Home Networks

I was actually thinking of picking up a pcengine's apu2c4 once they come back in stock online as they are cheap and more than adequate for my 100/10 connection, although I have also been considering something like what you posted. As far as I can tell, the cpu's performance in a router really only affects the number of extra services you can run on the router, as well as max throughput, correct?

WWWWIIIIIIIIIIIRRRRRRRRR

When I was working at the guy that was in charge of processing RMAs from customers had a pile of system boards from RMA'd units that had been replaced. Mini ITX, J1900, 2 SODIMM DDR3 slots, SATA3. I think they were made by Intel but can't confirm the model because all the stickers were removed.

Threw pfsense on one with an Intel dual port PCIe NIC. Incredibly power efficient, I have literally never seen the CPU fan turn on by itself. Only problem is once 2.5 comes out I have to swap out the board because no AES-NI.

Just put it together today, quad-core AMD Jaguar system. Spent just under $100 in total. Using it for load balancing and failover.

Attached: pfsense.png (2310x2288, 582K)

Any reason not to use both?

Attached: Screen Shot 2018-06-16 at 1.07.35 AM.png (710x172, 36K)

>coreboot
Sauce on HW?

AES-NI = NSA backdoor

elaborate friend

I don't remember the specs.

Attached: IMG_20180510_220148.jpg (5312x2988, 2.36M)

>DB 25
>USB 3.0

oh shit nigger what are you doing

Not that user but you cannot audit AES-NI unlike the implementation in LibreSSL.

I have a fortigate

why does pfsense require it then?

Nvm I remember the IP

Attached: Screenshot_20180615-223336.png (1080x1920, 326K)

I've heard good things about openbsd on an apu2. My brother got one, but it was hard to set up, so he ended up just getting a Linksys router and installing LEDE. Hopefully we still find use for the apu eventually.

>172.16.1.1
you sick fuck

I like using the 172.16.0.0/20 private ip range.
I am using 100.64.0.0/10 for another network as well.

pf on a ~800mhz p3 dell with 512 ram. Good enough for my 30mbit.

Why do you use pf on such an old, power sucking device as opposed to simply using dd-wrt on a cheap purpose-built router?

I don't have any router, I just tether my phone.

Attached: Screenshot_20180616-085306.png (1080x1920, 104K)

Nice

Attached: happyfunrouter.png (1216x918, 146K)

what time period does the Interface Stats widget display for?

get a case, nerd

I just embraced the botnet and got a Google Wifi mesh system

Attached: IMG_20180402_112748_206.jpg (1440x1440, 315K)

r8? unfortunately my 5ghz dsoesn't reach the far end of my house very well, literally just a dining table i have at the opposite end of the house, but it's annoying enough for me to want to extend my wifi

>pfSense router
It cant run shadowsocks.

so?

It worked great, much better than using some chinkshit like the TP Link range extender. Worked, as in lately for the last 2 weeks I've been having strange connection or DNS issues. Called the ISP and they said it's not on their end, so... but before that it worked gr8.
Also, there is NO web interface; you need to use their botnet smart phone app. And the app leaves much to be desired in terms of settings if you're a power user (tm). Works well enough for my normie casuul self tho (side from the strange net issues mentioned)

Attached: Screenshot_20180615-204847_Google Wifi.jpg (1439x2693, 380K)

is there a simple bridge mode to basically just make it an AP for your main router?

If you mean using your current router but adding a G Wifi point, looks like that should work according to quick Google search

Shadowsocks is the only way to have uncensored internet access anywhere in the world.

How is it any different or better than a regular VPN?

It obfuscates traffic so it cant be blocked or throttled by DPI.

Wireguard does that too

A bit more overkill then that user. Although I also have one of the boxes you have pictured running the log server.

Attached: Screenshot_20180616_013014.png (1920x1080, 182K)

It doesnt.
>The packet format is highly distinguishable. Particularly the
message type is limited to "0x01..04". The sender/receiver index,
timestamp and counter fields also have obvious pattern.
>The handshake always happens first for once. But I understand it's
by design and we probably couldn't do anything about it.

redpill me on how to router in 2018
i have myself a D-Link 3682
are there any features im missing on besides, well, the internet access

Gotta say I'm pretty tempted to buy one of these as a dedicated pfSense box. Price seems quite low considering it's a bit of a niche product, what am I missing?

Attached: partaker.png (1358x609, 298K)

>200 fucking good boy points

Can someone recommend me a relatively cheap pfsense box that can be bought from EU. I'll gladly use your goodboy affiliate links for recommendations.

>Price seems quite low considering it's a bit of a niche product, what am I missing?
Not that niche, go look for the fucking thinks on aliexpress or one of the other chinkshit markets

Cunts pump them out by the millions so I guess that kind of weak mini-pc thing has some popular uses in china (probably screwed to the back of cheap tv screens as digital signage and shit like that)

Its a good choice if you need a good single core perfomance (eg 200+mbit ovpn) and multiple nics but otherwise you could get something cheaper like basic intel nuk n3050 with an ethernet *dongle*

Look into the APU2 boards, there are plenty of EU retailers
pcengines.ch/apu2.htm

change one of the external DNS to 1.1.1.1

don't want to only relay on one provider.

Why would you use pfsense? Just get Ubuitiqi or whatever it's called or Mikrotik.

Consumes less energy, better software, better hardware and faster vulnerability patches.

Depends entirely on what you're doing. Both Ubiquiti and Mikrotik products have been plagued with way worse vulnerabilities than pfSense has in their lifetime (see Chimay Red for Mikrotik et al).
Also, good luck getting any decent AES acceleration out of consumer/prosumer routing equipment to use OpenVPN et al with.

