Pfsense

Why in the world would I pay $1000 for a home network that I honestly don't give a shit about and there are far cheaper ways to keep my computers safe?

Look on alibaba and similar Chinese outlets.

Cheap Intel atom router boxes should run $200-400. Depending on the specific specifications.

They won't do 1gbps VPN or IPsec, but they can easily manage 1gbps WAN/LAN

Cisco is better

I dont think pfsense is meant to have wifi on the same device. My setup is: router with pfsense --> switch --> AP-AC-PRO

>absolutely BTFO other off-the-shelf vendor at the same price point
If you found the bottom dollar FW and fit it yourself with the $0 community support option then I feel sorry for you. Experience is great and all but I'd consider leaving that company if they're not willing to fork out on proper support and warranty for that thing

>if you're using Free Open software without business class support you're handling all the risks.
this
always have a name to blame

Yea at 8-10x the cost.

I don't get it. why are networking fags so proud of their overpriced hardware? why can't they DIY?

For home use, DIY is the way to go.

For work? Fuck that shit, Cisco or similar for the support. No way am I being paid enough to take the blame if shit gets fucked.

Corporations dont give a shit they want something reputable and reliable and so do the people who have to work on them all day long.

I get a technician with a replacement unit at my clients door 4-6 hours after I log a ticket for faulty equipment, you dont get that with DIY stuff and I'm sure not the sap who's rolling out somewhere in the middle of my time off to replace something.

/thread

I mean, sure, if it's corporate money, then you shouldn't give a shit about the prices, as long as it works with minimum effort and high assurances.
I was talking about hardware for personal use, sorry for not being explicit

Dont mind people using big name kit at home, they're either using it for a lab or are huge tryhards

> Mikrotik Routerboards
> all of your firewall/nat/routing/vpn needs
Still doesn't have a full OpenVPN which supports .ovpn files, LZO compressoin and UDP. Software could be good, but unfortunately it employs another CIsco-like wrapper on top of a Linux kernel.
It doesn't even have Optware support to install required packages, like aforementioned OpenVPN with all the features.

True. But at least pfsense offers commercial support. Never tried it though, I'm fine by myself.

If they're using big boy toys at home they likely got it for cheap or free through work.

Or they're just rich tryhards.

>Netgate XG7100
What I found when using PFSense is that it offered quite a lot in terms of management features and server setups but for some reason its VLAN setups seemed broken. I could never quite manage to get VLAN working on PFSense properly. I gave up on it after a few days

because not everyone is a brokeass poorfag

For the price difference you can buy the DIY stuff double and triple to have a replacement within 10 minutes.

>paycrap
What does OPNSense offer that pfSense doesn't which isn't free?

because I use ubiquimeme routers instead

Attached: 1450968264914.png (256x256, 119K)

If that was a good enough idea then corporations would be doing it. Rack space is valuable, I'd rather have 2U firewalls in HA for redundancy with good support than 4U in them that we would have to sort out ourselves. You're underestimating how valuable the support contracts are

>corporations decide rationally about IT related matters
You should know better than that. They just want somebody to sue in case things go south, doesn't matter how unlikely it is.
Also you're talking out your ass, where the fuck is rack space valuable? A new rack doesn't cost shit.

My pfsense router is a 2U box that's only 16" depth. Athlon 5350 in a rosewill 2U case.

I have a couple of these.
They're WAY overkill for anything you can have at home.

Why are you trying to talk about something you clearly know nothing about? You could be using this as an opportunity to learn instead of arguing a point simply for the hell of it.

You know you need to put this cheap rack somewhere right? If we're dealing with a company that only needs a handful of firewalls then they won't have a lot of space allocated for network equipment, probably a room only big enough for one full height rack.

>They just want somebody to sue in case things go south, doesn't matter how unlikely it is.
Are you fucking 12? Businesses want to do business, support contracts guarantee they can resume business within a certain time frame, they much rather do business than look for opportunities to try sue over something as trivial as network equipment failing.

You pay for quality and support.

>They just want somebody to sue in case things go south, doesn't matter how unlikely it is.

No, a corporation wants someone to lean on when the hardware/network goes to shit. This is why everything they buy comes with support.

