Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

pfSense hardware

Rilo Ravestein

FreeNAS Experienced
Joined
Mar 6, 2014
Messages
685
Personally I'd bridge that modem and run it. Very few people with similar hardware have reported the problem your having and I bet it's due to your somewhat obscure installation setup you have right now.
I would really like to believe it's that simple. However, the only "obscure" thing in my setup is the double NAT. When i will bridge the modem, the only change is that the home network will be connecting to the OPT1 interface of the pfSense box instead of connecting to the modem directly. Do you really think that's what is causing the issue here?
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,280
It's just a guess but I bet it has something to do with switch configuration and the fact that your switch is in between your modem and WAN.
 

Rilo Ravestein

FreeNAS Experienced
Joined
Mar 6, 2014
Messages
685
It's just a guess but I bet it has something to do with switch configuration and the fact that your switch is in between your modem and WAN.
I especially put the switch in between, since some users reported that could help. I now have the modem connected directly (dmz, not bridged) and I still have the same problem.

Btw, i'm always amused by the fact that even off-topic help here is better than on topic help at the pfSense forums. Or at least faster :)
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
5,897
I especially put the switch in between, since some users reported that could help. I now have the modem connected directly (dmz, not bridged) and I still have the same problem.

Btw, i'm always amused by the fact that even off-topic help here is better than on topic help at the pfSense forums. Or at least faster :)
Sometimes I think the majority of discussions here quickly stray into the 'off-topic'. Maybe the forums should be renamed "IT chit-chat with a dash of FreeNAS".

Anyway, double-NAT should be avoided. You want your modem to just act as a bridge. The WAN dropouts may be caused by a hardware problem with your modem. It might also be on your ISP's side of things. You should try to correlate WAN dropouts with your modem's event log. It will give you an idea what might be going on in between your modem and the ISP, and might be something as simple as a janky splitter (of course this only applies if you live in a house. If you're in an apartment complex - good luck with that.)
 

Rilo Ravestein

FreeNAS Experienced
Joined
Mar 6, 2014
Messages
685
Since both of you suggested it might be an issue because of double-NAT, i've taken the risk of the lady of the house leaving me and my children no longer recognizing me a a father... aka risk losing internet connection in the house... I had my ISP put the modem in bridge modus.

The fact that i am able to respond here means I survived and that that indeed solved the problem! :cool:

I am still a bit confused here, since i couldn't find anything in any log. But like @anodos said, probably an issue with the modem in that area. Which is still akward, since i had other WiFi routers behind it doing NAT before and never had any issues with those. Sigh... Network troubleshooting is hard sometimes. Does make me respect the "IT Guys" from the office more :p

Thanks for your both responses @anodos and @Jailer (also on the pfSense forum ;) )
 

Frallan

Newbie
Joined
Feb 2, 2016
Messages
11
I'm using pfSense on a A1SRi-2758F and so far I'm happy with it.

The user interface is a nightmare to navigate and the OpenVPN configuration is confusing to say the least. But the performance is there so it will have to do for now.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,280
Glad you got it figured out.

When you're setting up something new like this your best bet is to start simple and get a functioning system before you start adding layers of complexity. It makes troubleshooting unforeseen problems much easier.

When you say you had other wifi routers doing NAT do you mean you have the DHCP server running on each router that's connected to your LAN?
 
Last edited:

Rilo Ravestein

FreeNAS Experienced
Joined
Mar 6, 2014
Messages
685
When you say you had other wifi routers doing NAT do you mean you have the DHCP server running on each router that's connected to your LAN?
Yes indeed. Double NAT situation, quite a while ago, with a Linksys WiFi router. It's now just set as an AP (no DHCP, no NAT) of course ;)
 

Rilo Ravestein

FreeNAS Experienced
Joined
Mar 6, 2014
Messages
685
I'm using pfSense on a A1SRi-2758F and so far I'm happy with it.

The user interface is a nightmare to navigate and the OpenVPN configuration is confusing to say the least. But the performance is there so it will have to do for now.
Yeah, the GUI is far from intuitive. I hope the 2.3 release's new GUI is better. I'm going to wait for a while to upgrade however. Untill all bugs are killed.

I did manage to get OpenVPN running in about 15 minutes, using this as a starting point: https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server
 
Last edited:

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,280
Yes indeed. Double NAT situation, quite a while ago, with a Linksys WiFi router. It's now just set as an AP (no DHCP, no NAT) of course ;)
Ok was wondering if you still had them set that way.

Yeah, the GUI is far from intuitive. I hope the 2.3 release's new GUI is better. I'm going to wait for a while to upgrade however. Untill all bugs are killed.
If it weren't for the frequent updates required due to it being unfinished I'd be running it right now, it runs that good.