Definitely do consider the Ubiquiti APs though, as wireless on pfSense and friends is generally abysmal.

>Both Ubiquiti and Mikrotik products have been plagued
Memetik is shit but Ubqt is pretty secure. There is nothing except local privilege escalation which is not a problem on a router.
cvedetails.com/vulnerability-list/vendor_id-12765/Ubnt.html
It also could run shadowsocks or wireguard vpn at pretty decent speeds (edgerouterx 200-300mbit)

Huh, wasn't even aware that Wireguard had been ported over to the ER-X. Thanks, user.
I do maintain that pfSense is one of the most secure/flexible solutions out there though.

why would you use custom software on your routers?
t. brainlet

Neat I just set up a shadowsocks thing on my vps thanks friend

You can get a better thin client on eBay and a 4 port intel network card for half the price

I am I work from home and I use a lot of bandwidth both personally and for work. My ISP instituted a 1TB data cap within the last year and I’ve been going over it, for which they charge overage. I can pay an additional flat $50 for unlocked service, but I’m opposed to it on principal alone, and frankly it’s just too damn expensive (that would bring my shitty connection to $100 per month). Instead, I went with a sort of mediocre prepaid cable service which is 20/1–no contract, no data cap, but rather slow and prone to shitting the bed once I start using a lot of data. As a compliment to this, I purchased an LTE modem (hotspot) which I’m using with AT&T’s unlimited iPad service, which is about 30/8. I use pfSense to load balance between the two connections and to failover when I decide to take the hotspot outside with me, all automatically. Now I pay what I used to pay but I have a more flexible network, no data caps, and a fun Jow Forums tinker project under my belt.

More options, especially when running a server. For home use it lets you run openVPN in your router, which is nice

>that would bring my shitty connection to $100 per month
$120 plus tax*
(((Comcast)))

Firewall - Netgate SG-3100
Switch - HPE OfficeConnect Switch
1820 24G
WiFi - Ubiquiti UniFi AP AC PRO

Does using a fancy switch make a difference? I’m using a $20 unmanaged tplink and it seems to get the job done.

Not really for general use. I got it for free and use it to subnet my works network from my local to avoid collisions.

I really just needed something with more than 8 ports.

Bought it years ago. Not from this site though.
miniserver.it/apu-firewall-entry-level-3-nic.html

btw, I wouldnt buy this now if you plan to run pfsense. 2.5 will require aes-ni which this doesnt support. I'm planning on upgrading next year.

interesting thread bump

>Netgate SG-3100
Is it true that the LAN ports are only identifed as one bridged adapter? I'd like to be able to set them to separate LANs

Should have just got a unifi setup.

debian master race
>pfsense?
lol

What are the advantages?

>no aes-ni hw accel
Shame.
Hope you atleast get nic offload support

>nic offload support
Does it really matter at 1gbit?

Depend on the hardware.

Not being a botnet, better "ecosystem" and probably cheaper.

What makes the google system a bot net?

Different user but Jow Forumss definition of botnet is different from the traditional definition. I personally wouldn't use it because google is an ad company that sells your data and they design their software to make it impossible to stop.

A network of interconnected devices spying autonomously. How is it not a botnet?

how does google wifi spy? isn't it just wifi?

It's a google product attached to the internet. It probably does everything from user statics of access times and website usage to detailed mapping support for their GPS, ping attached devices, and review local access points.

that's interesting and much more insightful than "botnet", thanks

Also Google keeps track of what wi-fi hotspots its phones can hear at various locations, so that they can track your physical location even if you turn off GPS.

Isn't this the industry standard now? I think Apple does this as well and they're actually very privacy-oriented (I know this will get memed here but it's true) compared to Google

It's not that they're privacy oriented, it's that apple is far more aggressive in insinuating the public's opinion of itself.

Well yeah, because invading your privacy is the industry standard. Just because it's common doesn't make it good.

Apple is less invasive than Google is, but they still have some serious problems.

>It's not that they're privacy oriented, it's that apple is far more aggressive in insinuating the public's opinion of itself.
No, they really are privacy-oriented and do seem to care (as much as a company can) to err on that side of things. Their facial recognition is almost exclusively on-device, etc. They do a lot of things that just don't involve "botnet"-like activity because that's how the company is oriented at the moment. All of their profits come from hardware sales, too, so they really don't have any incentive to do otherwise, which is great.

Not saying they're magic™ or whatever but they're definitely a very privacy-forward company as far as megacorps go

> paying to have uncapped data
Absolute state of American ISP's.
How can America be so cucked?

And you believe this because?

If they were privacy-oriented they'd regard facial recognition as something that ought not to ever be done at all, like biometrics in general.

>If they were privacy-oriented they'd regard facial recognition as something that ought not to ever be done at all
this is just autism, go outside once in a while

>leave to get away from internet monitoring but apple sold their facial rec repo to the US Gov and now all the stop lights harass me for my opinion
Truly suffering

this is a funny meme but this is exactly what isn't happening and my entire point

>3 stop lights in a row
FUCK the botnet

The LAN ports all operate on the same 2.5Gbps backplane and I only have one hooked up to the switch since all my internal/vpn routing is handled starting there.

I haven't tried to separate the ports but you can probably break them apart with VLAN trunks/groups in pf.

>What makes the google system a bot net?
How gnu are you?

Juniper SRX300 and other things

intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc7cjyh.html

Is this good for pfSense, Jow Forums?