Not buying hardware, etc with support in mind is a deathwish because when things go wrong your shitty sys admins that have no idea how the stuff works aren't going to fix shit for a long time compared to what support would have done.

You're either a yes man who got that shit funneled down your throat by your manager, or just retarded. Companies pay hundreds of thousands for "support" per year, for the same money they could train an administrator, buy the equipment and lots of replacements and have a go at it.
Instead of hand waving it away, try to explain why exactly that wouldn't work? Because your corporate overlords don't do it isn't a fucking argument dipshit.

>Oh no we only have a small closet for our servers rack space is valuable
Maybe don't try to run a company out of your moms basement then and rent some facilities with enough room for everything you need, including servers.

Support contracts don't guarantee shit except "if you don't fix this within x hours we don't even have to sue you for our losses because you signed a contract that says you pay us whatever we lose", and they're happy to sign that because the ridiculous amount of money they are being paid is more than enough to make up for any eventuality that might happen.
If you actually want shit working you need redundancy, and if you don't have it no support contract will stop you from having to send your employees home for the day because "guaranteed response within 12 hours on business days" isn't worth shit in comparison to an in house employee who set the whole system up himself.

Get out of your fucking ass you arrogant prick

or the company ends up paying out more on sysadmins experienced enough to put your shit back together but the cost of keeping staff like this vastly outweighs the support contracts

You type all that condescending shit in your first 3 paragraphs and end with
>Get out of your fucking ass you arrogant prick

What shocking lack of self reflection.

>I have no argument, the post
Fuck off

I'm not even who you were replying to, I dont give a shit either way.

Well thank god you still found a way to be above me and whoever I'm arguing with, because you don't give a shit. That's great, go tell your mommy about it

>networking autists getting mad at each other

every time

Attached: 1513918676098.png (548x666, 361K)

>using enterprise grade router/firewalls/vpns for home
Fucking literal autist the lot of you.

Hardware is literal trash for companies after the EoS/EoL date. They're more than happy they don't have to pay for the autist to carry the stuff out.

>try to explain why exactly that wouldn't work? Because your corporate overlords don't do it isn't a fucking argument dipshit.
Yes it is and this just proves how little you know. Your colleagues or employers are the ones who approve purchasing new equipment.

>Maybe don't try to run a company out of your moms basement then and rent some facilities with enough room for everything you need, including servers.
You haven't seen a single SMB server room before have you? They are 99% small closets, I'm just telling you all this stuff so you know. Sorry if it's coming across as arrogant but that's a problem on your end.

>Support contracts don't guarantee shit except "if you don't fix this within x hours we don't even have to sue you for our losses because you signed a contract that says you pay us whatever we lose"
Again you're wrong, vendors try very hard to keep customers happy, this isn't consumer grade support we're talking about.

>If you actually want shit working you need redundancy, and if you don't have it no support contract will stop you from having to send your employees home for the day because "guaranteed response within 12 hours on business days" isn't worth shit in comparison to an in house employee who set the whole system up himself.
We mentioned redundancy above already, I'm not talking about cheaping out on equipment and relying on the support contract to maintain business critical services.

This in house employee is still needed to get things back up and running for sure but we're talking about replacing faulty equipment here, You'll still need your sys admin to import firewall config and reconnect the equipment in a rack. You're arguing that it makes more sense to buy duplicate equipment and leave it sitting unused until something breaks. Do you not see how bad that idea is? Do you buy spare cars for when one breaks down?

What hardware do you use for your home network? I was thinking about upgrading for the 2.5 release.

Attached: Screen Shot 2018-05-06 at 15.07.25-fullpage.png (2041x2405, 514K)

I have a Biostar 250btc mobo, a g4400 cpu and 4gb of ram left over from mining. Sold the gpus
Trying to repurpous this hardware
Is it worth buying an Intel dual nic card and putting it in there for pfsense?

