PFSense Router Upgrade
- Thread starter StevieC
- Start date
- Status
My access point supports it and it's an ethernet connection to my switch then routed by the PFSense so it is supported just not via a card in the PFSense box. Better that way anyway because then you can place it in a better reception area than where the box is located without having to run low-loss antenna cables.
Last edited:
OVERKILL
$100 Site Donor 2021
Originally Posted by StevieC
Originally Posted by pitzel
Nice.. Only big downside is that its probably costing you 25W.
I'm basically in the process of building the same setup using a cheap industrial fanless 4th gen CPU PC that I bought last year and have sitting on the shelf. With an i5-4570T (have to use the "T" version in my particular implementation).
Ever considered using your extra Ethernet ports to increase redundancy?
What else can I suggest.... Maybe set up a tftp server so you can serve up PXE boot menus and images for client PCs? The way I have my system set up here is that I can bring anyone's PC/laptop, plug it in, enable PXE boot, and voila, it will load up a menu that I can select from any one of a number of PXE bootable utilities. Or even iSCSI targets if you install ipxe.
edit: this is what I'm using: http://www.nexcom.com/Products/mult...ce-player/1080p-signage-player-ndis-b533 . And I have 2 compatible WiFi cards I'm adding to it as well, so it will also serve as an access point for 2.4GHz/5GHz 802.11n
It has boot support built in as well as TFTP, although I don't have a need for that at this time.
Also supports SSH for the console so no hardware is needed where it is.
As for the wattage... Doesn't bother me. I'm gas for everything possible here so it's made up for. LOL
I hadn't given thought for redundancy because I don't see it being an issue and being mission critical and didn't want to add complexity if not necessary. It's a good idea though.
I went with the Ubiquity access point because of the Faraday cage my house seems to be with the metal mesh in the plaster walls. It was the only thing I tested that seemed to cover the entire house and outdoor areas placed in one central location of my house. I tested a bunch of things and nothing seemed to be as good as it was in this setup.
Thanks for the info you provided. Great discussion points.
Regarding the point of link redundancy, i can't really see there being any on a NIC that shares a common backplane. If one port fails on that bad boy, odds are the whole card is garbage. What you could leverage is link aggregation/teaming, but you have no need for, or means to leverage, that level of throughput, so it's really a non-starter. When I do fail overs, they are always utilizing completely separate hardware. If you had a 2nd one of those cards, then you could do redundancy or, you could use the on-board lan-port for that purpose I suppose
Realistically, since we aren't dealing with enterprise-grade gear here or a mission-critical application, the power supply in that computer or the motherboard are likely to give out before the NIC does. The redundancy thing would be more of a learning exercise than one of practicality IMHO.
Originally Posted by pitzel
Nice.. Only big downside is that its probably costing you 25W.
I'm basically in the process of building the same setup using a cheap industrial fanless 4th gen CPU PC that I bought last year and have sitting on the shelf. With an i5-4570T (have to use the "T" version in my particular implementation).
Ever considered using your extra Ethernet ports to increase redundancy?
What else can I suggest.... Maybe set up a tftp server so you can serve up PXE boot menus and images for client PCs? The way I have my system set up here is that I can bring anyone's PC/laptop, plug it in, enable PXE boot, and voila, it will load up a menu that I can select from any one of a number of PXE bootable utilities. Or even iSCSI targets if you install ipxe.
edit: this is what I'm using: http://www.nexcom.com/Products/mult...ce-player/1080p-signage-player-ndis-b533 . And I have 2 compatible WiFi cards I'm adding to it as well, so it will also serve as an access point for 2.4GHz/5GHz 802.11n
It has boot support built in as well as TFTP, although I don't have a need for that at this time.
Also supports SSH for the console so no hardware is needed where it is.
As for the wattage... Doesn't bother me. I'm gas for everything possible here so it's made up for. LOL
I hadn't given thought for redundancy because I don't see it being an issue and being mission critical and didn't want to add complexity if not necessary. It's a good idea though.
I went with the Ubiquity access point because of the Faraday cage my house seems to be with the metal mesh in the plaster walls. It was the only thing I tested that seemed to cover the entire house and outdoor areas placed in one central location of my house. I tested a bunch of things and nothing seemed to be as good as it was in this setup.
Thanks for the info you provided. Great discussion points.
