Building a pfSense Box

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Building a pfSense Box

1 | 2 | 3 | 4 | 5

141 posts

Master Geek

#1662345 1-Nov-2016 22:09

geoffwnz:
mdf:

geoffwnz: Ok, so Advanced Tomato is on the router but now it can't find the internet.
Finding the interface somewhat painful to negotiate currently.
I think I need to set the vlan tagging but I can't figure out how to do so.
Any assistance appreciated.

Advanced Settings --> VLAN --> tick the box to enable tagging on the WAN port. There's some notes at the bottom too.

Disclaimer: My install is (fingers crossed) tomorrow so haven't confirmed that this actually works yet.

Set that but it still doesn't seem able to pick up dhcp address.

Edit:

Actually appears that it won't save the setting. So I'm not sure what's going on there.

TO be honest, I am seriously considering switching back to stock firmware since I cannot even get this to work. That, at least worked and gave me 500-600Mbps. THis is giving me 0.

If you have team viewer I'm happy to help you out tomorrow. Or I can pm you and if you send some screenshots I can try to point you in the right direction

geoffwnz

1587 posts

Uber Geek

ID Verified

#1662349 1-Nov-2016 22:11

Ipv89:
geoffwnz:

mdf:

geoffwnz: Ok, so Advanced Tomato is on the router but now it can't find the internet.
Finding the interface somewhat painful to negotiate currently.
I think I need to set the vlan tagging but I can't figure out how to do so.
Any assistance appreciated.

Advanced Settings --> VLAN --> tick the box to enable tagging on the WAN port. There's some notes at the bottom too.

Disclaimer: My install is (fingers crossed) tomorrow so haven't confirmed that this actually works yet.

Set that but it still doesn't seem able to pick up dhcp address.

Edit:

Actually appears that it won't save the setting. So I'm not sure what's going on there.

TO be honest, I am seriously considering switching back to stock firmware since I cannot even get this to work. That, at least worked and gave me 500-600Mbps. THis is giving me 0.

If you have team viewer I'm happy to help you out tomorrow. Or I can pm you and if you send some screenshots I can try to point you in the right direction

I don't unfortunately, plus I'll be at work. Screenshots might help. Currently plugged back in via the HG659 again, daisychained to the R7000.

MotorDrive Rallying

Ipv89

141 posts

Master Geek

#1662351 1-Nov-2016 22:12

Sounds good I'm up at 5 tomorrow so if you send some to me I'll take a look and reply in the morning

Ipv89

141 posts

Master Geek

#1662354 1-Nov-2016 22:18

geoffwnz:
Ipv89:
geoffwnz:

mdf:

geoffwnz: Ok, so Advanced Tomato is on the router but now it can't find the internet.
Finding the interface somewhat painful to negotiate currently.
I think I need to set the vlan tagging but I can't figure out how to do so.
Any assistance appreciated.

Advanced Settings --> VLAN --> tick the box to enable tagging on the WAN port. There's some notes at the bottom too.

Disclaimer: My install is (fingers crossed) tomorrow so haven't confirmed that this actually works yet.

Set that but it still doesn't seem able to pick up dhcp address.

Edit:

Actually appears that it won't save the setting. So I'm not sure what's going on there.

TO be honest, I am seriously considering switching back to stock firmware since I cannot even get this to work. That, at least worked and gave me 500-600Mbps. THis is giving me 0.

If you have team viewer I'm happy to help you out tomorrow. Or I can pm you and if you send some screenshots I can try to point you in the right direction

I don't unfortunately, plus I'll be at work. Screenshots might help. Currently plugged back in via the HG659 again, daisychained to the R7000.

One thing I forgot to mention. When you look at vlan 10 double check that it's on WAN and the the tick box for tagged is checked

geoffwnz

1587 posts

Uber Geek

ID Verified

#1662361 1-Nov-2016 22:40

Ipv89:
geoffwnz:

Ipv89:
geoffwnz:

mdf:

Advanced Settings --> VLAN --> tick the box to enable tagging on the WAN port. There's some notes at the bottom too.

Disclaimer: My install is (fingers crossed) tomorrow so haven't confirmed that this actually works yet.

Set that but it still doesn't seem able to pick up dhcp address.

Edit:

Actually appears that it won't save the setting. So I'm not sure what's going on there.

If you have team viewer I'm happy to help you out tomorrow. Or I can pm you and if you send some screenshots I can try to point you in the right direction

I don't unfortunately, plus I'll be at work. Screenshots might help. Currently plugged back in via the HG659 again, daisychained to the R7000.

One thing I forgot to mention. When you look at vlan 10 double check that it's on WAN and the the tick box for tagged is checked

Righto, that took a lot more hammering than I thought.
But eventually figured out how to actually set the VLAN tagging on. ANd make it stick.
Also found the Hardware NAT, named CTF in the firmware.

SO now I get:

Better than the 600 I was getting yesterday.

Possibly something else needs a tweak.

MotorDrive Rallying

Ipv89

141 posts

Master Geek

#1662363 1-Nov-2016 22:42

Since you have applied the settings try a reboot (via the interface) then run the test a couple of times

geoffwnz

1587 posts

Uber Geek

ID Verified

#1662371 1-Nov-2016 23:04

Ipv89: Since you have applied the settings try a reboot (via the interface) then run the test a couple of times

Much the same so far. Peaked at 780 once.

