Pfsense with Modem/Router AIO Questions

Hello pfSense experts…

Here’s the quick and dirty… I am building a home server to utilize likely Unraid performing various file sharing, plex, surveillance AI & storage, ect.

I like the idea of pfSense (would be using a VM version in Unraid) however, I only have a single modem/router combo (https://www.tp-link.com/us/home-networking/cable-gateway/cr1900).

My question:

Is it possible to utilize the combo unit for both the modem and the wireless router within pfsense? I figure this is a long shot and the answer will involve purchasing a separate modem or router, but figured it can’t hurt to ask.

I think the first thing I would avoid here is running pFsense in a VM. It really needs to be on dedicated hardware like an HP290. Then you can turn your existing router to AP mode and use it for wireless. Or you can grab a used unifiAP and then run the controller software for that in an unraid docker.

I agree on not using PfSense in a VM especially if you are inexperienced with this type of setup. It’s not a noob friendly way to go at all. A better use-case for VMs for networking would be for pi-hole which some prefer to over pfBlocker-NG.

It is basically shunned upon to utter the idea of adding wifi to pfSense…mainly because the bsd/open source drivers for wireless devices is very hit and miss. It’s much easier to just use an older wifi router as an access point with dhcp turned off…that same device can also act as a network switch in some circumstances.

So that being said a typical setup example…

  1. ISP modem or one you provide that your isp will activate (Bridge Mode)
  2. PC or Netgear PfSense model (PfSense)
  3. Wireless Router (Access Point mode)
  4. optional switch (smart for VLANs or otherwise)
  5. Uninterruptible Power Supply

Your pfSense build can basically be darn near anything in the x86_64 family of pc’s. It’s recommended to use a 64-bit system with a modern cpu with AES-NI capabilities. Also need a dual or quad port nic and in the area of 4gb of ram. Avoid using the motherboard’s built-in NIC as they are usually Realtec and known to be wonky. If the manufacturer says they are Intel then it should work good. Ideally you would want this to be power bill friendly since it will be running 24/7.

The tp-link CR1900 is meant to act as both your cable modem and DHCP/firewall/router/WAP combo. Is this what is provided by your ISP? If not and you have the choice to use another modem, since you want to use pfsense you would be better off choosing a cable modem without firewall/wireless. Otherwise you would need to disable those features (bridge mode) in order to avoid double NAT when adding a pfsense firewall/router. Technically it is possible to run pfsense behind a NAT’d modem, but it is a huge PITA (ie you don’t want to do it).

Since you plan on running unRAID, you could install pfsense on unRAID to play around with it. That is exactly what I did when starting out with pfsense. But keep in mind it can be tricky. It requires better planning, as you could find yourself in a catch 22 situation, because your network connectivity is dependent upon pfsense but since your server is running it, if you stop the unRAID array for any reason your network is disabled, because docker and VM cannot run while the array is disabled. And there are many reasons to stop the array, including changing network settings in unRAID, for example. So, this is why most users will discourage running pfsense on unRAID.

As for wireless, there is a wireless TAB in Interface - Assignments in pfsense to manage wireless devices in pfsense, it is often recommended not to use it for reasons previously mentioned in this thread. It is generally advised to put the wireless access point(s) you use in bridge mode and assign them a static ip in pfsense. This ensures no DHCP conflicts (double NAT) between pfsense and WAP within your local network and also ensures that your WAP’s are always assigned an IP address in pfsense. Using this method the WAP handles the wireless connectivity, including wireless passwords, but pfsnese handles DHCP/firewall.

As others have said, buy an HP 290 for about $100, and use it as a standalone pfsense box. It will be less hassle. Pick up a WAP, such as Unifi AP Lite.