Router to replace pfSense

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

TomT

Regular Contributor
Hi.

I'm looking for a router to replace pfSense.
I need to be able to supported some specific VPN configurations.

I need an IPSEC VPN to the office that is restricted to certain Lan clients.

An openVPN client to Private Internet Access, with all clients in a specific alias/group using this as there default gateway but other devices using the normal WAN.

Dial in VPN access for two users, both with access to limited devices. Which are different for each user.

Currently in pfSense I have 4 interfaces
WAN
LAN 192.168.1.x
WiFi 10.10.10.x
NAS 173.16.10.x

One dual in user needs access to the NAS but nothing else, the other to a LAN device.

Is this possible ? And what router would you suggest ?
Thanks
 

Tech9

Very Senior Member
You are already using perhaps the most configurable router OS with very good support and regular updates. Why replace it?
 

Hikari

Occasional Visitor
Doesn't it support the VPN setting u need? Did u verify if OpenWRT supports it? Maybe u should go to Cisco, Ubiquiti, etc forums ask if they have some model that fit ur needs. Cisco I can say their forum is barren, almost no user posts and no employee ever answer anything.
 

TomT

Regular Contributor
You are already using perhaps the most configurable router OS with very good support and regular updates. Why replace it?
I was hoping to find something slightly simpler.. trying to get this setup on pfSense isn't simple.
 

Xentrk

Part of the Furniture

TomT

Regular Contributor
Thanks for advise and links.
I'll take a look and probably remove and recreate the openVPN connection and see if that helps.
 

Tech9

Very Senior Member
I replaced my pfsense with a Cisco RV340 a couple years ago.

Cisco RV3xx series is not a replacement to Netgate/pfSense, it's a downgrade. I also use similar RV345P units, but for specific applications only. They are quite far from pfSense configuration options and require subscription to Cisco services to unlock the full potential. pfSense/OPNSense do that for free, have regular updates and perhaps better support.
 

ddaenen1

Senior Member
I agree that pfsense may not be the easiest to configure but once it runs...it just runs. I came at a point that i do not need to look at it at all. I do sometimes to update any packages but even there, i do not bother with the small version updates, only significant ones. The hardware, whilst old, is way enough to process my Gbps line. The only thing i am considering is to replace the Dell R210 for the sole reason that it doesn't support AES-NI. I still have a Supermicro 1U server that i am planning to upgrade with an E3-1220 v2 CPU and that will last for years. If my provider decided to launch higher speeds, i am only an X550-T2 away
 

coxhaus

Part of the Furniture
Cisco RV3xx series is not a replacement to Netgate/pfSense, it's a downgrade. I also use similar RV345P units, but for specific applications only. They are quite far from pfSense configuration options and require subscription to Cisco services to unlock the full potential. pfSense/OPNSense do that for free, have regular updates and perhaps better support.

My local network is run by a Cisco L3 switch so when I replaced pfsense with a RV340 router I don't consider it a downgrade. Actually, pfsense broke my pfsense with a code upgrade so the Cisco Rv340 was an upgrade for me.

I doubt seriously you ran a L3 switch. pfsense wants to control your whole network which only works for tiny networks. pfsense will try to stear you away from using a L3 switch with pfsense because of this. I know this as I used the forums for over a year.

I don't trust pfsense's code updates as I had other problems. You really need to test everything when you upgrade pfsense. I have upgraded Cisco's firmware for many years and only have seen a small issue that was easy to work around.

Once I got pfsense running right it was stable. I just don't trust pfsense software updates and I don't want to work that hard testing everything when I do a software update. So, I call pfsense a downgrade.

