Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




373 posts

Ultimate Geek


#226064 18-Dec-2017 21:16
Send private message

Hi @hio77 @meesham

 

I am setting up a pc/router with pfsense on my 2degrees fibre connection..

 

What are some of the basic/typical settings I will need to modify?

 

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
'That VDSL Cat'
11936 posts

Uber Geek

Trusted
Spark
Subscriber

  #1921518 18-Dec-2017 21:20
Send private message

For 2D, what you will need is...

 

 

 

 

If you have a Fibre connection, use these settings:
- Username: Your username@snap.net.nz
- Password: The password you chose at sign up.
- Encapsulation: PPPoE
- VLAN ID: 10

 

 

The main difficult you will face, is making sure you assign the VLAN interface.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 




373 posts

Ultimate Geek


  #1921524 18-Dec-2017 21:38
Send private message

What about QOS for Fritzbox VOIP? any suggestions?

 

What have you generally changed in pfsense to suit your network??

 

 


 
 
 
 


'That VDSL Cat'
11936 posts

Uber Geek

Trusted
Spark
Subscriber

  #1921526 18-Dec-2017 21:41
Send private message

my personal network, is over engineered to the max.

 

 

 

Fritzbox will work behind; i would recommend throwing QOS on the upstream.

 

Currently i run FAIRQ with Codel.

 

 

 

Remember QOS on Downstream is pointless, All that can do is drop or delay packets.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


930 posts

Ultimate Geek


  #1921536 18-Dec-2017 22:07
Send private message

As hio77 says the main trick is assigning the WAN to the VLAN interface on the Interfaces -> Assignments screen. I'm using VOIP with 2talk and I haven't bothered with QoS, I only ran it on the upstream when I was stuck on ADSL2.

 

There's an issue with FreeBSD (which pfSense is based on) where PPPoE is handled by a single thread so you'll never get the full throughput, mine was limited to around 700Mb/s. I ended up switching to Orcon who had a good deal going and they use IPoE/DHCP so I now get full line speed.


'That VDSL Cat'
11936 posts

Uber Geek

Trusted
Spark
Subscriber

  #1921538 18-Dec-2017 22:10
One person supports this post
Send private message

meesham:

 

As hio77 says the main trick is assigning the WAN to the VLAN interface on the Interfaces -> Assignments screen. I'm using VOIP with 2talk and I haven't bothered with QoS, I only ran it on the upstream when I was stuck on ADSL2.

 

There's an issue with FreeBSD (which pfSense is based on) where PPPoE is handled by a single thread so you'll never get the full throughput, mine was limited to around 700Mb/s. I ended up switching to Orcon who had a good deal going and they use IPoE/DHCP so I now get full line speed.

 

 

technically you could just throw more cpu power at that problem ;)





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 




373 posts

Ultimate Geek


  #1921542 18-Dec-2017 22:13
Send private message

How much ram do you run? 4gb or 8gb?

 

 

 

Do you also run

 

- Squid - caching proxy?

 

- ClamAV?

 

 

 

 


930 posts

Ultimate Geek


  #1921544 18-Dec-2017 22:13
Send private message

hio77:

 

technically you could just throw more cpu power at that problem ;)

 

 

True :) I've got one of the J1900 Qotom boxes and CPU power definitely isn't one of its attributes.


 
 
 
 


'That VDSL Cat'
11936 posts

Uber Geek

Trusted
Spark
Subscriber

  #1921550 18-Dec-2017 22:18
Send private message

attewell:

 

How much ram do you run? 4gb or 8gb?

 

 

 

Do you also run

 

- Squid - caching proxy?

 

- ClamAV?

 

 

i ran squid when i had a 2/1 ADSL link.

 

 

 

At dual 20/1 links, There is very little that squid does to improve things to the point that i see it as worthwhile.

 

Since your on fibre, i would just roll it.

 

 

 

ClamAV, never ran. requires squid..





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 




373 posts

Ultimate Geek


  #1921551 18-Dec-2017 22:19
Send private message

I am getting Qotom-Q355G4 Mini PC Core i5 5250U


930 posts

Ultimate Geek


  #1921552 18-Dec-2017 22:22
One person supports this post
Send private message

attewell:

 

How much ram do you run? 4gb or 8gb?

 

Do you also run

 

- Squid - caching proxy?

 

- ClamAV?

 

 

I've got 8GB of RAM but that's probably overkill, I've never seen pfsense claim to get over 20% of memory usage. I'm not running squid, I don't think it's necessary anymore and I reckon ClamAV would stress my poor little gateway box too much, and with so much traffic now encrypted I'm not sure it's worth it.

 

Packages I'm running:

 

  • pfBlockerNG - for blocking 
  • bind - I run a separate DNS for the Kids VLAN that uses OpenDNS as the upstream server
  • telegraf - this sends traffic data to an influxDB database that is then used for a Grafana dashboard

I run 6 VLANs and the pfsense box controls access and routing between VLANs and does all the firewalling:

 

  • Management
  • LAN (main network)
  • DMZ
  • Guest
  • Kids (restricted access to the internet)
  • CCTV (no access out to the internet)

'That VDSL Cat'
11936 posts

Uber Geek

Trusted
Spark
Subscriber

  #1921554 18-Dec-2017 22:23
Send private message

I did run into an interesting issue recently, Where DHCP fed connection would have issues with throughput at load (average of a mbit less when considering the peeks and dips)

 

PPPoE connection did not suffer from the same...