If not having my car for one day would result in losing a lot of money I would absolutely buy 2 cheaper cars rather than one expensive car with better warranty.
Whatever response time you get with customer support, it is nowhere near just having spare parts lying around ready to replace whatever broke. Your router goes down, you plug in or even just turn on your spare one, meanwhile you troubleshoot the broken one to determine which part failed and replace that, now you have a replacement router again. Keep doing this forever, you just got better support than anyone could ever offer you.
You can also use it for testing new software configurations without jeopardizing your whole system. I really don't see a downside to investing that money into more parts instead of some nebulous customer support that will try to keep you just happy enough to not sue them for damages. Every dollar spent on customer support is a dollar not spent on redundancy and in house training, which saves much more money long and short term.

>You haven't seen a single SMB server room before have you? They are 99% small closets
I have seen those, except those server racks are never full. Never. If a company only needs a small closet with a single server rack, I guarantee you it's half full at most. And if it is more than half full, then management are fucking idiots and should probably be gassed, because surely people understand that their business will grow and if they don't even have room for 2 times as much server hardware, they might as well close their doors now because what gonna happen in a year will not be pretty.

I have that same case, it run an old Haslel Pentium, because that's what I happened to have lying around.

I got fed up with [pf, OPN]Sense and the lack of decent wireless drivers. Also the web interface wouldn't let me tell Unbound to do DNS-over-TLS. So I said screw that BSD crap and installed Debian and set up an nftables firewall, DHCP, unbound, and hostapd myself. Much happier with it now.

Setting up DNS over TLS on pfsense is easy. You probably entered the wrong commands.

Isn't (or at least wasn't) exposed in the web interface, so you get to go behind the system's back and edit a config file directly. Also they put it in some funky jail setup by default, so you get to hunt around for it, it's not like they just keep it in /etc/unbound/unbound.conf or anything. I think it was somewhere under /var. Sure I could dig into it to figure out how they'd set up the jail and how the config file gets put there and changed so that I could make sure that my changes to it a.) stick and b.) don't break anything (which is possible since pfSense is going to assume that you use the web interface instead of SSHing in and editing things)

But it was just easier to dump all that complexity in the bin and do it myself.

>Netgate XG7100
>intel backdoors

>turn on ips
>internet cock blocked at 85mbps

FUCK U UBIQUITI, I also hear IPS send it to ubiquiti servers and sends it back....

Wtf? It's literally in Services/DNS Resolver.

Attached: Screen Shot 2018-05-06 at 19.11.25-fullpage.png (2085x2760, 475K)

>not using a shitty dell pfSense box with mellanox connectx-2 sfp+ cards and a Quanta LB6M switch to get 10 gigabit ethernet throughout your house and take full advantage of your NAS speed.

Attached: 10gigfeels.png (1148x888, 600K)

>asking my network equipment to inspect traffic more thoroughly slows it down
no shit senpai

No, it really doesn't because in the end your all-star sys admin knows jack shit compared to a dedicated support engineer for that specific product. Relying on one or several people who you employ, and can leave at anytime, is setting yourself up for failure. People like you drive companies into the ground with issues that take decades to fix.

the point is they adding features they never thought about due to memes, and then it not even true ips if they send all your data to their server to check it and give it back to your router

>can handle UP to 30k packets/sec with 16Gbps total throughput
how retarded are you? assuming 9k MTUs, and the full packet being used, that would be 270mbit/sec. Using real world traffic like IMIX, it would be 10mbit/sec

It's 24 million packets per second, dude just typed it wrong.

In practice, the missing OpenVPN features haven't mattered to me, a home user, really at all. I run a RB3011.

I run a pfSense on an old HP i5-2400 desktop at work with a Quad-Nic for OpenVPN/IPsec. Solid as a rock.

Lol what? They don't do this so they can sue people (how does this point make any sense in the first place? they'd just fire the person working on it as that's not going to stick to the company that made the product) they do this because they need to keep the going with no/minimal downtime. Which means fast replacements are required and plenty of that equipment will be in a highly available or redundant setup in the first place.

hey now I haven't run a single company into the ground yet

>using a managed switch
>2018

>t, not out of school yet
You'll learn, young'n.

No monies for that shit my friend.

Mikrotiks are fucking gay

what's the benefit of having a DIY router over a cheap $20 TP-Link Router off amazon for a literal consumer?

>receives security updates
>doesn't shit the bed if you torrent