If I wanted a better firewall, I would run Untangle as it is cheap for home use. I am retired now for 12 years and I don't want to work hard any more so the Cisco RV340 router takes the least amount of work to maintain and just works 24/7 without any lock ups. I ran Untangle for many years and only went away from it when I shutdown my home Exchange server. Email takes too much support and I wanted to retire and travel. I was away for a couple of weeks and my network went off line which my daughter's business email was through my Exchange. I had a 5-hour rack mount APC UPS but the phone company hosed their DSL modem which required a manual reboot. It never lost power but I think they hosed it with some kind of software update. After that I gave my kids 6 months to get off my mail server. Then I turned it off. I was looking for maintenance free software without an email filter which Untangle has, after that I tried pfsense. It was more trouble than Untangle from a maintenance stand point.
 
Last edited:

Tech9

Very Senior Member
RV3xx can't do even 10% of what pfSense firewall can. I have both to compare - RV345P and SG-5100. Completely different class products.
 

coxhaus

Part of the Furniture
RV3xx can't do even 10% of what pfSense firewall can. I have both to compare - RV345P and SG-5100. Completely different class products.

I my opinion the Cisco RV340 router and a Cisco L3 switch is a much better system than running pfsense. We all get opinions. I would switch in a heartbeat. And I did. I don't run pfsense anymore. If I was going to support my rack, I would run Untangle over pfsense. I would still run my RV340 router and my Cisco L3 switch as I would run Untangle as a UTM between the RV340 and the L3 switch. Which is the way I ran Untangle most of the years I ran it in the past.
 

Tech9

Very Senior Member
We all get opinions.

If you really believe a basic small business RV340 router from 2016 can replace pfSense firewall OS from 2021, please help @TomT to configure it according to his requirements. We are trying to help him to make a decision, correct? If you can't do it with RV340, that's not an opinion anymore, but technical limitations. What we run at home and we think is better is irrelevant. The case is clearly described in post #1. Please, solve it using the equipment you suggest. I own 4 Cisco RV345P routers and would like to learn more. You'll help us both.
 

coxhaus

Part of the Furniture
If you are talking about VPN to an ISP. I would never do that that as it is a waste. All routing information is readable as it has to be to enable access to web sites on the internet and be routable. Your data will be encrypted but all routing info is available to all.

If you are talking about VPN to work then I would probably setup Cisco's as that is what I did in the old days 20 years ago.

Whatever problem is, I will come up with a solution. I worked on Cisco enterprise equipment for 15 years. My solution is not to use 1 device for all.

I am sorry you bought the RV345P and are missing out on using Cisco L3 switching. The RV345P is the simple setup with several Cisco APs. This would setup would be better than a wireless router. I much prefer L3 switching but we all have opinions. Using L3 switching is going to scale to a larger network.

And like I said if I was real serious about security for home I would run Untangle. pfsense does not fit into my picture any more. I ran it for a year and that was enough. It is a step up from an all-in-one router but I would not run one of those either.
 
Last edited:

Tech9

Very Senior Member
The RV345P is the simple setup with several Cisco APs.

This is exactly what I use them for. This is what they are made for. I figured you worked with Cisco in the past. No word about paid subscriptions to unlock RV34x router functions. Multiple VPNs in and out are problematic, VPN custom configurations are not possible, VPN performance is terrible, Cisco Umbrella is a paid service, OpenVPN client software was a paid service until recently. Is it still paid service? I haven't checked what's the current situation honestly, but getting an RV34x router doesn't give you all the features. The price of a "new" RV340 from 2016 is comparable to Netgate SG-3100 unit. Netgate comes with guaranteed updates, excellent support and documentation. RV340 will be end-of-life device soon. Your L3 switch at home runs your network and it is the highest performance solution, but not for everyone. The router doesn't matter in your case. You've run bridged Untangle in the past just because RV340 is a very basic unit. It has nothing really, except good Dual WAN and native VLAN support. RV345P has more LAN ports and PoE. That's all, nothing else. You don't have solution to @TomT case obviously because RV340 can't provide a solution. Can you replace @ddaenen1 setup with RV340 router? You can't. How come RV340 is an upgrade/replacement to pfSense/Untangle/Sophos firewall OS?
 

coxhaus

Part of the Furniture
I never said Rv340 router was a replacement for Untangle. Untangle is a better firewall than pfsense. You are kind of changing the facts. And to me the RV340 is a replacement to pfsense for me as I have stated many times.
 

