Thinking of going pfsense + WiFi6 access point...

Tengis

Supreme [H]ardness
Joined
Jun 11, 2003
Messages
6,076
Ive been on the edge of upgrading my wireless router for going on two years. Currently rocking a mid-end TPlink router (cant remember model off the top of my head) but its just not cutting it anymore. Ive got a home server with tons of storage that feeds video to Roku/Plex devices and my current router (rarely) seems to restart its self if 4+ devices are streaming and/or using Plex. My wireless network also seems to be taking a beating with the number of devices (TVs, laptops, phones, tablets, smart devices) slowly going up.

Ive got an older core2duo system with a microatx motherboard. It’s got dual gigabit nics on the microatx board and I figure I could buy a 4 port gigabit nic and I’m good to go. Slap something like a Ubiquiti access point in my house and I would be in way better shape then I am now.

I guess I’m just trying to get confirmation from someone else that going this route makes way more sense then buying a $200+ wireless router?
 
Yes and no. I assume you're wanting to add the 4-port NIC to pfsense to replicate the switch built into your current TP-Link setup. Instead of the 4-port NIC you'll need to get a network switch. Technically you can use that 4-port card, but pfsense will see them as interfaces and not as a switch and will have to route between them. It technically feasible but incredibly inefficient and will probably give you all sorts of other headaches. In fact, routing internal traffic at linespeed for 5 interfaces might actually overwhelm that C2D.

Also, check to make sure what the hardware is behind those onboard NICs. They should be Intel, Broadcom, etc. Realtek doesn't get along very well with FreeBSD. Are you going to run the Unifi controller as an always-on device on one of your existing systems? Just for configuration?

To me for home use it's about six one / half a dozen the other. Fiscally, you'll be about the same. I like to have a separate router and AP for several reasons of my own, but I could probably replace it all with a nice all-in-one unit and get better performance. The Unifi stuff has been very stable for me, but it's not as fast as the consumer-based equipment. The Unifi AC-AP-Pro is $135 on Amazon, and you'll need a switch. As long as you aren't using it for VLANs or anything, then any cheap thing can be used. I like the old 8-port unmanaged ProCurves that are dirt cheap, but Netgear makes decent small switches, TP Link, etc. I have flogged some of the old Netgear switches (metal GS-series) in imaging racks that managed to take out several old Intel rack switches.
 
I'll second iroc's first two paragraphs. I replaced my Asus router with a pfsense box (Haswell i5) and Unifi AC-nanoHD. Best decision I've ever made for my network. I use a 4-port Intel i350-T4V2 nic in the router as my setup needed 3 ports (WAN, LAN, DMZ VLAN for a home cell tower). The LAN goes straight into an older DLink $30 unmanaged gigabit switch and to the house, never had any hiccups with systems getting enough bandwidth to the internet, and system to system just bypasses the router altogether. My nanoHD is on a further switch down the line and also works perfectly with the controller software running on the file server. I don't game over wifi, so that may be an issue, but streaming high bitrate content from the server/'net is flawless.

The best reasons for pfsense over a new wifi router is getting the constant support and all the constantly updated security/adblock/customization modules available for addon. Stability has been rock solid, only downtimes besides OS updates have been for power outages. Also, if you go for an SSD or flash drive for storage, or just don't want to run the drive as much to save power, there is a quick and easy guide to create a ramdisk for all the temp stuff so it doesn't wear out the media (it can be a problem).

If you want VPN, you will need newer hardware with AES-NI. I think it can be done on the Core 2, but without hardware acceleration, speeds will be very low for lots of power consumed.
 
It just seems like consumer oriented wireless routers have always given me issues in one way or another. Right now with my Tplink the 5ghz band is basically unusable because it randomly seems to crash/restart the 5ghz whenever it starts to actually have any type of meaningful traffic. Ive read reviews of some of the affordable WiFi6 routers and there are a ton that point to similar issues that I have experienced in the past.


I'll second iroc's first two paragraphs. I replaced my Asus router with a pfsense box (Haswell i5) and Unifi AC-nanoHD. Best decision I've ever made for my network. I use a 4-port Intel i350-T4V2 nic in the router as my setup needed 3 ports (WAN, LAN, DMZ VLAN for a home cell tower). The LAN goes straight into an older DLink $30 unmanaged gigabit switch and to the house, never had any hiccups with systems getting enough bandwidth to the internet, and system to system just bypasses the router altogether. My nanoHD is on a further switch down the line and also works perfectly with the controller software running on the file server. I don't game over wifi, so that may be an issue, but streaming high bitrate content from the server/'net is flawless.

