I already have a HP microserver with ESXi installed.
I have 75Mbps internet connection from Plusnet. Is microserver powerful enough to install pfsense?
Build Pfsense router
- Thread starter Ice_Black
- Start date
I already have a HP microserver with ESXi installed.
I have 75Mbps internet connection from Plusnet. Is microserver powerful enough to install pfsense?
Maybe not Virtual, Bare metal yes. That is to obtain the max download of 76Mbps or greater.
Yes it is with some performance loss, it will max out the CPU at some point. I use it with Untangle in a VirtualBox installation but because Untangle is a little heavier it will max out at 50mbps down CPU wise.
In a Virtual environment it may not be powerful enough to get above this with a pfsense install even though it has less resource use. The only way to cure that is to do a bare metal install which it will be more than adequate. I have Bt Infinity but I don't torrent/download a lot. So because I want to use the Microserver to the full I sacrifice 25Mbps off the 76mbps to get Level 7 Unified Security with spyware, add removal etc.
I would try this method first with pfsense either in win2008 in a virtualbox install. Actually I do have a virtual setup with pfsense I might try later and get back to you with max throughput obtained. In ESXI it will have the same limitations being virtual. You will have to try this yourself takes only about 1/2hour to setup and try.
Just tried pfsense in Virtual Box under windows 2008 I was able to get max speed without cores maxed out. This is with snort, squid everything on the http x 6 result is probably tainted because of this. There isn't much more headroom maybe OK up to 100Mbps. I still prefer Untangle but really these are two different things ones really a dedicated router/Firewall the other a UTM.
Here is the speed result of pfsense in the virtual.
[RXP]Andy;24017012 said:
Actually as a dedicated router I would long term take this route. Perfect hardware, but I wouldn't want the extra nic card and would go with the Akasa Euler Case
Last edited:
Maybe not Virtual, Bare metal yes. That is to obtain the max download of 76Mbps or greater.
Yes it is with some performance loss, it will max out the CPU at some point. I use it with Untangle in a VirtualBox installation but because Untangle is a little heavier it will max out at 50mbps down CPU wise.
In a Virtual environment it may not be powerful enough to get above this with a pfsense install even though it has less resource use. The only way to cure that is to do a bare metal install which it will be more than adequate. I have Bt Infinity but I don't torrent/download a lot. So because I want to use the Microserver to the full I sacrifice 25Mbps off the 76mbps to get Level 7 Unified Security with spyware, add removal etc.
I would try this method first with pfsense either in win2008 in a virtualbox install. Actually I do have a virtual setup with pfsense I might try later and get back to you with max throughput obtained. In ESXI it will have the same limitations being virtual. You will have to try this yourself takes only about 1/2hour to setup and try.
Just tried pfsense in Virtual Box under windows 2008 I was able to get max speed without cores maxed out. This is with snort, squid everything on the http x 6 result is probably tainted because of this. There isn't much more headroom maybe OK up to 100Mbps. I still prefer Untangle but really these are two different things ones really a dedicated router/Firewall the other a UTM.
Here is the speed result of pfsense in the virtual.
Actually as a dedicated router I would long term take this route. Perfect hardware, but I wouldn't want the extra nic card and would go with the Akasa Euler Case
Very cool!!
I am going to try it on ESXI and I let you know how I get on.
I have a BT Hub and a plusnet router (Technicolor 582n).
I think I don't need a plusnet router but just BT Hub to pfsense somehow.
Soldato
- Joined
- 10 Apr 2004
- Posts
- 13,496
Are you really sure that something like a Asus RT-N66U isn't good enough for what your doing?
I've had mine for I think 6 months now with OpenVPN enabled on a 60/3 connection with Tomato (Shibby build) and it has been flawless. (100% uptime - can't beat that!)
Seems a lot of effort and aggro with Pfsense or whatever when a dedicated route does the job.
I've had mine for I think 6 months now with OpenVPN enabled on a 60/3 connection with Tomato (Shibby build) and it has been flawless. (100% uptime - can't beat that!)
Seems a lot of effort and aggro with Pfsense or whatever when a dedicated route does the job.
Asus RT-N66U will not offer the same performance or features of a dedicated PFsense or Untangle box and never will, but as you say it depends exactly what he is going to do with his set-up
Also their are limits future wise as to how much data a normal modem can handle I have the Asus N56U and in PPP0E mode it tops out at around 220Mbps that is through the Wan to Lan.
He might be security concious and want ad blocking, spyware, anti virus and web cache and whole load of other features you will not find on a normal router.
