** The pfSense Users Thread **

Soldato
OP
Joined
1 Oct 2006
Posts
13,853
I get guest network. But IOT aren’t you just making it prone to be hacked and taken over as part of bot net or worse? Many IOT now are cameras, door bells etc etc. I would think privacy concern is a greater problem?

IoT is a VLAN on the DMZ network that only has the ability to see the Internet outbound and nothing else. No UPnP, no port forwarding, nuffin. There is no way to initiate an inbound connection, the IoT devices need to dial out.
 
Associate
Joined
7 Jan 2007
Posts
763
Why would you have an IOT device in a DMZ if it is outbound only?

Put it in its own vlan behind the firewall with no connectivity to your other networks.
 
Soldato
Joined
28 Dec 2003
Posts
16,057
I use a qotom box, forgot the model number, but it has a i5 broadwell era processor alongside 4 intel nic ports, 4 gig ram, and internal m.sata ssd. The entire casing is the heatsink. :)

Q355G4? Been looking at that and looks pretty perfect actually, if I could actually find one.
 
Soldato
Joined
10 Apr 2004
Posts
13,489
Used to run pfsense, but when I re-did the VM for a new Quad port NIC I moved over to Opnsense due to Netgate’s shenanigans.

I had it running on a dedicated core + HT on my UnRAID server but since I’ve moved to a HP T620 Plus, uses about 15-19W depending on what I’m doing.

Maxes out 500/70 quite happily.
 
Soldato
Joined
29 Dec 2002
Posts
7,177
Intel(R) Celeron(R) CPU N3160 @ 1.60GHz

90Mbps does me. If I ever need faster I can move back to using PfSense in a VM and use my Box as a backup.

You’ll likely find adding another tunnel means you can do 90Mbit per core/tunnel, it may drop off slightly depending on what else is going on.
 
Associate
Joined
19 Dec 2017
Posts
720
I've used pfSense for a long old time, but in recent years I'd opted for a simpler home network setup until I found a need for a failover connection.

I picked up one of these cheap eBay J1900 based boxes to give it a go before realising it doesn't have AES-NI which is a shame, as I was hoping to move VPN services off my Synology NAS.

It seems to do the job pretty well, fails over to a home 5G router. I just need to find an L2TP service for ingress while on failover as the 5G uses CGNAT.

Untitled by mikehhhhhhh, on Flickr
 
Associate
Joined
16 Feb 2011
Posts
45
Location
Derby
Just commenting in to say fellow user here, I run pfsense virtualised on Proxmox, with a pair of network cards (one of which is 10gig) on hardware pass through.

I've bonded a few of these ports together and created a budget homemade 10gig switch within my server.

Very pleased with the results!
 
Man of Honour
Joined
30 Oct 2003
Posts
13,229
Location
Essex
Also a pfsense user and very happy :) - Currently running it on a pair of pfsense xg7100 1u appliances and its been brilliant :D
 
Soldato
Joined
18 Aug 2007
Posts
9,689
Location
Liverpool
https://arstechnica.com/gadgets/202...olations-and-bad-code-freebsd-13s-close-call/

A worthwhile read if you are a pfsense user. Mistakes were made would be an understatement. Again.

Jim's a good writer, and this one's no exception. I think he did a very good job of digging beneath the surface and presenting all sides in as balanced a way as possible... Not that there's much positive you can throw Netgate's way here. Being caught up in a scandal like this just before they release a closed source version? It doesn't bode well and I'm very, very glad I didn't fire up pfSense 2.5 with WG, as planned, to test. I think I'll just stay where I am thanks... :D
 
Soldato
Joined
29 Dec 2002
Posts
7,177
The question everyone who knows Netgate’s history when it disagrees with a developer’s actions is ‘How long before they register a Wg related domain and develop a hate site and do we get a new video?’

...too soon?
 
Back
Top Bottom