Regarding the point of link redundancy, i can't really see there being any on a NIC that shares a common backplane. If one port fails on that bad boy, odds are the whole card is garbage. What you could leverage is link aggregation/teaming, but you have no need for, or means to leverage, that level of throughput, so it's really a non-starter. When I do fail overs, they are always utilizing completely separate hardware. If you had a 2nd one of those cards, then you could do redundancy or, you could use the on-board lan-port for that purpose I suppose
OVERKILL
$100 Site Donor 2021
Originally Posted by pitzel
Originally Posted by OVERKILL
What, no 802.11ac? for shame!
Good work
I built something similar a few years back.
Not supported under FreeBSD, and hence, not under pfsense either.
.
Sucky. This would then be a situation where a separate AP may be a better choice. I've had the same AP (Aruba) for my last 4x firewalls, so there's certainly value present in having separate components.
Originally Posted by OVERKILL
What, no 802.11ac? for shame!
Good work
Not supported under FreeBSD, and hence, not under pfsense either.
Sucky. This would then be a situation where a separate AP may be a better choice. I've had the same AP (Aruba) for my last 4x firewalls, so there's certainly value present in having separate components.
I keep an older Asus router with DD-WRT on it programmed with my port forwards etc. on standby to bridge my modem to the switch should the box fail as it did this past weekend. It's literally a few cables and I'm back up and running in a few minutes. If I was a commercial building with lots of traffic I would setup fail-over which PFSense is quite good at I understand. But here I'm small potatoes so as secure as possible with as little complexity as required is what I'm after...
Besides... It's me fixing things anyway, no one else in my family for that matter even has a clue about this stuff.
Besides... It's me fixing things anyway, no one else in my family for that matter even has a clue about this stuff.
Last edited:
OVERKILL
$100 Site Donor 2021
Originally Posted by StevieC
I keep an older Asus router with DD-WRT on it programmed with my port forwards etc. on standby to bridge my modem to the switch should the box fail as it did this past weekend. It's literally a few cables and I'm back up and running in a few minutes. If I was a commercial building with lots of traffic I would setup fail-over which PFSense is quite good at I understand. But here I'm small potatoes so as secure as possible with as little complexity as required is what I'm after...
Besides... It's me fixing things anyway, no one else in my family for that matter even has a clue about this stuff.
That's an unfortunate reality with commodity, often "consumer grade" hardware. I've never had an ISR fail, despite being contracted with SmartNET in case it does. These units typically last well past the point of obsolete and then you are swapping them out for something else. Last 8x ISR's I retired, which have been in the last few months, all were working 100% reliably, but were unable to handle the throughput of the newly upgraded WAN links they were connected to.
I always have something spare kicking around here that I could swap in if needed, though my present Meraki is on contract and I'd have a new unit next day.
I keep an older Asus router with DD-WRT on it programmed with my port forwards etc. on standby to bridge my modem to the switch should the box fail as it did this past weekend. It's literally a few cables and I'm back up and running in a few minutes. If I was a commercial building with lots of traffic I would setup fail-over which PFSense is quite good at I understand. But here I'm small potatoes so as secure as possible with as little complexity as required is what I'm after...
Besides... It's me fixing things anyway, no one else in my family for that matter even has a clue about this stuff.
That's an unfortunate reality with commodity, often "consumer grade" hardware. I've never had an ISR fail, despite being contracted with SmartNET in case it does. These units typically last well past the point of obsolete and then you are swapping them out for something else. Last 8x ISR's I retired, which have been in the last few months, all were working 100% reliably, but were unable to handle the throughput of the newly upgraded WAN links they were connected to.
I always have something spare kicking around here that I could swap in if needed, though my present Meraki is on contract and I'd have a new unit next day.
Originally Posted by RonRonnster
Nice! - I'm running PFSense on a Gigabyte Brix with an i5. Again, totally overkill, but it's the right form factor and works great. I echo your sentiments about installing an SSD - I picked up an inexpensive 256gb for the Brix and it cut the boot up time down significantly. I've though about installing VMware EXSi free version just so I can run one or two other systems in the Brix, but I don't know what I would use them for at this point.
Woa, what is this VMware ESXi Free version you speak of ? I use VMware workstation all the time, but ESX is heavily used at my company and I always wanted to try it on my own box. Details pls !!
Nice! - I'm running PFSense on a Gigabyte Brix with an i5. Again, totally overkill, but it's the right form factor and works great. I echo your sentiments about installing an SSD - I picked up an inexpensive 256gb for the Brix and it cut the boot up time down significantly. I've though about installing VMware EXSi free version just so I can run one or two other systems in the Brix, but I don't know what I would use them for at this point.
Woa, what is this VMware ESXi Free version you speak of ? I use VMware workstation all the time, but ESX is heavily used at my company and I always wanted to try it on my own box. Details pls !!
- Status
Similar threads
