Wanting to build a home mesh network with pfsense

tntsniper

tntsniper

Weaksauce
Joined
Jan 6, 2007
Messages
84
Here's what I'd *like* to do:

Build a custom Rack Mountable pfsense machine. The use of pfsense would be basic/moderate network admin use. For wireless, i'd like to build a mesh network (like google wifi, eero, etc).

Where to begin?:

It's my understanding that *mesh* is actually a protocol in the sense that it provides a continuous signal with out loss of packets. From my research, adding standard Access Point's isn't the same, as these do not communicate with each other and there's a lot of degregation.

I'm not fully versed in this, but my goal is to have the control of pfsense and the wireless coverage of a mesh network. I can't seem to find the correct hardware to make this work. I would love to have the puck solution google offers and utilize their hardware to create a mesh network and then use pfsense as the backbone, but unfortunately Google wants full control, so you're stuck with their poor software and lack of options.

Any help would be greatly appreciated. I'm a n00b with networking, my basic understand is from a ac66u, port forwarding, vpn, etc, thats about it.
 
"mesh" is not an ideal solution

mesh simply means that instead of uplinking down the wire, accesspoints can connect to other accesspoints and extend the network... unifi access points can do this, but you're going to lose out on performance, they may not be as well designed for mesh as the new batch of "in" mesh networks from google or ubiquiti (https://www.amplifi.com/)

"mesh" network like this should only be considered if you absolutely cannot run wires to your properly placed access points...

also, pfsense pretty much has nothing to do with any of this... while it can be configured to run wireless, the support isn't great
 
tntsniper said:
Here's what I'd *like* to do:

It's my understanding that *mesh* is actually a protocol in the sense that it provides a continuous signal with out loss of packets. From my research, adding standard Access Point's isn't the same, as these do not communicate with each other and there's a lot of degregation.

I'm not fully versed in this, but my goal is to have the control of pfsense and the wireless coverage of a mesh network. I can't seem to find the correct hardware to make this work. I would love to have the puck solution google offers and utilize their hardware to create a mesh network and then use pfsense as the backbone, but unfortunately Google wants full control, so you're stuck with their poor software and lack of options.

.
Click to expand...

Standard APs don't talk to each other typically. Business-grade ones DO, and they will allow seamless handoff between APs. So you can walk with your device all over the house and never notice a drop and reconnect. This is really the best solution, and it's not too expensive. Ubiquiti APs can do this, and they run $100-140 each depending on which models you buy. You can run the controller and config software as a pfsense package. The ONLY downside is running the CAT5/6 from your rack to each AP in the house.

The new consumer "mesh" stuff just lets multiple APs talk to each other and bounce packets back and forth to the base station. Works OK in some cases, but you do lose performance with a bunch of hops compared to the above solution.

Regardless, as goodcooper mentioned, you can't really do this with pfsense. It's a great router/firewall solution, but it's not built to manage multiple APs.
 
Bandalo said:
Standard APs don't talk to each other typically. Business-grade ones DO, and they will allow seamless handoff between APs. So you can walk with your device all over the house and never notice a drop and reconnect. This is really the best solution, and it's not too expensive. Ubiquiti APs can do this, and they run $100-140 each depending on which models you buy. You can run the controller and config software as a pfsense package. The ONLY downside is running the CAT5/6 from your rack to each AP in the house.

The new consumer "mesh" stuff just lets multiple APs talk to each other and bounce packets back and forth to the base station. Works OK in some cases, but you do lose performance with a bunch of hops compared to the above solution.

Regardless, as goodcooper mentioned, you can't really do this with pfsense. It's a great router/firewall solution, but it's not built to manage multiple APs.
Click to expand...

Yes this is what I think I'm going to do. I was going to go with:

(2) UAP-AC-Pro's
POE Switch (I'm thinking going with a Unifi 24 port POE)
*Cloud Key*- If I'm correct, this is what I'll manage my network with? i.e. my admin dashboard?


I need to find some kind of firewall, I heard people say stay away from USG. Any advice?

I want to learn more about networking, become more versed and literally be able to grow into enterprise utilities. I've always enjoyed this side of tech, now its time to move on from the "store bought" consumer routers, to more advanced/business class networking.

