Good to know that an i3 is good enough for gigabit internets
Regarding Traffic Shaping, this hasn’t been my experience. Back in the day when I had only 4mbit of upload, traffic shaping ensured that my VOIP and SSH packets had ultra low latency compared to the HTTP uploads, or whatever else was going on. QoS != Traffic Shaping as well, IIRC. QoS is just packet marking, which may or may not be honored by upstream. Traffic Shaping requires you to actually have an upload slightly lower than the max, so that you organize your packets before they do.
QoS is a ton of stuff, traffic shaping falls under that umbrella. pfSense’s QoS service is a traffic shaper.
If you have extremely limited upload, it may benefit you, but otherwise it’s additional software processing of each packet - added latency and reduced throughput.
As for why pfSense, it is easy to use, and is the most supported whitebox routing software package.
Aight. that’s good to know. I’ve done a linux router in the past, I might stick with it, I don’t mind getting my hands dirty. I didn’t know PfSense included traffic shaping in QoS.
Thanks for the info! Seems it’s much simpler than I thought!
That is true, and has served me very well for my NAS and my Virtualization Server. It’s likely what I’ll end up doing, because the cost simply can’t be beat.
Sadly that HP290 is all sold out. Unless it randomly comes back into stock?
The HP290 does apparently randomly come in and out of stock, folks on the forum have reported snagging it. A Ryzen would be massive overkill for a firewall, but hey I’d be a hypocrite if I told you not to do things overkill…
Linux works just fine as a router, in fact packet latency will probably be slightly better than with FreeBSD (PFSense/OPNSense), depending on what you ask it to do. The main value-add for PFSense is a handy UI, which is good when your network isn’t coming up, family’s breathing down your neck, and you’re trying to muck around with iptables/nftables. OPNSense has decent wireguard support via plugin. Also, nothing wrong with running the VPN on a VM on your server, rather than on your router.
Most server boards (X9SCM-F would be an example) have a hardware watchdog, either via the PCH or the BMC. It’s managed from the OS. In the past, I just set my OpenWRT router to reboot nightly at 3am.
That’s why I use Shorewall. Provides me a friendlier way that I learned back in like 2004 rather than raw iptables. I do currently have my VPN running on a VM, but I’d like for it to be on the thing that does the routing, as it makes a few things easier, especially if I want to do split routing where some traffic goes through the router. The pathing is easier. Also, then my VM server can be rebooted, and fiddled with, while I’m on a VPN I live dangerously.
Thanks for the context! I’ll keep an eye on the HP290. It was sold out again just a bit ago
Good to know, but I’m probably not going to use pfsense for this router. I’m always a fan of sticking more than I need when it’s inexpensive, that way I can experiment with things if i want to.
Just wanted to confirm for you - I installed my HP 290 today as pfSense with a 16GB Intel Optane SSD and no other modifications. It can absolutely handle Gigabit, it flies.
I’m running OPNSense with the 16GB optane SSD. Hella fast.
I have noticed slightly slower speed tests than prior. My RB800 was doing 900mbit, and I’m getting about 700mbit. I also got about 700mbit with an iperf test. I can’t run an iperf test on the mikrotik hardware tho.
I am getting flexibility in tinkering, and openvpn, wireguard, etc. Seems to work great so far. I left the 500gb drive in there, but I may take it out.