Noted thanks.
Building own router - pfsense vs openwrt vs ?
- Thread starter Hades
- Start date
Deleted User 298457
Deleted User 298457
PfSense is great. Although see my thread here where my "project for fun" got carried away and almost a decade of super user support later I retired it:
forums.overclockers.co.uk
I had an ESXi/VMware Whitebox with PfSense as a VM, with the NIC 'hardware passthrough' using VT-D and an OpenReach modem.
Retiring my ESXi Whitebox + Home Server + ZFS
Cross-post from Home & Garden as this was as much of a man-job as a techy job. Lesson learned for you all: KEEP IT SIMPLE. This device was a pet project in learning ZFS and quickly became mission critical. When I moved out, my mum relied on internet and fortunately whilst PfSense was rock...
forums.overclockers.co.uk
I had an ESXi/VMware Whitebox with PfSense as a VM, with the NIC 'hardware passthrough' using VT-D and an OpenReach modem.
Haha, yes I saw your post when you made it. Luckily if things get out of control I can just plug the BT Smart Hub back in.PfSense is great. Although see my thread here where my "project for fun" got carried away and almost a decade of super user support later I retired it:
Retiring my ESXi Whitebox + Home Server + ZFS
Cross-post from Home & Garden as this was as much of a man-job as a techy job. Lesson learned for you all: KEEP IT SIMPLE. This device was a pet project in learning ZFS and quickly became mission critical. When I moved out, my mum relied on internet and fortunately whilst PfSense was rock...
I had an ESXi/VMware Whitebox with PfSense as a VM, with the NIC 'hardware passthrough' using VT-D and an OpenReach modem.
Soldato
- Joined
- 10 Apr 2004
- Posts
- 13,496
Used to use a 4-port NIC in my UNRAID server running pfsense, then switched to opnsense.
Now running opnsense on a HP T620 thin client with the same 4-port NIC, routes my 500/70 FTTP service very nicely.
Should also do double that too, although might not upgrade to the 900/110 service to try it!
Now running opnsense on a HP T620 thin client with the same 4-port NIC, routes my 500/70 FTTP service very nicely.
Should also do double that too, although might not upgrade to the 900/110 service to try it!
I've run pfsense on ESXi for the last few years with no issues. I tried proxmox but always struggled to max out my 350 meg connection - it was hit and miss - tried all sorts of different things, including passthrough, but switched to ESXi and it just worked. I use VLANs over 4 nics with the Virgin Media modem on it's own vlan, my wired network on another, and 3 different SSIDs using unifi routers over 3 others. Again, tried a dedicated nic, including passthrough, but this setup gave me the most flexibility, as I could plug/unplug any of the nics and everything continues to work regardless.
The best thing about virtualizing is being able to upgrade/rollback without worry of significant downtime.
The best thing about virtualizing is being able to upgrade/rollback without worry of significant downtime.
Thanks all.
Complete coincidence but my BT Smarthub died this morning. I've got my internet connection working again temporarily using the old modem and router I used in 2008. Luckily I never threw them away. So when the Wyse 5070 arrives I'll definitely be building it out as a router.
Complete coincidence but my BT Smarthub died this morning. I've got my internet connection working again temporarily using the old modem and router I used in 2008. Luckily I never threw them away. So when the Wyse 5070 arrives I'll definitely be building it out as a router.
Deleted User 298457
Deleted User 298457
Can you upgrade your internet whilst you're at it? Make sure you get a NIC that can handle it.
Unfortunately not yet. I have the fastest I can get, although my area is scheduled for FTTP in the next 1 to 3 years.
After a little more research it actually seems quite easy and cheap to add a second NIC to these devices. So perhaps the totally passive cooled slim celeron version may have been better, also with lower power requirements, and adding a second NIC to that.
This article explains it:
Anyway I have the extended version and Intel 4 port NIC arriving in a few days so I'll see what it's like as a router. Potentially I may keep an eye out for a cheap slim version and add a second NIC to the 2230 port. Then repurpose the extended version at a later date.
This article explains it:
Anyway I have the extended version and Intel 4 port NIC arriving in a few days so I'll see what it's like as a router. Potentially I may keep an eye out for a cheap slim version and add a second NIC to the 2230 port. Then repurpose the extended version at a later date.
Thanks. Yes I am leaning towards opnsense after trying both, and also due to the company going in a better direction than pfsense could in the future,
Last edited:
A little bit of an update. OPNsense and the Wyse 5070 just saved me from several days internet outage. On Sunday my second BT Home Hub died. It simply wouldn't power on. I guess it was just too old and had been in a cupboard for too long. This was already my backup router after my main one died. So in the space of several days both my main router and my spare one died. My wife and kids panicked; my daughter neeeded the internet for A level revision, my son for games and my wife to work from home. I had already been playing around with OPNsense on the Wyse 5070 so I was able to swap it in and configure it for PPPoE using the BT Openreach modem that was still working fine. Without OPNsense we would have had a couple of days outage, only tethering our phones for internet, and my wife would have had to go back into the office.