 

 

 

 

 

This ended up being processor load from the monitoring stack that runs along side my PFSense instance (C2750 based esxi stack)

 

Correcting the CPU scheduling resolved this.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


930 posts

Ultimate Geek


  #1921556 18-Dec-2017 22:30
Send private message

hio77:

 

I did run into an interesting issue recently, Where DHCP fed connection would have issues with throughput at load (average of a mbit less when considering the peeks and dips)

 

PPPoE connection did not suffer from the same...

 

This ended up being processor load from the monitoring stack that runs along side my PFSense instance (C2750 based esxi stack)

 

Correcting the CPU scheduling resolved this.

 

 

Interesting, I've never virtualised pfsense but I was considering it before I bought the qotom.

 

My speedtest was downloading files off my gsuite account using rclone with 16 threads, that really stresses the connection. The best I ever saw with my 2D PPPoE connection was 720Mb/s over 15 minutes, but with the Fritzbox I could get almost 900Mb/s. With my Orcon IPoE connection it sat on 892Mb/s for 15 minutes.


'That VDSL Cat'
11936 posts

Uber Geek

Trusted
Spark
Subscriber

  #1921559 18-Dec-2017 22:39
Send private message

meesham:

 

hio77:

 

I did run into an interesting issue recently, Where DHCP fed connection would have issues with throughput at load (average of a mbit less when considering the peeks and dips)

 

PPPoE connection did not suffer from the same...

 

This ended up being processor load from the monitoring stack that runs along side my PFSense instance (C2750 based esxi stack)

 

Correcting the CPU scheduling resolved this.

 

 

Interesting, I've never virtualised pfsense but I was considering it before I bought the qotom.

 

My speedtest was downloading files off my gsuite account using rclone with 16 threads, that really stresses the connection. The best I ever saw with my 2D PPPoE connection was 720Mb/s over 15 minutes, but with the Fritzbox I could get almost 900Mb/s. With my Orcon IPoE connection it sat on 892Mb/s for 15 minutes.

 

 

Certainly an interesting experience..

 

Tempts me to go have a play ;)





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 




373 posts

Ultimate Geek


  #1922111 19-Dec-2017 19:10
Send private message

meesham:

 

  • Kids (restricted access to the internet)

 

What do you do here to restrict access? openDNS or more?


930 posts

Ultimate Geek


  #1922215 19-Dec-2017 22:59
One person supports this post
Send private message

attewell:

 

meesham:

 

  • Kids (restricted access to the internet)

 

What do you do here to restrict access? openDNS or more?

 

 

I've done the following:

 

  • Using OpenDNS as the upstream server with a restricted list
  • Only ports 80 & 443 are allowed out
  • The only other VLAN they can route to is the DMZ
  • Added the DNS entries into bind to force Google & Youtube safe search
  • They're using a locked down Ubuntu workstation
  • And most importantly - the PC is in the family area and they're always supervised

My kids are at an age where they're not looking for dodgy stuff, I'm just trying to avoid them finding it by accident - it's mainly used for games and the nzmaths.co.nz website anyway.


 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces 10th Gen Intel Core H-series for mobile devices
Posted 2-Apr-2020 21:09


COVID-19: new charitable initiative to fund remote monitoring for at-risk patients
Posted 2-Apr-2020 11:07


Huawei introduces the P40 Series of Android-based smartphones
Posted 31-Mar-2020 17:03


Samsung Galaxy Z Flip now available for pre-order in New Zealand
Posted 31-Mar-2020 16:39


New online learning platform for kids stuck at home during COVID-19 lockdown
Posted 26-Mar-2020 21:35


New 5G Nokia smartphone unveiled as portfolio expands
Posted 26-Mar-2020 17:11


D-Link ANZ launches wireless AC1200 4G LTE router
Posted 26-Mar-2020 16:32


Ring introduces two new video doorbells and new pre-roll technology
Posted 17-Mar-2020 16:59


OPPO uncovers flagship Find X2 Pro smartphone
Posted 17-Mar-2020 16:54


D-Link COVR-2202 mesh Wi-Fi system now protected by McAfee
Posted 17-Mar-2020 16:00


Spark Sport opens its platform up to all New Zealanders at no charge
Posted 17-Mar-2020 10:04


Spark launches 5G Starter Fund
Posted 8-Mar-2020 19:19


TRENDnet launches high-performance WiFi Mesh Router System
Posted 5-Mar-2020 08:48


Sony boosts full-frame lens line-up with introduction of FE 20mm F1.8 G large-aperture ultra-wide-angle prime Lens
Posted 5-Mar-2020 08:44


Vector and Spark teamed up on smart metering initiative
Posted 5-Mar-2020 08:42



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.