Tech9

Very Senior Member
You are kind of changing the facts.

With all due respect @coxhaus, RV340 is so basic router in 2021 that even home routers with custom firmware beat it easily in both configuration options and performance. You obviously don't have an RV340 based solution for the OP because this router can't meet his requirements. I don't understand this type of help, honestly. No one asked what works for you. Many are happy with the basic ISP provided router, it works for them just fine. You have a case to solve in this thread. The equipment you recommend is not capable of doing it. One guy asks for RT-N66U router replacement and ends up with 4C/8T Xeon server recommendation. Another asks for pfSense appliance replacement and ends up with a router not much faster than RT-N66U. None of the guys received any useful information. What's the point of all this? I'm done here.
 

coxhaus

Part of the Furniture
With all due respect @coxhaus, RV340 is so basic router in 2021 that even home routers with custom firmware beat it easily in both configuration options and performance. You obviously don't have an RV340 based solution for the OP because this router can't meet his requirements. I don't understand this type of help, honestly. No one asked what works for you. Many are happy with the basic ISP provided router, it works for them just fine. You have a case to solve in this thread. The equipment you recommend is not capable of doing it. One guy asks for RT-N66U router replacement and ends up with 4C/8T Xeon server recommendation. Another asks for pfSense appliance replacement and ends up with a router not much faster than RT-N66U. None of the guys received any useful information. What's the point of all this? I'm done here.

You are changing the facts again as the title of this tread is "Router to replace pfsense". I replaced my pfsense with a Cisco RV340 router and I am happy with my solution. I don't need VPN nowadays since I am retired. I would not run OpenVPN even if I needed a VPN. If you have to have OpenVPN then I think Cisco RV260 router does support OpenVPN. I think Untangle supports OpenVPN.

And you run an $800 Netgate SG-5100. I doubt he want to spend that much. He can build a used Xeon server for less money that will be faster.

Quit saying the same thing over and over you will not change my mind about pfsense. If you get the price down on the Netgate SG5100 below a wireless router price you might sell some. The smaller Netgates have weany CPUs.
 

avtella

Very Senior Member
The cheaper SG devices aren't any worse or punier than the RV340W CPU wise unless you get the lowest SG-1100. The RV340W is comparable to the ~$300 SG-2100 in regards to both having a 1.2 Ghz Dual Core ARM CPUs: Cortex A9 in the RV vs Cortex A53 in the SG and 1GB RAM/256MB Flash in the RV vs 4GB RAM/8GB Flash in the SG. Can't comment on the internal switches in both though as I don't know enough on that. The Cortex A53 in the SG-2100 while close to the A9 general performance wise does have the advantage of AES acceleration in its favor, nice to have if using VPNs. Cisco does advertise hardware acceleration for VPN on the RV340W, it seems to have a custom Cortex A9 variant by NXP. The $400 SG-3100 interestingly has a 1.6 Ghz Cortex A9, 2GB RAM / 8GB Flash.

Not getting into the which eco system is better debate but thought I'd just comment on the hardware along with some similarities.
 
Last edited:

coxhaus

Part of the Furniture
I would think pfsense is more bloated code wise than the RV340 router. As for the switch in the RV340 I don't use it as I run a Cisco L3 switch. I only use 1 switch port on the LAN side for any router I use. Once you can handle 1 gig of internet traffic extra hardware on a router does not really buy you anything as very few buy faster internet traffic. Enterprise people are not going to buy these small routers.

You can say well I will use the extra CPU power for local routing with 10 gig, 25 gig, or 40 gig but at this point the L3 switches are going to blow away any fast router.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top