Download the installer and run it in a VM. The bootstrap conversion is much better to navigate than the current GUI. There are still several layers of complexity but I don't know how you could keep the functionality of such a feature rich software without the GUI being a bit complex itself. It's not all that different from learning the GUI for FreeNAS and we all seem to be doing ok with that once we learn to navigate it.
 

Rilo Ravestein

FreeNAS Experienced
Joined
Mar 6, 2014
Messages
685
...it runs that good.
How good is that? Is it running better than the current stable version (and i what area)? Or is it running just as well but with a better UI?
The bootstrap conversion is much better to navigate than the current GUI. There are still several layers of complexity but I don't know how you could keep the functionality of such a feature rich software without the GUI being a bit complex itself. It's not all that different from learning the GUI for FreeNAS and we all seem to be doing ok with that once we learn to navigate it.
I hear Sophos is doing quite well in that area. I haven't tried it myself though.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,280
How good is that? Is it running better than the current stable version (and i what area)? Or is it running just as well but with a better UI?
It runs flawlessly with everything that I use it for except for the Snort and pfblockerNG packages which haven't been ported over yet. As soon as it hits release I'm upgrading.
 

Rilo Ravestein

FreeNAS Experienced
Joined
Mar 6, 2014
Messages
685
It runs flawlessly with everything that I use it for except for the Snort and pfblockerNG packages which haven't been ported over yet. As soon as it hits release I'm upgrading.
Ok thanks. I'll keep an eye out over there.
 

Mirfster

Doesn't know what he's talking about
Joined
Oct 2, 2015
Messages
3,203
I really want to integrate pfSense into my network. I keep looking around at modern hardware options for small size and low power, but at the end of the day after adding up all the pieces I still can't seem to beat pfSense's own SG-2220 (which is just a rebranded Netgate RCC-DFF 2220 for $25 more).

Sure I could go with old PC hardware lying around but size and power usage matter to me. And I want enough CPU (and AES) to run VPN. I only need 2 NICs and my internet is 50 down/ 25 up (and not likely to increase).

Thoughts?
Yeah, I am considering this as well. Mainly due to the fact that I would like to be able to recommend this as part of a solution for some of my clients. Right now pfsense is running swimmingly on the old PC that I am testing it on, but I would rather have a small footprint solution. I have been looking at the SG-2440 and SG-4860 from pfsense. However, it looks like the NetGate has the exact same systems, but at ~$150.00 cheaper.

Just awaiting a response on if the units are capable of using 2.4GHz for one antenna and 5GHz for the other...
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,280
You'll be better off using a dedicated access point than trying to integrate wireless into the router itself. Wireless support in FreeBSD is abysmal.
 

Mirfster

Doesn't know what he's talking about
Joined
Oct 2, 2015
Messages
3,203
You'll be better off using a dedicated access point than trying to integrate wireless into the router itself. Wireless support in FreeBSD is abysmal.
Hmm, hadn't thought of that. So if it is really that bad, then perhaps I should just forget the antennas and simply let the existing AP(s) attach... Would save me costs on the antennas :)
 

Mirfster

Doesn't know what he's talking about
Joined
Oct 2, 2015
Messages
3,203

JJT211

FreeNAS Experienced
Joined
Jul 4, 2014
Messages
315
Yea, its way easier to just convert your wifi router into an AP. You'll get much better performance as well.
 

Mirfster

Doesn't know what he's talking about
Joined
Oct 2, 2015
Messages
3,203
Yea, its way easier to just convert your wifi router into an AP. You'll get much better performance as well.
Agreed. I have 3 (or is it 4) APs. Just want to also check to see how well wireless did perform. Unit should arrive mid of next week, so I will be able to tell then. /For some reason I am all giddy... Hmmm.. new hardware....
 

ric

FreeNAS Experienced
Joined
Dec 22, 2013
Messages
168
I fired away about a month ago and purchased the below for my pfSense build:

Supermicro C2558 Rangeley (2.4 ghz, 4-core, AES-NI and Quickassist enabled, 4 ports)
4gb ECC RAM (Had to go ECC here as non-ECC isnt supported on this board)
30GB mSata w/ 2.5in adapter
80W pico PSU and PS
M350 Mini-ITX Enclosure

Total cost = $380 USD

All parts from Amazon except board (Ebay $250) and RAM (Newegg $40)

A bit pricey for a Router/Firewall I know, but AES-NI was a must as I planned to move my traffic over VPN.
The big brother C2758 is what I'm going to purchase right now.

So how's your pfsense router/firewall running perfect?
 
Top