What's a nice and small but also powerful computer I can put pfSense on? I'd like to run an IPS and other little services and generally do whatever I want with my router.
Pic related is a common Chinese mini PC, which have decent processors for not terrible VPN throughput. There's some others that have things like SFP and some other I/O like an SD card slot that I'll definitely never have to use but I like having everything and being versatile.
Other urls found in this thread:
netgate.com
pfsense.org
pcengines.ch
github.com
suricata-ids.org
newegg.com
teklager.se
twitter.com
just get some ryzen itx
the patrician's choice
not OP but a big noob here. Would I be able to plug that router into any other wifi router? My GF has the last model apple airport extreme and the wifi is good enough to the point where i haven't bothered upgrading it. Would I be able to have this router connect to the apple router for wifi with the protection of pfsense? Until I buy an actual wifi access point that isn’t apple crap
I use one of those minipcs as router but mine only has two gbe ports.
Those things are quite awesome and very versatile because you can turn them into anything and the processor uses like 4W at max load on all cores, also supports AES-NI.
Yes.
Which one have you got? I got mine before the AES-NI requirement was announced, so I'm not sure what I'm going to do when pfsense switches to it.
Yes. I have a unifi ac-pro access point behind my pfsense box.
Should I just get the unifi security router instead? Because I was looking into those unifi APs too.
Sure?
>Which one have you got?
No idea, these minipcs are generic as fuck and come in a fuckton of different setups with different processors/ports/shapes if you look for "minipc" on Aliexpress. They don't have a serial number or anything.
Mine has a Celery N3160 with 8GB DDR3L and two mpcie slots, using one of them with a 32gb msata ssd for pfsense. It even handles stuff like proxmox with four VMs just fine.
These are good devices for a powerful but basic router; but for the price (especially the Netgate stuff), the hardware is very, very weak for running a roided out router with an IDS/IPS and other shit - very low VPN throughput, not much room to really go wild with it.
oh snap, nice
>pfSense
>Not OPNsense
Stop being a nigger.
Also this.
>useless pfsense fork because memes
ebin
>>OPNsense
Does it have anything like pfBlockerNG?
>pfsense
why user? why dont you just run OpenBSD with dhcpd, pf, and whatever else you need?
I bought one of these for really cheap used.
Gonna throw dd-wrt on it to replace my DIR-615 with ddwrt.
It would be cool to run my router with BSD or Alpine Linux . It's because I'm painfully lazy and can't get off my ass to learn how to be a competent CLI user.
IIRC, snort is single threaded so the more powerful the individual cores the more throughput you'll get. Unless you're running a gigabit circuit at home or something, any desktop-grade dual core or quad core should be more than enough for your needs. 2-4GB of RAM should be plenty, and any disk will be plenty for OS/logs since you don't really care about shaving 5 sec off a firewall's boot time.
>Useless fork because memes
>Useless shitter because memes
Try to build pfsense from source, protip you can't. github.com
Try shitting in the toilet, Patel, protip you can.
Sure, use the BIND plugin and set the blocklist with DNSBL.
Is that a router or a tent?
a headcrab
Suricata is multi-threaded and available in pfSense
pfBlockerNG has more to offer. Have you used it?
You're talking about the alerts and the reports?
I have never used it. I had pihole in a container when using pfsense, and kept it with opensense, so i'm not sure about the BIND plugin and DNSBL. You're right, it doesn't have pfblockerng, but the adblocking is in place.
Looks like they are half the price they were when I bought mine four years ago.
:3
I recall these having an issue that dissuaded me from getting one. It was either poor throughput on a gigabit network, poor vpn throughput, or both.
I ended up going with this board:
newegg.com
Which is significantly more powerful, versatile, and cheaper whilst still having roughly around the same power consumption. The downside is that it doesn't have the nice, slim form factor, and it was difficult to find a case for it that was both as small as possible and attractive. I did eventually find a wonderful case, though. You'll also need to source some RAM, storage, and a nice network card, which can all be found for dirt cheap on ebay.
Oh, and a picoPSU.
Could I skip having a router device and have my routing done by a VM running on my machine with pfSense/routing software?
dell optiplex i5 4GB RAM
there's too much to fuken learn
yes
easy, champ. one at a time.
there's always more to learn, we've all got that burden on us.
What is so special about pfSense that I can't do on OpenWRT?
I have an Turris Onmia with an mSATA SSD.
What is so special about OpenWRT that I can't do on pfSense?
>It was either poor throughput on a gigabit network, poor vpn throughput, or both.
Poor VPN throughput which is a fundamental problem with OpenVPN being single threaded, not the APU2 itself. If you run something like OpenWRT on it and use Wireguard, you get much better performance.
iktf its destroying my very soul
What's the difference between a regular router and a desktop running openbsd/pfsense/openwrt with a switch and wireless NIC? Like, why do I need a router for anythinf at all besides being a modem. I'm considering turning my OpenBSD home server into a router is all.
>why do I need a router for anythinf at all besides being a modem
Because routers and modems are two different things. One's a modem, one's a router.
The reason you would use something other than an off the shelf device? More horsepower under the hood and greater control through software. If you don't give a fuck about either of those, it doesn't matter to you, so you shouldn't bother with it.
I went out and got a modem that uses a chipset that matches the telecommunications cabinet up the street for better stability and it's put through a home built router running pfsense for greater control and options than any off the shelf router could provide.
Nobody learns everything any more, they specialise with a generalisation everywhere else.
Don't use PFSense. The owner is one of the biggest morons I've seen on the internet and keeps threatening to stop PFSense community edition. Use OPNsense instead.
i just connect a unmanaged switch directly to the modem. its as fast as it can be because theres no shitty arm processors and operating systems slowing it down like there is in routers.
wireless.