The best reasons for pfsense over a new wifi router is getting the constant support and all the constantly updated security/adblock/customization modules available for addon. Stability has been rock solid, only downtimes besides OS updates have been for power outages. Also, if you go for an SSD or flash drive for storage, or just don't want to run the drive as much to save power, there is a quick and easy guide to create a ramdisk for all the temp stuff so it doesn't wear out the media (it can be a problem).

If you want VPN, you will need newer hardware with AES-NI. I think it can be done on the Core 2, but without hardware acceleration, speeds will be very low for lots of power consumed.

I have a home cell tower too... its a T-Mobile device but I assume I could just plug this into the switch?

I currently have a home media server that is running Linux/OpenMediaVault. It’s running off of a thumb drive with everything being stored in ram disk right now. Ive had some issues in the past with power going off since I do not have a battery backup on it. At first I was thinking I could possibly mess around with putting everything on one box but Ive seen suggestions elsewhere that suggest not to?

I haven’t done a ton of research on pfsense which is why I was mentioning running the 4 port nic. As it sits right now, I could use my core2duo system with dual onboard Intel nics without buying any additional equipment and I would be good to go.
 
I have a home cell tower too... its a T-Mobile device but I assume I could just plug this into the switch?

Maybe? Mine is AT&T and it is super picky about what it will run behind and between the old Asus router and my pfsense, it can't be behind a proper firewall or it won't connect to the server, so I had to give it its own DMZ which was best set right off the pfsense box. If yours is running fine now without any special settings, you should be fine and can stick with the two onboard ports.

If you aren't a power user of VMs (I'm not), keep everything separated. I know it's been discussed as fine elsewhere on this forum, but I think the experts are right: Keep pfsense on its own box.

It can be daunting to get set up the first time (took me about a week after work to get everything set up properly), but once you've got it, you're set for good, and there is an option for backup of all settings to Netgate in case anything happens (or you migrate). There are plenty of tutorials to get you going and subscribed to the updating adblock/firewall lists, and there's help from some of us on here, too. The big thing that isn't mentioned anywhere, and really got me hard is that when you initially set it up, choose its IP address to be different from your current router's while you are setting up everything and installing packages. Made that goof and got frustrated why I could never login after initial setup and reinstalled a few times before figuring it out, finally.
 
Ive been on the edge of upgrading my wireless router for going on two years. Currently rocking a mid-end TPlink router (cant remember model off the top of my head) but its just not cutting it anymore. Ive got a home server with tons of storage that feeds video to Roku/Plex devices and my current router (rarely) seems to restart its self if 4+ devices are streaming and/or using Plex. My wireless network also seems to be taking a beating with the number of devices (TVs, laptops, phones, tablets, smart devices) slowly going up.

Ive got an older core2duo system with a microatx motherboard. It’s got dual gigabit nics on the microatx board and I figure I could buy a 4 port gigabit nic and I’m good to go. Slap something like a Ubiquiti access point in my house and I would be in way better shape then I am now.

I guess I’m just trying to get confirmation from someone else that going this route makes way more sense then buying a $200+ wireless router?
I thought PFSense required AES instructions now? If so the C2D won't work. You could try FRR however...but there is going to be quite a learning curve.
 
You should see if your TP-Link can run OpenWrt. Even if you don't stick with it's fun to play around with. As for your x86 router you should take a look at opensense not pfsense. https://opnsense.org/
All of opensense is free and you have to pay for some parts of pfsense. Opensense is updated more often. If you Do set up the x86 router you can use your TP-Link with OpenWrt and make it in to a switch or a AP. If you need any help PM me or give me a shout on twitter. https://twitter.com/openwrth?lang=en
 
You should see if your TP-Link can run OpenWrt. Even if you don't stick with it's fun to play around with. As for your x86 router you should take a look at opensense not pfsense. https://opnsense.org/
All of opensense is free and you have to pay for some parts of pfsense. Opensense is updated more often. If you Do set up the x86 router you can use your TP-Link with OpenWrt and make it in to a switch or a AP. If you need any help PM me or give me a shout on twitter. https://twitter.com/openwrth?lang=en

My router is a weird bastard child that doesnt support it. Last I looked there is a workaround for the version of my router I have, but a lot of people reported bricking their router. I may try it anyway and use it as an excuse to buy a new one if it dies.
 
My router is a weird bastard child that doesnt support it. Last I looked there is a workaround for the version of my router I have, but a lot of people reported bricking their router. I may try it anyway and use it as an excuse to buy a new one if it dies.
What is the model no of your router?
 
I thought PFSense required AES instructions now? If so the C2D won't work.

It doesn't anymore. It was actually reported long time ago that it will not need AES.
 
Back
Top