pfSense videp for a home enviroment (NOT homelab)

Hi,
I really really enjoy your videos and have learned basically everything about pfSense from your channel, been working in IT for a gazillion years scrambling around with all kinds of infrastructure and security systems for enterprise corporations…

But I got a bit of challenge a couple of weeks ago which I think a lot viewers have when it comes to pfSense…

So here is the story:
A good friend of my bought a pfSense three port router for home use, this little bad boy: https://teklager.se/en/products/routers/apu4d4-open-source-router
And a Ubiquity AC PROs for WIFI coverage in his apartment.

Hardware Layout is the following:
ISP - 1Gb up/down link
Router: pfSense 2.4.5 iso install
physical ports:
Port 1 - WAN
Port 2 - LAN -> 20 port unmanaged switch no Vlan :frowning:
Port 3 - Unifi AP attached directly with PoE injector

WAN - DHCP from ISP
LAN - 10.0.0.0/24 dhcp to wired devices
WIFI - 10.10.0.0/24 dhcp to wireless devices (IoT, phones and laptops)

Been working with Cisco/Juniper/Checkpoint in large corporate setups etc. but never setup a pfSense before, so hit your channel before heading over to help,
so i wouldn’t look like a complete idiot when I arrived to help configure this thing :smiley:

So he had got things going with the WiFi/LAN and also the internet was up, the first thing i noticed was the thru put was only 350/400Mbit on the WAN side so after some googling i ended up here:

So now performance is around 900 Up/Down… first hurdle solved but then came the list…

XBOX/PlayStation couldn’t connect properly (NAT etc)
Phillips HUE couldn’t connect to the iPhone (Ahvahi)
AD blocking dropping the PiHole (pfBlocker)
DNS was resolving internal machines on the ISP DNS (setup the DNS correctly)
WIFI devices couldn’t connect to the media server on the LAN (Firewall rules)
IoT devices not working (static dhcp and pfBlock issues)
Mail sent from work laptop not going thru… (VPN issues)
Wants outside access to the media server/ftp server (OpenVPN and port forwarding)

So as you can properly imagine this took far longer than just a beer on a Saturday afternoon, my biggest challenge here was actually to find the correct information, most videos out there are towards SMB networks or super nerdy over the top home labs setups, so figuring out a simple thing to fix the XBOX/PS4 issues was time consuming…

So a long story short, I think a good idea for a video is how to setup pfSense for a home environment, where the whole part on what is pfSense and how to install it is dropped because
this is covered in all pfSense videos out there… Skip directly to the configuration of services to be provided by the router, setting up WAN/LAN/WIFI interfaces in a secure but usable way. how to work with Ahvahi and these typical smart home systems etc.

If you are interested in more feedback please reach out since I have done this twice now and both locations it was the same challenges.

Keep up the good work
Regards
Anders Sogaard
Norway

1 Like

So I think the idea that pfsense is a plug-n-play solution is far from the truth if you want advanced configurations like these or sometimes basic configs. Pfsense is a very versatile firewall and with all this versatility comes a learning curve also. Pfsense’s documentation and community is actually pretty good so its a lot of reading and learning. Networking in general can be can a pretty big hurdle to begin with if you’re new and then trying to configure something a firewall to do what you want would be extremely challenging. So with that said, I think videos can only go so far. Everyone will a different use case/config/crazy setup. If people don’t people don’t like the time it takes to set one up then its probably not for them. I would, however, encourage people to use it if they really want to take the time to learn networking. :slight_smile:

Hey @Gromit your question is super broad, some home users perhaps come from their ISP modem to pfsense in one jump, that’s a pretty big leap ! If you can remember the first Broadband routers they had so many settings, with a constant risk of shorting, pfsense reminds me of those days !

However, I’d guess many users have the need for various services that are running on pfsense that don’t ususally come on expensive routers ! Otherwise a decent Asus router should be ok.

I’d always recommend in buying a vlan capable managed switch either new or second hand, with the view of segmenting your network with vlans. If you can get to that stage most of the hard work has been done, then you can more easily add additional services. Troubleshooting also becomes easier.

It took me a good 3 months to get my head around pfsense, then a further 6 months of tweaking to take advantage of the services I didn’t know even existed but I needed. I’m still doing battle with latency !

The cost of entry is pretty high if compared to a free ISP router. It will just take the time it takes but it will pay for itself in the end.

yeah I like what @xMAXIMUSx says pfsense is definitely not plug and play, it will take time to get your baseline configuration in place.

I looked at the article you posted and noticed on their screenshot that there system was running at 51% CPU. Assuming that they are they are running any additional packages on the firewall this would be concerning that they are essentially using 1.0 GHZ x 2 cores worth of CPU just for routing traffic between the WAN and the LAN. Make sure you thoroughly test this before putting it into production.