MotorDrive Rallying

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

mdf

3512 posts

Uber Geek

Trusted

#1665361 7-Nov-2016 21:30

Sorry to revisit an old thread, but FWIW both @Skillie and I are getting good performance (both wifi and gigabit throughput) from an R7000 with Advanced Tomato.

wazzageek

1093 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1666049 8-Nov-2016 21:18

Out of curiosity - has anyone tried a pfsense install on a PC Engines API 2C4? (like this https://nicegear.co.nz/single-board-computers/pc-engines-apu-2b4/

Nish

155 posts

Master Geek

#1668503 12-Nov-2016 12:52

In case anyone is wondering or wanting to know how to setup pfsense for the VF FibreX, I have a pfSense box up and running on my FibreX Max connection and I am seeing speeds up to 950Mbps or or which is better than the HG659 in my case.

- Select DHCP under the WAN interface

- Make sure you have no DNS servers configured under the DNS Server Settings and have the DNS Server Override box checked

- First thing you need to do is create your new vlan 10 tagged interface under Interface/ VLANs. Make sure you select the WAN interface as your Parent Interface as shown below

- Update your wan interface to select the vlan 10 interface you created

Just make sure the default rule to allow outbound internet connectivity is in place and you should be up and running.

Another thing to add, I have tried a few different alternatives now to replace the HG659 as I had to turn off my Fortigate firewall as it was barely scraping 600Mbps and its just at its throughput limit. I did build a pfSense box using an older MATX all in one thing I had and it wasn't really working so I gave up on it and borrowed a Mikrotik RB1100AHx2 and it was maxing out at around 750 - 800Mbps. I then grabbed a spare HP PC i had kicking around (Core i7 2600, 8gb ram, 4 port intel gig pcie nic) and set it up and it worked so have been using it since.

If this had failed, I might have looked at picking up an Ubiquiti ERL as people seem to be getting reasonable results with it.

webwat

2036 posts

Uber Geek

Trusted

#1673524 18-Nov-2016 12:03

The main requirement is that the CPU needs to be fast enough to keep up with the Gigabit cards. Even quite old hardware should be fast enough unless you want to do rate-limiting. I did this with pfSense once on an old pentium1 years ago, and I got reasonable throughput until i switched on the rate-limiting, the speed dropped to about 2Mbps even though I had the rate-limiting set to full speed. CPU becomes the bottleneck as you do more processing for the same throughput, so anything like packet inspection will need faster CPU. Worked well until the ancient hard drive developed bad sectors.

Time to find a new industry!

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#1673714 18-Nov-2016 16:32

So, it has come time to upgrade my PFSense box.

I have Two 16/1 ADSL links terminated on it, load balanced.

While the box itself is capable of routing that with ease, give plugin overhead (particularly when a gateway is being hammered and deemed to have high packetloss forcing a check_reload_status - EG all plugins restart etc) Queuing etc and it does struggle a little.

Actually moved off running Squid on it, as that really just bored things down even more.

Worth mentioning though along side the PFSense box, which is sitting on ESXi is a ELK stack and monitoring for it, both pretty high workloads for the poor little AMD X2 2ghz dual core it currently has!

C2750 is on its way to replace it, as it has become more than just a PFSense box, and more a Connectivity crucial Lab machine.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

chevrolux

4962 posts

Uber Geek
Inactive user

#1674607 20-Nov-2016 18:40

hio77:

So, it has come time to upgrade my PFSense box.

I have Two 16/1 ADSL links terminated on it, load balanced.

While the box itself is capable of routing that with ease, give plugin overhead (particularly when a gateway is being hammered and deemed to have high packetloss forcing a check_reload_status - EG all plugins restart etc) Queuing etc and it does struggle a little.

Actually moved off running Squid on it, as that really just bored things down even more.

Worth mentioning though along side the PFSense box, which is sitting on ESXi is a ELK stack and monitoring for it, both pretty high workloads for the poor little AMD X2 2ghz dual core it currently has!

C2750 is on its way to replace it, as it has become more than just a PFSense box, and more a Connectivity crucial Lab machine.

Sounds like time to just go ML-PPP with a Mikrotik and not worry about pfSense =)

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#1674686 20-Nov-2016 21:00

chevrolux:

Sounds like time to just go ML-PPP with a Mikrotik and not worry about pfSense =)

If it was not for the opportunity i had at hand, I would be, as i mentioned in an earlier PM :)

However in this case, it is quite simply a why not try it for the hell of it case... Actually reasonably decent results too.

This test was with load on the lines, still pretty reasonable results and as of yet actually have not had any issues usually linked with balancing (cdns are directed out their preferred links ofcourse)

Besides, i have other projects that i will be digging out this summer where realistically the link itself will be getting a sizable improvement at a fair expense..

Back to the point i was trying to make though, PfSense is a platform i love, it's not perfect, nothing is. however it has taken everything i throw at it with ease... I have simply outgrown my poor little dated CPU that i had re-purposed to do the task until i feel the market is right to snap up a good deal (be it i may have made the decision to make a large jump)

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

macuser

2120 posts

Uber Geek

#1706893 21-Jan-2017 13:07

With the Intel Pentium G4560 around the corner I'm probably going to sell my G4400 and upgrade to it. If anyone is keen on a 3 or 4 month old G4400 and brand new intel stock cooler please let me know, it's an awesome router CPU, but I need the extra threads from the G4560 so I'm going to upgrade :)

1 | 2 | 3 | 4 | 5