I'm getting real tired of ads on my phone, so I want to set up pfSense in my home network as a router, with a DNS server equivalent to Pi-Hole for adblocking, and an OpenVPN server for remote connection and encryption.
And since I'm diving into the topic, I thought I might set up Squid to act as a web cache to speed up downloads.
What other Gucci things might I do with pfSense, and what kind of hardware do I need to reasonably run the things I've listed while consuming a low amount of power? I don't really care about the form factor, but I've never owned a rack so I'm not sure if a rackmount would work.
At this point all I know is that I need a CPU with Intel AES-NI and some kind of Ubiquiti wireless AP.
I also went with a Ubiquity, I am running pfSense in a vm on a freenas box you can also add an IDS package like Snort.
Zachary Lee
pfsense does much better ad-blocking than pi-hole ever will. very easy to setup too. honestly, just order an expresscard gigabit nic and throw it on a laptop, works great imho
Robert Hall
If you go with OPNSense (which forked from pfSense a few years ago) you don't need AES-NI, they aren't making any move to require it.
Both are FreeBSD-based though, so you're right, you will have an easier time with an external wireless AP. I have an Atheros-chipset wireless card that Linux is fine with. Driver support out of the box, free and without blobs, hostapd fires up an access point on it with no problem. FreeBSD's docs said it should work, but pfSense didn't want to hear about it at all.
Xavier Ward
>laptop I wouldn't do that. I would buy a low voltage device that only draws ~5-10W. You can get something fairly cheap that will still exceed your needs.
Definitely install pfBlockerNG, Service Watchdog. Snort or Suricata and Squid with Lightsquid are neat. I can highly recommend the unifi AP-AC-PRO. Very easy to set up and has great features. You will also want a network switch.
Easton Thompson
Why don't you just use an Android ad-blocking app?
Luke Smith
t. brainlet that doesn't understand how much more powerful router level ad blocker is than a client side one
Jack Bell
Anyone have any recommendations for a dedicated machine for pfsense that isnt expensive?
Henry Gray
Enlighten me.
Lincoln Bailey
Would you rather block ad traffic for the whole network or just your phone? Also it's one less thing for your phone to have to process.
Colton Gutierrez
>how much more powerful router level ad blocker is than a client side one Not? Client-side ad blocking can block requests before they're made and modify response content to do cosmetic filtering as well. It's strictly a superset of what router-level ad blocking can do. The only advantage of router-level blocking is that you don't need a blocker on all your devices (as long as they never leave your home) and you don't have to waste the small amount of processing power to run the client side blockers on the clients.
Kayden Allen
I was thinking something along the lines of an Intel NUC, but apparently those all only have 1 NIC. I'm also interested in trying out Intel Optane for squid, but I'm not sure if I would see a performance speed boost without looking closer to find a motherboard with PCIe M.2 >no root required >w i n d o w s phone >works on all devices, even the ones that aren't yours >adblocking computations offloaded to remote DNS
Gabriel Lopez
As I continue to look up pfSense terms and hardware, I'm starting to see random enterprise-level websites around me start sending internal server errors.
Maybe I should start surrounding words with triple parentheses.
Zachary Nelson
>client-side ad blocking >router-level ad blocking
Please see You should always use something like ublock origin on your browsers. Especially on mobile devices and not on your own network. ublock origin ads more functionality. I've never not used uO but if I disable it I'm pretty sure the anti adblock wouldn't pick me up because I'm blocking it with another program on another device.
Kevin Powell
Use OPNsense. None of the weird licensing crap of pfSense and a nicer UI.
Kayden Bailey
How does licensing affect you for home use? And isn't UI subjective? Or are you talking about something else? Don't be vague.
Juan Jackson
>not on your own network that's not how router side blocking works
Hudson Cruz
>reading comprehension I am saying it's especially important to have an adblocker on your browser when you're not on your own home network.
Cameron Wright
Get a used Cisco 3650g-24ts on e-bay then you can do vlans and router on a stick with only one nic the switch is very quiet, if you go with the unifi ap-ac-pro then get the POE model the 3650g-24ps
It's got it all. I can't think of anything it doesn't have.
Matthew Edwards
oops i meant the 3560g cisco switches.
Logan Morales
>i7 Overkill, no?
James Perry
>Nigger
Dylan Perez
You're right, but they have equivalent models containing i3s and i5s. Because they're all dual core mobile CPUs, their performance is totally irrelevant compared to their desktop models, so I'm not really sure how to gauge what I need.
Henry Ross
before I configured suricata I had this skid try to break in and had to create a special list for him.
yes Power over Ethernet, the AP-AC-Pro has a power injector in the box and the POE switch might be a little louder that the non POE switch so it's personal preference I just wanted to add some POE security cameras and not have a bunch of power injectors all over the place.
I think you can install psSense on a Raspberry Pi, you will have to uses vlans tho, but might be fun low power use of that board.
Jackson Howard
qubes + whonix
Gavin Kelly
Of course this is still an issue at router level blocking. The ad-check scripts trigger if the ad script isn't loaded client side, no matter the reason. Could be a plug-in, hosts file, VPN, router block, whatever.
Brayden Brown
because i'm dumb and can't crop an image right, it's a celery N3160
Michael Sanchez
>None of the weird licensing crap
wtf pfsense is nonfree now?
Luke Collins
Has anyone with this setup figured out if uBlock will circumvent anti-adblock scripts even if it doesn't detect ads?
Christian Barnes
Kek
Aaron Kelly
well the adblock-checker is usually some kind of third-party script. Install uMatrix, and run it in default-deny mode.
Joshua Thompson
Is it impossible to find good PCIe NICs with PoE?
Luis Cooper
Use linux, IPfire.
Jason Watson
>Squid Is this even useful in modern times when so many websites are dynamic and a lot of content is HTTPS? Seems like you could go without it and save the CPU usage.
theoretically you could have a browser cache that's longer lived than on your computer. Or a browser cache that's universal to all your browsers on all your devices
Nathan Morales
How does it cache anything loaded over HTTPS?
James Miller
realistically, things that would matter if they were cached aren't served over https, and I'm not sure if torrent connections are encrypted either
