PFSense home brew firewall/router

Status
Not open for further replies.
Joined
Aug 21, 2008
Messages
25,104
Location
ON, Canada eh?
Who is using PFSense and who made their own box? I hear that the newer version of PFSense will require AES-NI capable CPU's and right now I have mine running on an old AMD Athalon X64 3000+ and want to build a new box, preferably ITX with dual NIC's on-board but this is negotiable.

Thoughts?
 
I've used it in the past, but not presently.

It's a very robust firewall solution though, and I've always been very fond of it.
 
I hoped you would stumble in here as I value your opinion with I.T. things. I'm happy with it on my current box and the hardware is really not taxed at all but thinking ahead and wanting to use an SSD for faster caching responses I wanted to upgrade to an AES-NI compatible CPU and I'm not sure which hardware to pick.

The current stable release of 2.3 is pretty nice with it's Web GUI.

smile.gif
 
Last edited:
Oh and by the way the Ubiquity Unfi AC-UAP-Pro access points with B/G/N/AC are amazing. I'm so done with consumer grade wireless router junk. Go Pro or go home.
lol.gif
 
How much caching are you doing? Mine always just cached to RAM making disk performance a non-issue. Actually had one where the (Seagate) hard drive died and it kept running for months until a power failure depleted the UPS to the point it shut off LOL.

The list of Intel CPU's that support AES-NI is extensive:
https://ark.intel.com/Search/FeatureFilter?productType=processors&AESTech=true

So I would do something similar to what you have presently using one of those CPU's, or finding a micro HP or DELL box with one of those CPU's already on E-bay or Kijiji and plop a 2nd NIC into it.
 
Thanks hadn't considered the Dell/HP Box or the E-Bay . KJiji route. Good Idea.

Not a ton of caching but I would like it to be as fast as possible because the network is loaded at times.
 
Originally Posted By: StevieC
Thanks hadn't considered the Dell/HP Box or the E-Bay . KJiji route. Good Idea.

Not a ton of caching but I would like it to be as fast as possible because the network is loaded at times.


Are you specifically configuring it to cache to disk? Because, IIRC, by default it doesn't.

Though for reliability, lower power consumption and speed of doing updates and boot ups, I fully support the SSD idea.
 
No whatever it does by default, I just see the HDD light flashing every few seconds so I assumed. Guess I should have read the logs which is what it's probably writing to the drive.
crackmeup2.gif
 
Originally Posted By: StevieC
No whatever it does by default, I just see the HDD light flashing every few seconds so I assumed. Guess I should have read the logs which is what it's probably writing to the drive.
crackmeup2.gif



Yeah, that's probably logging, LOL
 
This is the point where I say DIR right?

God I feel like the lady on the I.T. Crowd that thought she broke the Internet.
lol.gif
 
Originally Posted By: StevieC
This is the point where I say DIR right?

God I feel like the lady on the I.T. Crowd that thought she broke the Internet.
lol.gif



LMAO!!!
 
AMD has chips that support their version of AES-NI, but your motherboard has to support it as well. There is a huge performance difference if your app can leverage AES-NI vs not having it, but rarely is AES-NI "required", rather its is a really nice thing to have. I have no experience with PFSense but I do with a lot of other apps that use AES-NI. It can lead to really puzzling performance problems when you think its available and turned on, but a deep dive reveals its not being used due to BIOS settings on unsupported on the OS (i.e. Red Hat 5).
 
Rubber chicken. Thanks for the input. PFSense is definitely requiring the AES-NI on versions that will be released in the future and other users have asked to make it an optional requirement and they aren't backing down from it.
frown.gif


I'm not sure how long this old Athalon x64 is going to last anyway because it was a heavily used desktop, then was my Plex Server and now my router/firewall and so it has seen extensive use and it's about 10 years old now.
crazy.gif


I'll update this thread once I decide but was just looking for anyone that might have had experience with what's the best hardware for what I'm trying to achieve just so I have considered all the options to death sort of thing.
lol.gif


Cheers!
08.gif
 
I am running PFsense 2.3 on an old Gateway with an Intel 2140 Dual Core. I added a dual port server card. It works great for me. 2.4 just came out a couple days ago, but I haven't upgraded yet. 2.4 needs a 64-bit CPU, and 2.5 when it is released will require a CPU capable of AES-NI.
 
Did you do the update to 2.4? If so how do you like it? I haven't pulled the trigger yet on it. There is supposed to be another update to fix some of the WPA2 KRACK expoit stuff soon, so may wait for that.
 
Originally Posted By: tmorris1
Did you do the update to 2.4? If so how do you like it? I haven't pulled the trigger yet on it. There is supposed to be another update to fix some of the WPA2 KRACK expoit stuff soon, so may wait for that.


I think the *BSD OS's are already patched.

EDIT: OpenBSD was patched in July (!) Here is FreeBSD's progress on a patch:

https://lists.freebsd.org/pipermail/freebsd-announce/2017-October/001805.html
 
Last edited:
Status
Not open for further replies.
Back
Top