Setting up a home pfSense router involves configuring hardware and software to secure your network.
Setting up a home pfSense router involves configuring hardware and software to secure your network.
Hello! I’m trying to set up a router for my recent 1Gb internet plan. The device they gave me is really lacking in performance—often needing restarts and even getting bypassed by a friend’s technician who knows a bit about security. They told the ISP to update the firmware, but after four weeks nothing changed. Worse still, the router’s speed is barely functional. I’m considering building my own pfSense router because I can customize it and need to spend on a third-party wireless solution since my fiber line is available and I have an SFP+ NIC.
I’ve watched several build guides but still have doubts. Linus mentioned it’s overkill, mainly due to the power supply and CPU combo. From what I learned, higher core counts aren’t necessary and switching to a higher frequency might help. My main concern is enabling a VPN while traveling, especially since I live in an area with limited bandwidth. I’d like to use the 1Gb connection (which is surprisingly cheap—under $8 USD after taxes) but it would demand more CPU power. I also want the device to be as energy-efficient and compact as possible.
I have a setup with one workstation, a NAS, an AIO PC for browsing, and possibly three extra machines. It’s a bit of a hassle, but I’ll keep my home Wi-Fi router on standby with DHCP for guest devices. Any suggestions or advice would be greatly appreciated!
Best regards,
Kryptocid
I bought myself a quality router instead of dealing with all this trouble. Contact your ISP and request the Modem, Router, or gateway be set to passthrough mode. This ensures it only functions as a modem, allowing you to send everything directly to a reliable router or security system.
You'll need a separate modem, not just connect the fiber directly to the pfSense device. You can purchase one, turn off features like DHCP and bridge mode, then link it to the box. From there, configure interfaces and other settings. A SFP+ card isn't necessary; it would fully use your 1Gbit connection, but you'd still need a modem. Typically you'd connect an Ethernet cable to the router instead of using SFP+ unless the device supports it.
Yeah, I forgot to mention..... here I have the low price internet but I pay a lot more on network devices. As an example, you can buy at $600 an router launched in 2011, here, by getting a dedicated router or switch for home use is more than rare....... most of the people are going to buy first wifi router that they can find and fit their needs and change it every year or so.
It hinges on your ISP's delivery method. Is the fiber directly connected to the router or passes through a media converter with Ethernet output first? Are you using a VPN like a public provider? Most public VPNs rely on OpenVPN, which demands significant CPU power. Handling over 200 Mbps with OpenVPN is tough (imagine a Core i3/i5 server with AES-NI and nothing else running). For remote home connections, opt for a lighter protocol such as L2TP/IPSEC. If you already have a server or plan to set one up, building a virtual router can help share resources and conserve energy.
There seems to be a compatible adapter for fiber to SFP. It appears the network here uses fiber and/or CAT7, which means you can skip the modem entirely. This is why I prefer using SFP as the WAN port—something I've noticed in one of the episodes from Moving Blog.
No modem needed—just a cable long enough to reach every corner of your home or apartment. This setup is for personal use, VPN, mainly for holidays abroad. The speeds I experienced were around 60-70 Mbps, so higher than 100Mbps isn’t necessary. The goal is to protect myself from getting caught or facing legal issues for downloading torrents or accessing region-locked sites. I’ve discussed this approach using pfSense as a VM, but the security is weaker than a basic Wi-Fi router because tunneling ports makes it easy for someone to intercept traffic without affecting multiple machines.
I thought about how public networking might behave differently in various regions. In my area using coax cable, a modem is required before the pfSense device. The connector type is known as a transceiver and changes depending on the specific connector used. For home setups, single strand fiber cable is most frequently seen. I’m not sure if a transceiver is available for this setup. If you have an LC cable entering your home, these are typically found on transceivers.
Do you have the chance to buy an affordable router that works with OpenWRT? At this stage, a dedicated router is likely the safest choice. While you can assemble a budget PC, mistakes from users or setup can increase security risks and expose your network.
They provide optical fiber cables in various types, and the SFP module you choose must match your ISP’s technology. Doing it right matters. Virtualizing routers, firewalls, and security devices is widely used in large organizations. Escaping a virtual machine is significantly harder than breaking into a basic home router, I assure you. While using a proper hypervisor and segmenting interfaces is recommended, it’s standard for virtualization. Another option is deploying a hardware firewall alongside your virtual routing device. For VPN speeds, 100 Mbps is achievable with a Celeron-based Intel NUC.