Unfortunately I hadn't appreciated that I hadn't actually installed OPNsense correctly and had been running it in Live USB mode with a few issues causing it to run slowly. But I couldn't power it off or reboot it for fear of not being able to set it up correctly again (I'm very new to this - I got it working and wanted to leave it that way). So I left it alone, sitting silently in the corner working away, until I got another proper router which arrived today. I went for a used Draytek Vigor 2925 which I appreciate is a few years old now. But it is still miles better than the BT routers that I had. It was also quite cheap as its an older model. Having the Draytek means I can continue playing with OPNsense and learning how to properly set it up. I can swap the Draytek back in at the slightest hint of a problem.
I actually can't believe the timing of this. I learn OPNsense at the exact time both my routers fail and it saved us from having no internet for a few days. The other thing I discovered is that if I remove the GPU from the Wyse 5070 Extended (I have already replaced it with a 5 port NIC) it runs completely silent; the CPU fan (almost) never comes on.
Overall it was a good learning experience and the timing could not have been better. I'll keep playing with OPNsense and then make a decision whether to use it or the Draytek as the main router.
Unfortunately I hadn't appreciated that I hadn't actually installed OPNsense correctly and had been running it in Live USB mode with a few issues causing it to run slowly. But I couldn't power it off or reboot it for fear of not being able to set it up correctly again (I'm very new to this - I got it working and wanted to leave it that way). So I left it alone, sitting silently in the corner working away, until I got another proper router which arrived today. I went for a used Draytek Vigor 2925 which I appreciate is a few years old now. But it is still miles better than the BT routers that I had. It was also quite cheap as its an older model. Having the Draytek means I can continue playing with OPNsense and learning how to properly set it up. I can swap the Draytek back in at the slightest hint of a problem.
I actually can't believe the timing of this. I learn OPNsense at the exact time both my routers fail and it saved us from having no internet for a few days. The other thing I discovered is that if I remove the GPU from the Wyse 5070 Extended (I have already replaced it with a 5 port NIC) it runs completely silent; the CPU fan (almost) never comes on.
Overall it was a good learning experience and the timing could not have been better. I'll keep playing with OPNsense and then make a decision whether to use it or the Draytek as the main router.
Interesting. We are Untangle resellers now, so I have to admit to a bit of bias but I wasn’t aware that any staff had left post Arista. I do know that Arista are repackaging everything to match their corporate design language.
What features are you aware of that have stalled or slowed? I only know about the promised TLS v1.3 fix being very slow out of the blocks and indeed if you tick the option it just blocks EVERYTHING so we’ve gone from the sublime (it blocked nothing) to the ridiculous (It blocks everything).
Untangle is a great platform, but for home users support is non-existent unless of course you pay for it. Sure, you can post on the forums, but you'll be lucky to get any kind of response. Site to site VPN is still flaky and I reported an issue with it months ago with zero response.
There are effectively 3 home options - Trial (free) where I wouldn’t expect support after the 14 day trial period ends because it’s free, Hime Protect Basic (£35/year) and Home Protect Plus (£120/year). Im not sure what level of support you’re looking for. All the options are effectively open-source off-the-shelf bundles -Wireguard, OpenVPN and IPSEC (Tunnel or Transport). The biggest issue I see is people not making one end of OpenVPN the server and the other end the client. Wireguard is Wireguard and IPSEC is about as industry standard as it gets. And the other big issue seems to people not understanding certificates. We use OpenVPN to connect a lot of users with our offices and it seems to work fine. The customer site is the server and our remote servers are the clients.
Id be interested to know who you consider to be good at support in this arena because my experience with anything remotely clever (VPNs, VLANs, SSL Inspection, IPS/IDS threat management) is that the developers bundle the code into their “baby” so they can sell it as a feature and that’s that.
Ubiquiti UniFi still has the best Site to Site VPN setup routine with a USG at either end you just tell it what USG you’re targeting for your VPN and it literally “just does it”. First time, every time. No problem.
Last edited:
There is no support on any of the home options unless you pay for it. I’ve reproduced an IPSEC issue and reported it, logged a support ticket and nothing. The exact same config on USG, *sense, Sophos etc works without any issue. With *sense you don’t get official support but at least their community is very active.
Have you tried signing up for the 14 day trial and contacting live support during the initial trial period?
Im not going to pretend that we don’t offer to bundle support packages with our installs but in general we don‘t need them. If we had an issue with a site to site IPSEC VPN tunnel (I assume you’re doing tunnel) then we’d just run Untangle in pass through mode and use cheap Mikrotik routers for the VPN endpoints.
Im not going to pretend that we don’t offer to bundle support packages with our installs but in general we don‘t need them. If we had an issue with a site to site IPSEC VPN tunnel (I assume you’re doing tunnel) then we’d just run Untangle in pass through mode and use cheap Mikrotik routers for the VPN endpoints.
Yes, IPSEC tunnel. If you more than one network pair per single tunnel then it drops them after some time moaning about traffic selectors unavailable which points to an incorrect configuration with the source or destination subnets. However if you build 3 separate tunnels with the exact same information it doesn't drop them. I searched on their forums and others have had the same issue dating back some time but no updates. I've put the exact same configuration onto a USG, *sense and Sophos XG and it works without issue. Not really huge, but running more tunnels means more CPU overhead so it's somewhat inefficient running 3 but meh, I'm not exactly pushing a load of traffic so it's kind of a moot point, but it would have been nice to have some kind of engagement. I tried the 14 day support but they dithered about when I logged the ticket and by the time I got any kind of traction from them, lo and behold the 14 days had expired and they closed the case without further reply.