Use your microserver and install it in a VirtualBox under windows or in VSXI if I were you. I though am now looking to go down a more dedicated route to put PFsense as firewalll and untangle as UTM in bridge in a VSXI machine.
Last edited:
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
Then just buy a second hand Dell SFF or something like that? A Dell SFF 745 should be good enough or a HP business SFF desktop.
Also it also depends on the amount of traffic you want to push through the pfSense box. If its sub 100Mb you have the option of looking at the Alix boards which are pretty cost effective.
If you want more than 100Mb + but less then 750Mb Atom boards are pretty good. However, depending on how the nics are connected to the board this would be a bottleneck.
If you want more than that, I would be looking at Intel Pentium based boards like the Intel DQ77KB etc....
Id look into the following:
Jetway JNC9C-455 + 3x Gigabit LAN Daughterboard Module
Jetway JNC9C-550 + 3x Gigabit LAN Daughterboard Module
Jetway JNC9E-525 + 3x Gigabit LAN Daughterboard Module
ALIX.1E (ALIX.1E System Board, 500 MHz AMD Geode LX800, 256 MByte RAM )
It's completely useless for pfSense, the main area it would fall short on is CPU & connectivity.
pfSense offers enterprise level protection on from a open source platform, which is based on FreeBSD. What brings pfSense into its own compared to most consumer grade routers and many business class routers is its feature set.
Soldato
- Joined
- 10 Apr 2004
- Posts
- 13,496
[RXP]Andy;24028917 said:
And completely OTT for home use?
There is doing a job well and then there is OTT.
I don't think the hours of setting up outweighs the 1 hour setup time of a normal router.
Well, hours of frustration digging through man pages cursing the complexity of BSD isn't that fun. But a happy afternoon with a few beers playing with a system that has the amazing feature of being rationally laid out from / upwards is pretty good. Depends on your perspective really.
Soldato
- Joined
- 28 Nov 2004
- Posts
- 16,024
- Location
- 9th Inner Circle
[RXP]Andy;24028873 said:
I've got a 1.8Ghz Atom with 2GB of RAM and a PCI Intel Pro 1000/MT dual port NIC. I'll be using Untangle though as I prefer Debian rather than BSD.
Depends. For your average user, no. But for power users like me then yes. It isn't too hard to setup and gives a lot more functionality and power. I often cause my router to go into fits because I open to many TCP/IP connections and it stresses out.
Soldato
- Joined
- 22 Aug 2005
- Posts
- 8,845
- Location
- Clydebank
I've got a dell optiplex 755 (core 2 e6550) 4 GB ram and it's running Win 2k8 at the moment with a bunch of services.
rather than set up a separate machine for firewall duties, I was thinking about putting ESXi on this unit, virtualising the 2k8 box, and putting pfsense on it.
I have the onboard lan, and dual port intel gig nic. I currently have virgin 120Mb internet (12 meg byte down, 1meg byte up)
I was planning to have WAN into one port of nic, LAN to other and a WIFI Access point on the onboard. (possibly 2 for upstairs / downstairs by adding a second nic card)
Will this system handle that kind of download/upload rate in a virtualised environment. Or should I really put down a seperate unit?
I have a small VIA system but I was reluctant to use this as I could save on electric by not running a whole computer for firewall duties.
The Server box will 99% of it's time be only loaded by the firewall anyway, apart from odd bursts of PS3media server, file serving and sabnzbd duties, torrenting and unzipping now and again.
Thoughts, I know I will test anyway, but would I be wasting my time as I need to deconstruct the server etc etc
rather than set up a separate machine for firewall duties, I was thinking about putting ESXi on this unit, virtualising the 2k8 box, and putting pfsense on it.
I have the onboard lan, and dual port intel gig nic. I currently have virgin 120Mb internet (12 meg byte down, 1meg byte up)
I was planning to have WAN into one port of nic, LAN to other and a WIFI Access point on the onboard. (possibly 2 for upstairs / downstairs by adding a second nic card)
Will this system handle that kind of download/upload rate in a virtualised environment. Or should I really put down a seperate unit?
I have a small VIA system but I was reluctant to use this as I could save on electric by not running a whole computer for firewall duties.
The Server box will 99% of it's time be only loaded by the firewall anyway, apart from odd bursts of PS3media server, file serving and sabnzbd duties, torrenting and unzipping now and again.
Thoughts, I know I will test anyway, but would I be wasting my time as I need to deconstruct the server etc etc
I wish someone else besides http://routerboard.com/ made boards for routing. The thing with them is it needs their os.
Last edited:
I thought with vpn providers and top Asus routers you can only hit 16-20meg max?