires reading and learning indeed.

How do you run your ASUS router? Factory defaults, nothing added, nothing changed? Is it good this way?

 

[Val D.]

The computer is a i7-9700, 16GB RAM and SSD.

Run pfSense on a dedicated hardware, not on a VM. You may encounter some VM direct assess to hardware limitations. Intel i3 CPU with 4GB RAM is more than enough. SSD is not really needed, small HDD is good enough. Intel NICs are recommended, but not mandatory. Install pfSense and start learning the configuration basics. Expand capabilities as you learn. Install one package at a time, test it, learn what it does and how. Go small steps at a time, try to understand the "sense" behind it. It will help you build your network the way you want it, whatever you want from it. Use your current router as a backup, you'll make mistakes and you'll have to start over. You can use it temporary as AP + switch as well, but better get a proper SMB class switch and APs. You'll see the difference right away. Not in benchmark apps, you'll see it. At this point you'll never look back at consumer AIO products.

Warning:
Networking is addictive, use responsibly. Some people start with DIY pfSense, OPNsense, Untangle, Sophos, etc. box or an off-lease refurbished server and end-up with full-blown server rack, or so called "home lab". A have a friend of mine, he competes with the Pentagon with his "home lab". If some day Google shuts down, this guy will be the backup.

 

[Xentrk]

I have experience with most of the open source router firmware on the market except for OpenSense. I found that pfSense firmware is the best firmware for my use case as a home router. I really like the features available and the OpenVPN performance.

I require the use of several VPN tunnels and have selective routing requirements. With AES-NI built in, I get approximately 6x the performance of my RT-AC88U and even the RT-AC86U router I support at a remote site. All of the functions I require are built into the GUI or available by installing a package. I've never had a need to write scripts.

There are some very good tutorials on the internet and the Lawrence Systems YouTube channel has excellent tutorials as well. I'll follow-up with some of the links I have used when I get home.

I converted an old Windows 7 PC to a router using the USB stick method. I had to spend around 12 USD for another network card. I use an RT-AC68U as the access point. Eventually, I plan to replace it with a Netgate appliance that has a smaller footprint and no fan noise.

 

[L&LD]

@Val D. I did not just install pfSense 'once'. Don't take quotes out of context either, please.

I tried to persevere with it as long as I could. That was for two weeks. That was enough for me to know it was broken at that time. At least for my usage.

I also don't run my routers or my customers at 'defaults' either. But keep trying to undermine my input and trying to hide behind your finger about who your comments were about.

I haven't given anyone advice on pfSense.

I shared my experience. Sorry, it doesn't live up to your expectations. It didn't live up to mine either.

If someone were to buy even a $10 router and it exhibited the same performance as what I saw out of pfSense, even you would say to junk it. Even at defaults.

Don't understand what you're trying to prove here? I know enough to have had a good experience, but the software didn't deliver, and not even with the recommended hardware.

Should pfSense (with a few updates in those two weeks) and the i5, 16GB RAM and SSD with Intel NICs given me a better than an RT-AC86U experience? Sure. I wanted it to and I gave it every chance I could.

Did it? Not even for a two-hour window. (It was the most times I've rebooted my network in my life, actually).

Now, let us see how you misinterpret these facts.

 

[Val D.]

I converted an old Windows 7 PC to a router using the USB stick method.

Your's is very similar to mine. I use an HP 8300 Ultra Small Desktop computer with a second Gigabit NIC attached to the micro PCIe slot, i5-3570 CPU on Adaptive via PowerD (runs on 1.6GHz most of the time), fans on lowest via BIOS (barely noticeable noise), CPU temps stay below 40C most of the time, small but fast HDD (had to find a use for it), one USB port connected to my UPS, etc. RT-AC86U was my AP at the beginning. As expected, this PC with RT-AC86U as AP performs much better than RT-AC86U as a router.

Now, let us see how you misinterpret these facts.

I don't see any facts presented. Someone tried to run pfSense, it didn't work for a reason not so hard to guess. That's fine. I don't share my experience with my attempts to grow bananas in my living room in a farmers forums though. My "facts" about growing bananas indoors won't be useful for anyone. You know what I mean? Now I'm leaving you with your experiences. You may present more "facts", if you want to. There is no point for me to continue this conversation with you. @Chrisgtl has enough information to read and to decide what to do.