PFSense use and hardware?

[stinger608]

So, recently I purchased a 30' travel trailer that I am planning on living in with the wife and do some full time RV'ing in just a little over a year.

I'd like to be able to have good internet service on the road. Many of the RV parks have WiFi and hard wired internet so I want to ensure that my internet is secure. Both wired and WiFi.

Is PFSense the proper service for this? Any other great ideas from our awesome members?

What kind of hardware am I going to need? Will a full time used computer be able to run it along with using the system?

I've never had PFSense nor have I ever been around to learn how it is used and what the best settings are for it. If someone has a link for learning it and using it I'd much appreciate it.


As I asked, if anyone has other ideas and options I'd love to hear about it.

Thanks in advance

 

[FreedomEclipse]

Link to PFsense hardware requirements...

2018 'getting started' PFsense video guide

you can basically run it with a potato. (preferably a baked one with some macaroni cheese) real SFF PCs like the Intel NUC and all that would run it pretty easy. just grab an extra USB wifi dongle so you can set it up as a hotspot.

Never ran this software before so this is the best i can do before more experienced people get here.

 

[moproblems99]

In all honestly, you would likely be perfectly fine using a router builtin firewall. The chance of there being an Uber 1337 h4xor in an RV park is rather small. That said, I only have used smoothwall myself as I have heard that pfSense can be tricky to setup correctly. As freedom said, it can be run on a potato but I prefer to fill mine with BBQ.

I have always wanted to get one setup using this just for something to do. They are expandable with mpcie: https://linitx.com/product/pc-engines-apu2-d4-system-board-with-4gb-ram/15781

 

[Kursah]

pfSense is pretty awesome, it's my go-to for most situations when I have a choice. I work with Cisco, SonicWall, Sophos, Netgear, Ubiquiti (also like this brand a lot), Fortinet and Juniper gear as well. Been using pfSense for years both at home and professionally with excellent results overall, and the improvements in 2.4 have been great overall, 2.5 should be equally awesome once it drops. It has a pretty solid GUI in the 2.4.x version that's live now too. An old/small PC with two NIC ports is a solid way to go but not necessarily required.

You could always buy a Netgate SG-1100, for $159 it would be a pretty solid unit. I built my own pfSense box, but I also wanted to run web caching, IDS/IPS, and some other stuff to get more familiarized with more advanced aspects most wouldn't touch. I've seen a lot of folks use old laptops, old PC's, old NUC's, etc. as pfSense boxes. I ran my network on a Hyper-V VM for almost 6 months at one point, it worked so well I forgot I wasn't using the box I built (until I went to setup Squid and Snort that is...). It does help to have a decent grasp on networking, but even if you don't there's a lot out there to find about how to setup and use pfSense and many other router OSes.

Some folks buy some cheap mini PC's off of a site like Alibaba and use that, I almost went that route but decided I wanted to make sure I had a CPU that supported accelerating AES encryption as I knew I'd be running multiple road-warrior and site-to-site VPN's, mixed between IPSEC and OpenVPN. Again stuff most users won't really dig into too far.

Keeping in mind, most all of the builds/suggestions I'm making about a router do not include WiFi, you can go that route, but I personally prefer to have a dedicated wireless access point. Even if it's a repuprosed home-grade WiFi router (many have an AP mode or you simply disable DHCP, firewall, DNS services to achieve a similar effect.)

Here's some info about building one:

• https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/
  • Note: Using a Linux distro and iptables is a good way to go if you're into CLI.
• https://arstechnica.com/gadgets/201...build-faces-better-tests-tougher-competition/
• https://www.servethehome.com/hp-t620-plus-thin-client-and-firewall-vpn-appliance/
• https://www.hagensieker.com/wordpress/2018/04/27/pfsense-hardware-firewall/

One could also look at Ubiquiti Unified Gateways, they're pretty solid little units and the UniFi GUI is awesome. I recommend looking at Ubiquiti UniFi AC-series (Lite or Pro should suit most) for a solid wireless access point option that provides business-grade wireless networks at a good price. Another good WAP mfg to look at is EnGenius.



Edit: FWIW here's my pfSense build:

• Asus N3150-C
  • (Soldered) Celeron N3150 4 core CPU w/AES-NI.
  • Stock fanless cooler keeps CPU at very acceptable temps.
• 8GB DDR3-1600 1.35v CL9
• 120GB SSD SATA
  • 70GB is used for web caching.
  • I removed the 5.25 drive cage and installed this SSD sideways with the intake mesh, keeps airflow good and is good enough mounting for the SSD.
• In-Win BP655 (inc. 300W SFX PSU)
  • Relies on PSU's fan for exhast, CPU's only hit 50C in the Summertime.
• Intel Pro 1000/PT Dual-Port Gigabit NIC - PCI-e 4X
  • Excellent for this kind of build when you need extra NIC ports that are super reliable and cheap off of eBay.

 

[stinger608]

Wow, that's some awesome information @Kursah !!!!! Thanks so much brother for all the work you put into that post man.

Do you think that getting a good quality router that will accept DD-WRT would also fit the bill?

 

[Kursah]

Absolutely. You'll have to see what's out there though as I don't keep up in what's able to run dd-wrt anymore. But they keep a pretty good list. I believe the last router I picked up and slapped dd-wrt was a Linksys EA2700 for dirt cheap as a travel router for work. Wireless N600 and gigabit Ethernet. CPU is pretty weak but it still works well enough for a few devices.

I also like Asus routers with Merlin firmware, which is modified stock AsusWRT. It's easy to use and a little more capable with MerlinWRT. Can be tricky to flash them over but @jsfitz54 can help you out if you go that way. The Asus routers I have are the AC-66R(refurished 66U) and an AC-68U, both in AP mode ATM.

 

[moproblems99]

I also like Asus routers with Merlin firmware, which is modified stock AsusWRT. It's easy to use and a little more capable with MerlinWRT. Can be tricky to flash them over but @jsfitz54 can help you out if you go that way. The Asus routers I have are the AC-66R(refurished 66U) and an AC-68U, both in AP mode ATM.

I can vouch for that. I have an Asus with Merlin. I used to run tomato but it was becoming a pain to find a fork of tomato or OpenWRT that was confirmed to work with newer routers.