Setting up a home pfSense router involves configuring hardware and software to secure your network.
Setting up a home pfSense router involves configuring hardware and software to secure your network.
Important items matter, but not crucial. Also, a NAS device failed because a friend damaged its board and harmed my Xeon CPU—still puzzling how that happened. I have two SSDs in RAID 0 just to back up data, so I'm in a tough spot during power cuts. I usually keep backups until I confirm everything is saved properly. I'll keep the ISP router as a backup; even though it's inconvenient, I use it for my workstation without Wi-Fi for uploading projects via 4G over USB, which is a solid approach. Lastly, after asking about the best CPU for a router, I found another possible solution for my issue.
cookiedough909
06-06-2023, 08:10 AM #21My equipment isn't that vital Important items matter, but not crucial. Also, a NAS device failed because a friend damaged its board and harmed my Xeon CPU—still puzzling how that happened. I have two SSDs in RAID 0 just to back up data, so I'm in a tough spot during power cuts. I usually keep backups until I confirm everything is saved properly. I'll keep the ISP router as a backup; even though it's inconvenient, I use it for my workstation without Wi-Fi for uploading projects via 4G over USB, which is a solid approach. Lastly, after asking about the best CPU for a router, I found another possible solution for my issue.
I still prefer x86 for its performance and adaptability compared to most consumer routers. They often slow down the WiFi connection, which is why I keep one for handling that network. Linux offers superior Linux support over FreeBSD for WiFi tasks. More importantly, you can install detailed blocklists (like pfBlockerNG) on the router to block malware and intrusion attempts. I configure my firewall to permit only traffic from trusted sources—such as my NAS, web server, chat server, and VPN from known locations—minimizing risks. You can also route specific clients through separate VPNs, which is handy for torrents or accessing region-restricted content. DNS setup can leverage Cloudflare SSL so your ISP can't monitor or modify it. Many of these adjustments are feasible on OpenWRT, though consumer devices lack the power for heavy configurations. I recently upgraded from an Atom DN2800 to an i5 3470T because I already had the necessary hardware spared. While it’s more than sufficient for my current needs, it ensures smooth performance if I upgrade later or hit bandwidth limits. AES-NI support is also required for compatibility with upcoming pfSense versions. If your OpenVPN server runs on the router, all clients will automatically join the LAN, simplifying management compared to manually configuring VPNs. Power usage is higher than consumer models, but considering flexibility, ease of setup, and enhanced security, it’s worthwhile. The only scenario where OpenWRT truly surpasses pfSense (besides power draw) is in its approach to bufferbloat prevention, which I expect to improve soon. For gigabit connections, this advantage probably diminishes.
I've been focusing on finding an affordable i5 processor lately. It's been challenging to locate one with low power consumption. I checked Amazon for a motherboard with 6 gigabit LAN ports, but it needed Skylake or Kaby Lake chips. I also looked at some low-power NITX boards, though they lacked AES-NI support. Now I'm back to searching specifically for low-power i5 options.
Here’s what I set up:
- **CPU:** Dell R610 Chassis with 2x Intel E5640 (2.67GHz, 6 cores) and 64GB RAM
- **Storage:** Two 60GB Intel 520 SSDs in RAID1; used pfSense with a ramdisk configuration
- **Network Cards:** One Intel x520 single port card; future upgrade to higher speeds is possible
- **Switch:** Cisco 3560X PoE model, each with two 10G RJ45 ports
- **Configuration:** WAN → pfSense → 10G RJ45 → Switch #1 → Users → 10G RJ45 → Switch #2 → Infrastructure/servers
I vlan’d the devices and restricted server access to specific ports. The main file server ran on Switch #2 via a single 10G port using an Intel x540 card. For redundancy, I considered adding a second 10G port, but they didn’t want extra cost.
During testing, I achieved roughly 6.7Gb/s from the file server through pfSense, which was about six times faster than before. The main challenge was VPN performance—limited by their existing Cisco firewall, resulting in around 300Mbit/s over IPsec. The setup is quite heavy, so consider negotiating with your ISP for failover options.
leowolfdu13
06-08-2023, 06:05 AM #24I introduced similar equipment into an office recently. Their budget was limited but they required about 1G WAN throughput and strong LAN performance. Previously, their Cisco firewall was poor for VPN speeds, so this setup could be a better alternative. They already had available rack space, which might help with suitability. It could work or not, but it should guide your choice since there are desktop models of the Dell PowerEdge series available. For high VPN use, you’ll need a CPU that supports AES-NI—especially if you plan to handle encrypted traffic. If you’re using Intel Xeon, stick with processors after the Westmere architecture; check Intel’s ARK for options, though some low-power chips may lack it.
Here’s what I set up:
- **CPU:** Dell R610 Chassis with 2x Intel E5640 (2.67GHz, 6 cores) and 64GB RAM
- **Storage:** Two 60GB Intel 520 SSDs in RAID1; used pfSense with a ramdisk configuration
- **Network Cards:** One Intel x520 single port card; future upgrade to higher speeds is possible
- **Switch:** Cisco 3560X PoE model, each with two 10G RJ45 ports
- **Configuration:** WAN → pfSense → 10G RJ45 → Switch #1 → Users → 10G RJ45 → Switch #2 → Infrastructure/servers
I vlan’d the devices and restricted server access to specific ports. The main file server ran on Switch #2 via a single 10G port using an Intel x540 card. For redundancy, I considered adding a second 10G port, but they didn’t want extra cost.
During testing, I achieved roughly 6.7Gb/s from the file server through pfSense, which was about six times faster than before. The main challenge was VPN performance—limited by their existing Cisco firewall, resulting in around 300Mbit/s over IPsec. The setup is quite heavy, so consider negotiating with your ISP for failover options.
Haha, just noticed you mentioned low power won't be effective for a low-power setup. Low power usually doesn't mean good performance in x86 environments since most tasks are handled in software. Instead of that, I'd consider a Micro ATX Xeon board such as the Gigabyte GA-6LASL, which includes two Intel i210 network interfaces for LAN. Pair it with an E3-1220 v3 Xeon—four cores clocked at 3.1GHz base and 3.5GHz boost, plus some RAM. That should get the job done. You'll also need an SFP-compatible Intel card in the PCI-E slot; the X520 offers future-proofing up to 10G or you can opt for a 1G model with an Intel 82576EB featuring SFP ports.