Thanks so much for the help so far :)
 
pfsense would work great for that...

don't misunderstand, it's great as a router/firewall, just doesn't really have a whole lot to do with the wireless part...

and drop the cloud key, if you're wanting to learn more about IT, host it yourself on a linux VM, or, as was mentioned, try out the pfsense package and just put it on your pfsense box... i've not tried it myself, last time i ran unifi on a pfsense box i had to run it manually, it was quite the pain in the butt

i don't know that i'd consider pfsense a truly enterprise solution, but it'll certainly teach you a lot... i think it has it's place here in the SMB (i run a few pfsense boxes beside my edgerouter pro/lite fleet)... i think for running your own truly enterprise routing solution you're looking into something more along the lines of VyOS, which really isn't for beginners...

EDIT: also i'd drop the unifi switch and just get a edgeswitch... i kind of go back and forth on use-case for edgeswitches... it's kind of this weird middle ground device for people with enough infrastructure for SDN but not enough IT talent to manage it...

with one switch? just get the edgeswitch.... if you're a snazzy IT professional? still get the edgeswitch and just SDN-ize it yourself
 
http://www.ebay.com/itm/1U-Small-Bu...z-Quad-Core-8GB-RAM-4x-1GBE-NIC-/142194241440
http://www.ebay.com/itm/1U-Small-Bu...z-Quad-Core-8GB-RAM-4x-1GBE-NIC-/142194241440
because building one isn't as cheap as a pre-built.

Server Chassis/ Case


Products Chassis 1U [ SC512L-260 / SC512L-260B ] case is NEW
Motherboard

Supermicro X8SIE-LN4F motherboard tested refurbished
CPU Processor

intel Xeon X3470 2.93Ghz Quas Core
RAM Memory

8GB RAM tested refurbishes
Hard Drives/ Caddies

1TB SATA Hard Drive (No Software Included)
RAID Controller

On-board SATA controller
NIC Ports

Intel 82574L, Quad Gigabit LAN Ports
IPMI Management

Support for Intelligent Platform Management Interface v.2.0
Power Supply

Single Power 260W Low Power Supply
RAILS

Front Rackmount Ears
PCI-Expansions slots

comes with PCI-E X8 Riser Card
Click to expand...

not bad for a xeon. maybe a little overkill.
 
As an eBay Associate, HardForum may earn from qualifying purchases.
As an eBay Associate, HardForum may earn from qualifying purchases.
tntsniper said:
Yes this is what I think I'm going to do. I was going to go with:

(2) UAP-AC-Pro's
POE Switch (I'm thinking going with a Unifi 24 port POE)
*Cloud Key*- If I'm correct, this is what I'll manage my network with? i.e. my admin dashboard?


I need to find some kind of firewall, I heard people say stay away from USG. Any advice?

I want to learn more about networking, become more versed and literally be able to grow into enterprise utilities. I've always enjoyed this side of tech, now its time to move on from the "store bought" consumer routers, to more advanced/business class networking.

Thanks so much for the help so far :)
Click to expand...

The CloudKey isn't a bad device, but understand it ONLY manages your APs. It runs a software called "Unifi" from Ubiquiti. You can run that software on a desktop, a server, a small VM, a pfsense package, or elsewhere. I ran mine on the desktop for a while, and then I loaded it onto an old RaspberryPi 2 for a year or so and that worked perfectly. (plus it's $30-ish for that solution vice $80 for the CloudKey). These days I run it in a "docker" VM on my NAS.

You'll still need a firewall/router with the Ubiquiti APs. Pfsense is still great for that.

Last point - I wouldn't bother with a big POE switch unless you're planning on buying a lot more APs or POE IP cameras or something in the future. You've only got two APs planned, and they come with POE injectors. It's a tiny bit more wiring in your network closet, but a big POE switch is expensive and power-hungry by comparison. Just get a decent unmanaged or smart switch and you'll be fine.
 
You guys are awesome!! I'm researching everything you guys are saying so I understand more. I think I'm going to buy that on ebay.. I'll keep you guys posted throughout the process.
 
I'd think about an ER-X SFP, 2x UAP-AC-Lite & whatever non-POE switch has the connections you need. That'll save $150+ & still have all the toys you'll need for a while.
 
The nice thing witih pfsense and Unifi or similar solution is vlans. You can have several sub networks with different rules for access between each one. For example have a guest network that might be able to access a file server but not your whole network, or two wireless networks, one for you and one for guests etc... Possibilities are endless.
 
You must log in or register to reply here.
Back
Top