Running a VM as my firewall (Untangle, pfSense etc)

[robj20]

I didn't say that. I used to use it, and it's good. But there's a lot of evidence to suggest netgate aren't the nicest of companies around.

To be honest i dont really get whats going on, like a said been a long time since i did anything with networking other than plugging cables in.

 

[Turn]

Just use MikroTik CHR, make your life easy

 

[WJA96]

Just use MikroTik CHR, make your life easy

Lol. So the first hill you climbed was the Eiger? Just lol. That said, once you’ve wrapped your head around the Latvian Logic there isn’t much they won’t do. And they’re dirt cheap for the power you get.

 

[Turn]

Lol. So the first hill you climbed was the Eiger?

Sounded like the folk in here had prior experience of the different stuff around, I was merely joking anyway.
Talking about CHR aswell, so there'd be no cost associated with trying it out.

 

[andy_mk3]

I didn't say that. I used to use it, and it's good. But there's a lot of evidence to suggest netgate aren't the nicest of companies around.

Same can be said for Nvidia, and we still buy it

 

[Deleted User 298457]

I'm just retiring a box I've and running for over a decade, Intel Xeon 1230 with VMware ESXI5. Pfsense is a VM. I've had my fingers crossed basically everyday it doesn't go down as it's just that bit more complicated to recover.

I'll be using a Dell Optiplex to run it natively at like...1/18th the power consumption or something and about 1/20th the cost to buy lol.

 

[Turn]

I've just bought a i5-12600K, 64GB DDR4 for my new server, quite excited to get it all setup when it arrives - quite the upgrade.
Retiring my i7-920 6GB RAM server to use as just a MikroTik router now.

 

[ChrisD.]

After trying a few options, I've settled on Untangle and I've bought a license. It really is impressive. There's a few things for me to figure out, mainly due to how I have things set up at home but I'm beyond happy so far.

 

[Mikey]

After trying a few options, I've settled on Untangle and I've bought a license. It really is impressive. There's a few things for me to figure out, mainly due to how I have things set up at home but I'm beyond happy so far.

Which license did you get? I'm back on pfsense at the moment, but I rec it'll be short lived and the Untangle disk dropped back in. Although I think I need to do a fresh config on the untangle as it's very laggy compared with how the pfsense is performing.

Virgin Media 100 install today, but thinking why am I bothering when Vodafone has been spot on.

 

[ChrisD.]

Which license did you get? I'm back on pfsense at the moment, but I rec it'll be short lived and the Untangle disk dropped back in. Although I think I need to do a fresh config on the untangle as it's very laggy compared with how the pfsense is performing.

Virgin Media 100 install today, but thinking why am I bothering when Vodafone has been spot on.

Home Protect Plus as I'm using the IPSEC VPN, but it's of no cost to me as I can claim it through work.

I'm really happy so far. I have tempted to get a second ISP but I've read Untangle requires two static IPs for WAN Balancing so I can't really go with someone cheap so that idea will probably take a back seat.

 

[Mikey]

Home Protect Plus as I'm using the IPSEC VPN, but it's of no cost to me as I can claim it through work.

Makes sense. However be mindful I think that breaches the license agreement. I was considering looking at Plus again at renewal time. I've just let the standard Home license renew each year regardless. Shame I can't combine pfsense, Sophos XG and Untangle functions / UI / configurability

 

[ChrisD.]

Makes sense. However be mindful I think that breaches the license agreement. I was considering looking at Plus again at renewal time. I've just let the standard Home license renew each year regardless. Shame I can't combine pfsense, Sophos XG and Untangle functions / UI / configurability

I'm intrigued, how does it breach the license agreement?

3.5 Home Protect Subscriptions. Untangle licenses certain subscriptions under a residential, non-commercial arrangement. As part of this arrangement, Untangle grants usage of NG Firewall in a home environment provided that (a) the subscription is not used in any non-home environment, or used for any kind of business activity with the exception of family members working from home, or (b) the subscription may not be used in mixed use settings that may be considered commercial such as residential care facilities, childcare facilities, home operated businesses or any setting that is wholly or in part a commercial endeavor. Untangle reserves the right to make the determination whether any use is inconsistent with the intent of the license and reserves the right to terminate deployments that do not meet the terms of the Home Protect licenses.

 

[Mikey]

I'm intrigued, how does it breach the license agreement?

Claiming for work indicates not for Home use. I'm not here to wag the finger, it's just a FYI / heads up / double check etc.

If claimed back via work, that means your employer owns the license?

 

[ChrisD.]

Claiming for work indicates not for Home use. I'm not here to wag the finger, it's just a FYI / heads up / double check etc.

If claimed back via work, that means your employer owns the license?

I get a cash amount each year to spend on what I want tech wise, so I don’t think it matters.

 

[Mikey]

Fair do

 

[ChrisD.]

I have used pfSense in the past and I did try OPNsense. But in the end I wanted an all in one solution which covers everything, without the need for separate apps/customising/subs etc.

A few minor points:

• I do think there is a bug either in the UI or their build of Strongswan for the IPSEC tunnel. Using IKEv2 I can't get more than one local and remote private network over a single tunnel to stay stable. I've had to create 3 tunnels in total to keep it stable.
• I wish we could use Wireguard for Tunnel. The Mullvad performance over OpenVPN leaves a lot to be desired yet I get nigh on line speed using Wireguard.
• It would be nice to get 'best effort' support, rather than zero without having to pay for it.
• Maybe I'm missing something but I don't think it supports Route Based VPN, only Policy Based.

 

[Mikey]

Pretty much my thoughts too re an all in one “solution”.

Re VPN performance, that’s why I wanted to try pfsense again. I don’t think Untangle uses AES-NI CPU capability, not 100%

re support, when I have had issues with my Home license, I’ve emailed them and they’ve helped / fixed it. I think support is best endeavours / no SLA.

I’d email them / post on their forums (which are sadly pretty dead).

my unit is based on an Intel® E3845 running 8GB RAM

 

[sparkymark75]

OPNSense and I assume PfSense aswell, since they're both BSD won't use multiple threads for PPPoE.
So just keep that in mind if you are using PPPoE, not sure what ISP you are with.
There's a thread about it on TBB forums called - "Router hardware capable of routing 900mbps over PPPoE"

I have BT 900mbps and I’m running pfSense and don’t appear to have any issues. Or do these only manifest themselves with speeds over 900?

Im running pfSense on a Lenovo ThinkCentre M920q Tiny with 8Gb ram and an i5-8500T with an Intel i350-T2 NIC added.

 

[Turn]

I have BT 900mbps and I’m running pfSense and don’t appear to have any issues. Or do these only manifest themselves with speeds over 900?

Oh I've only seen this reply now, I apologize for my late response lol.

I used OPNSense in my testing, the speeds would variate a lot going from 250Mbps - 900Mbps, it would just peg one of my cores.
The x86 machine that I use as a router is an old i7-920, the single core perf is significantly worse than yours, so the effects may not be as significant as I had.
Funnily enough I also have a i350-T4 as my NIC, when switching to CHR I had no issues pushing a steady 940Mbps so stuck with it ever since and it's very versatile once you get used to it.

Look at the this thread for more information on the issues I mention as it will probably explain it better than I can.