pfSense combines router, stateful firewall and VPN capabilities in one device.
pfSense combines router, stateful firewall and VPN capabilities in one device.
Hey there! I'm looking over your options and trying to help you decide. You're weighing a pfSense setup versus using a dedicated PC for routing, firewall, and VPN tasks. It's a solid choice depending on your needs. If you want zero latency and maximum performance, building a custom SFF PC or using a small NUC with dual 1GB Ethernet ports could be ideal. Just make sure the hardware can handle the load without slowing things down. For guidance, check out community forums, official pfSense documentation, and benchmarks comparing different setups. You've got flexibility—whether you go DIY or buy a pre-built device, as long as it meets your requirements, you're on the right track. What do you think?
Currently one gig is sufficient, and fiber to the house offers 1GB symmetric speeds. While I can achieve 10Gbps, it doesn't justify the expense. Upgrading my home fiber interface would cost around $500 per month, and I'd need to replace all Ethernet setups since they likely won't support higher speeds. Given these constraints, you might want to consider a Netgate device designed for home use.
Cat5e supports speeds up to 10 gigabits per second over distances around 30 meters, but handling 10 gigabit routing is quite different and requires a router costing more than $1,000 that also handles 10 gigabits without needing VPN support. I’d prefer Netgate since they offer better support and warranty options.
That's a solid observation. I've got Aquantia 10G NICs on a few desktops, but I don't have any networking gear to test it with. You're right—it would cost a lot to upgrade to a 10Gbps router, and even then, the improvement might not be worth it given my limited bandwidth. I'll give Netgate a shot, it should be an interesting project!
From what I can gather you are literally the only person to EVER say that, there are endless discussions on the Netgate forum about how much is enough for Gigabit. Did you miss the bit on their product page that clearly says, and this is WITHOUT A VPN: Now granted I think they are assuming an increase in number of clients proportional to the speed, and server-class hardware is definitely NOT required (especially as top-end Ryzen is giving it a run for its money now) but the CPU requirements are very real. I see my i5 7200U hit 50% usage on the core OpenVPN is running on when only pulling 50Mbit when running at around 800Mhz. I can't imagine it hitting Gigabit at full speed. Using Suricata and/or Snort makes requirements even higher.
Suricata is operating smoothly at high speeds, but the router consumes around 20% CPU (2200G) while maxing out the 150 mbits/second download. Additionally, adding IDS/IPS requires extra memory.