** The pfSense Users Thread **

[randal]

I get guest network. But IOT aren’t you just making it prone to be hacked and taken over as part of bot net or worse? Many IOT now are cameras, door bells etc etc. I would think privacy concern is a greater problem?

IoT is a VLAN on the DMZ network that only has the ability to see the Internet outbound and nothing else. No UPnP, no port forwarding, nuffin. There is no way to initiate an inbound connection, the IoT devices need to dial out.

 

[fezster]

Why would you have an IOT device in a DMZ if it is outbound only?

Put it in its own vlan behind the firewall with no connectivity to your other networks.

 

[Vertigo]

I use a qotom box, forgot the model number, but it has a i5 broadwell era processor alongside 4 intel nic ports, 4 gig ram, and internal m.sata ssd. The entire casing is the heatsink.

Q355G4? Been looking at that and looks pretty perfect actually, if I could actually find one.

 

[pc-guy]

Why would you have an IOT device in a DMZ if it is outbound only?

Put it in its own vlan behind the firewall with no connectivity to your other networks.

This tbh

 

[randal]

Why would you have an IOT device in a DMZ if it is outbound only?

Put it in its own vlan behind the firewall with no connectivity to your other networks.

It's not in DMZ, it's in an IoT VLAN which is on the DMZ interface.

I want it as far away from my trusted devices as possible.

 

[FreeStream]

Used to run pfsense, but when I re-did the VM for a new Quad port NIC I moved over to Opnsense due to Netgate’s shenanigans.

I had it running on a dedicated core + HT on my UnRAID server but since I’ve moved to a HP T620 Plus, uses about 15-19W depending on what I’m doing.

Maxes out 500/70 quite happily.

 

[jfish]

anyone managed to tether a USB Android phone to pfsense as a second WAN and configure it as a fail over

 

[Cyber-Mav]

It's a Jetway JBC313. I have a 350/35 connection with Virgin Media and get around 90Mbps download through VPN with this.

seems to be a lot of expense and hassle for such a slow vpn throughput. what cpu is that box using an atom?

 

[neodude]

seems to be a lot of expense and hassle for such a slow vpn throughput. what cpu is that box using an atom?

Intel(R) Celeron(R) CPU N3160 @ 1.60GHz

90Mbps does me. If I ever need faster I can move back to using PfSense in a VM and use my Box as a backup.

 

[Avalon]

Intel(R) Celeron(R) CPU N3160 @ 1.60GHz

90Mbps does me. If I ever need faster I can move back to using PfSense in a VM and use my Box as a backup.

You’ll likely find adding another tunnel means you can do 90Mbit per core/tunnel, it may drop off slightly depending on what else is going on.

 

[Cyber-Mav]

Intel(R) Celeron(R) CPU N3160 @ 1.60GHz

90Mbps does me. If I ever need faster I can move back to using PfSense in a VM and use my Box as a backup.

What sort of regular routing speed does it do non vpn?

 

[mikehhhhhhh]

I've used pfSense for a long old time, but in recent years I'd opted for a simpler home network setup until I found a need for a failover connection.

I picked up one of these cheap eBay J1900 based boxes to give it a go before realising it doesn't have AES-NI which is a shame, as I was hoping to move VPN services off my Synology NAS.

It seems to do the job pretty well, fails over to a home 5G router. I just need to find an L2TP service for ingress while on failover as the 5G uses CGNAT.

Untitled by mikehhhhhhh, on Flickr

 

[SumpNut]

Just commenting in to say fellow user here, I run pfsense virtualised on Proxmox, with a pair of network cards (one of which is 10gig) on hardware pass through.

I've bonded a few of these ports together and created a budget homemade 10gig switch within my server.

Very pleased with the results!

 

[Vince]

Also a pfsense user and very happy - Currently running it on a pair of pfsense xg7100 1u appliances and its been brilliant

 

[neodude]

What sort of regular routing speed does it do non vpn?

Not sure what the Max would be but it handles my Virgin M350 connection without issues.

 

[Avalon]

https://arstechnica.com/gadgets/202...olations-and-bad-code-freebsd-13s-close-call/

A worthwhile read if you are a pfsense user. Mistakes were made would be an understatement. Again.

 

[BongoHunter]

https://arstechnica.com/gadgets/202...olations-and-bad-code-freebsd-13s-close-call/

A worthwhile read if you are a pfsense user. Mistakes were made would be an understatement. Again.

Read this one earlier - it's a good article. Not that impressed with how Netgate have handled this tbh

 

[Rainmaker]

https://arstechnica.com/gadgets/202...olations-and-bad-code-freebsd-13s-close-call/

A worthwhile read if you are a pfsense user. Mistakes were made would be an understatement. Again.

Jim's a good writer, and this one's no exception. I think he did a very good job of digging beneath the surface and presenting all sides in as balanced a way as possible... Not that there's much positive you can throw Netgate's way here. Being caught up in a scandal like this just before they release a closed source version? It doesn't bode well and I'm very, very glad I didn't fire up pfSense 2.5 with WG, as planned, to test. I think I'll just stay where I am thanks...

 

[mikehhhhhhh]

Interesting reading.

I bought a spare HD to try Sophos UTM on my router, reading like this motivates me more!

 

[Avalon]

The question everyone who knows Netgate’s history when it disagrees with a developer’s actions is ‘How long before they register a Wg related domain and develop a hate site and do we get a new video?’

...too soon?