For 2D, what you will need is...

 

If you have a Fibre connection, use these settings:
- Username: Your username@snap.net.nz
- Password: The password you chose at sign up.
- Encapsulation: PPPoE
- VLAN ID: 10

 

The main difficult you will face, is making sure you assign the VLAN interface.

What about QOS for Fritzbox VOIP? any suggestions?

What have you generally changed in pfsense to suit your network??

my personal network, is over engineered to the max.

Fritzbox will work behind; i would recommend throwing QOS on the upstream.

Currently i run FAIRQ with Codel.

Remember QOS on Downstream is pointless, All that can do is drop or delay packets.

As hio77 says the main trick is assigning the WAN to the VLAN interface on the Interfaces -> Assignments screen. I'm using VOIP with 2talk and I haven't bothered with QoS, I only ran it on the upstream when I was stuck on ADSL2.

There's an issue with FreeBSD (which pfSense is based on) where PPPoE is handled by a single thread so you'll never get the full throughput, mine was limited to around 700Mb/s. I ended up switching to Orcon who had a good deal going and they use IPoE/DHCP so I now get full line speed.

meesham:

 

As hio77 says the main trick is assigning the WAN to the VLAN interface on the Interfaces -> Assignments screen. I'm using VOIP with 2talk and I haven't bothered with QoS, I only ran it on the upstream when I was stuck on ADSL2.

 

There's an issue with FreeBSD (which pfSense is based on) where PPPoE is handled by a single thread so you'll never get the full throughput, mine was limited to around 700Mb/s. I ended up switching to Orcon who had a good deal going and they use IPoE/DHCP so I now get full line speed.

 

technically you could just throw more cpu power at that problem ;)

How much ram do you run? 4gb or 8gb?

Do you also run

- Squid - caching proxy?

- ClamAV?

hio77:

 

technically you could just throw more cpu power at that problem ;)

 

True :) I've got one of the J1900 Qotom boxes and CPU power definitely isn't one of its attributes.

attewell:

 

How much ram do you run? 4gb or 8gb?

 

 

 

Do you also run

 

- Squid - caching proxy?

 

- ClamAV?

 

i ran squid when i had a 2/1 ADSL link.

At dual 20/1 links, There is very little that squid does to improve things to the point that i see it as worthwhile.

Since your on fibre, i would just roll it.

ClamAV, never ran. requires squid..

I am getting Qotom-Q355G4 Mini PC Core i5 5250U

attewell:

 

How much ram do you run? 4gb or 8gb?

 

Do you also run

 

- Squid - caching proxy?

 

- ClamAV?

 

I've got 8GB of RAM but that's probably overkill, I've never seen pfsense claim to get over 20% of memory usage. I'm not running squid, I don't think it's necessary anymore and I reckon ClamAV would stress my poor little gateway box too much, and with so much traffic now encrypted I'm not sure it's worth it.

Packages I'm running:

• pfBlockerNG - for blocking 
• bind - I run a separate DNS for the Kids VLAN that uses OpenDNS as the upstream server
• telegraf - this sends traffic data to an influxDB database that is then used for a Grafana dashboard

I run 6 VLANs and the pfsense box controls access and routing between VLANs and does all the firewalling:

• Management
• LAN (main network)
• DMZ
• Guest
• Kids (restricted access to the internet)
• CCTV (no access out to the internet)

I did run into an interesting issue recently, Where DHCP fed connection would have issues with throughput at load (average of a mbit less when considering the peeks and dips)

PPPoE connection did not suffer from the same...

This ended up being processor load from the monitoring stack that runs along side my PFSense instance (C2750 based esxi stack)

Correcting the CPU scheduling resolved this.

hio77:

 

I did run into an interesting issue recently, Where DHCP fed connection would have issues with throughput at load (average of a mbit less when considering the peeks and dips)

 

PPPoE connection did not suffer from the same...

 

This ended up being processor load from the monitoring stack that runs along side my PFSense instance (C2750 based esxi stack)

 

Correcting the CPU scheduling resolved this.

 

Interesting, I've never virtualised pfsense but I was considering it before I bought the qotom.

My speedtest was downloading files off my gsuite account using rclone with 16 threads, that really stresses the connection. The best I ever saw with my 2D PPPoE connection was 720Mb/s over 15 minutes, but with the Fritzbox I could get almost 900Mb/s. With my Orcon IPoE connection it sat on 892Mb/s for 15 minutes.

meesham:

 

hio77:

 

I did run into an interesting issue recently, Where DHCP fed connection would have issues with throughput at load (average of a mbit less when considering the peeks and dips)

 

PPPoE connection did not suffer from the same...

 

This ended up being processor load from the monitoring stack that runs along side my PFSense instance (C2750 based esxi stack)

 

Correcting the CPU scheduling resolved this.

 

 

Interesting, I've never virtualised pfsense but I was considering it before I bought the qotom.

 

My speedtest was downloading files off my gsuite account using rclone with 16 threads, that really stresses the connection. The best I ever saw with my 2D PPPoE connection was 720Mb/s over 15 minutes, but with the Fritzbox I could get almost 900Mb/s. With my Orcon IPoE connection it sat on 892Mb/s for 15 minutes.

 

Certainly an interesting experience..

Tempts me to go have a play ;)

meesham:

 

• Kids (restricted access to the internet)

What do you do here to restrict access? openDNS or more?

attewell:

 

meesham:

 

• Kids (restricted access to the internet)

 

What do you do here to restrict access? openDNS or more?

 

I've done the following:

• Using OpenDNS as the upstream server with a restricted list
• Only ports 80 & 443 are allowed out
• The only other VLAN they can route to is the DMZ
• Added the DNS entries into bind to force Google & Youtube safe search
• They're using a locked down Ubuntu workstation
• And most importantly - the PC is in the family area and they're always supervised

My kids are at an age where they're not looking for dodgy stuff, I'm just trying to avoid them finding it by accident - it's mainly used for games and the nzmaths.co.nz website anyway.