hpger.blogg.se - Firewall pfsense hardware

Part 2: My First Failed Setup - Using KVM to virtualize pfSense on a debian host Setup C is ultimately the one I ended up going with.

The processor also supports AES-NI extensions and the E3-1270v3 should have more than enough power to handle our workload. Setup C: The eBay Setup ($325)įor $325, we get 6x 10gbe copper ports all in a nice 1U package at half the cost of our amazon setup. Since fiber is actually cheaper with this build, I opted to use fiber instead of copper.

According the the Intel Website, the CPU supports AES-NI extensions so we're good to go on that end. Using a refurbished desktop and a new 4-port 10gbe NIC adds up to just about $700. Although tempting, it's a bit out of my price range. We get all the benefits of support and hardware we know will work reliably in any setting. It's about $1000 for an out of the box 10gbe pfSense solution from the company that develops pfSense. Routing 10gbe traffic is easy enough, but we need to have a beefier CPU with AES-NI extensions to get any sort of performance out of OpenVPN. The machine itself should be able to handle the load of both routing 10gbe traffic and the added computational load of encrypted OpenVPN traffic. We either need a machine that comes with a 10gbe NIC, or we need to purchase a 10gbe network card. Part 1: Purchasing the hardware Requirementsīefore we begin, we need to secure some hardware.

( Future) We want the OpenVPN clients to be able to talk to the LAN devices.

We want the LAN devices to be able to connect to the internet.

We want the LAN devices to be able to talk to each other.

To function as a router, we want one port to talk to the internet (WAN) while the other ports are part of the same LAN network.

( Future) We want to setup OpenVPN to allow external clients to connect and access the lan resources such as the NAS server I have on the intranet.

We want performance acceptable enough so the LAN network isn't the bottleneck.

10gbe equipment is usual expensive, but we want to build this on a budget.

Also note that I'm not a network engineer nor that experienced in FreeBSD, so this guide is geared more towards more users with little experience in FreeBSD / pfSense.ĭifficulty: Novice - Intermediate The End Goal: I'll also be going over mistakes I've made so hopefully anyone following a similar build will minimize the time they waste. However, after going through a lot of trial and error and failing to find a simple tutorial, I've felt it would be best to make a guide for others that may be wanting to tackle the same thing. I wasn't originally planning on writing a post about my budget 10gbe router build.