pfSense Router - Doc-Ock

[JacobFW]

I've been wanting to build a diy router for several years now, and finally have the time and money to do it.

 

To be clear, this build is 90% I want to, and 10% I think it will help a few network issues I've run into.  But mainly I just have the itch to build another computer.

Although, I do have some plans I want to test, and if they work might give me options for future projects, but I'll go into those later.

 

Now pfSense is very well known for running really well on very low end hardware.  I do some have some spare parts (almost enough to build a whole computer), but the issue I have with using those parts is that I would really like to have this all in a small form factor, and the motherboard is atx.  In addition, I don't have a sff case that is suitable for where I need to put it.  So motherboard + case easily puts me over $100.

 

In addition, the general recommendation when building a pfSense router is to keep it as simple as possible:  have one network port for the WAN connection, and another port out to connect to a switch.  If you want wifi, then you should get a Wireless access point and connect it to the switch as well (pfSense does have support for wifi, but not the latest features, and only Atheros chipsets are well supported.  Look for wifi cards that have drivers for FreeBSD).

Since every motherboard for the last few years comes with at least one 1gb port, and most have at least 1 pcie slot, I could easily do a mITX build.

And that would meet my requirements....

 

 

but.....

 

I really want this to be as self-contained as possible, and on top of the extra space that en entire pc takes up (even a sff one), throw in a switch + an access point, and it's turning into a bulky mess (which I don't think I even have room for).

Also, while most switches are usually pretty decent and cheap, the access points tend to be more expensive, not as good quality hardware (which is the one of the main points of having a diy router), and I don't want to have to deal with an additional device to configure that will likely lack most of the customizations that pfSense offers.

 

So, I ended up buying a refurbished HP Z220 off ebay.  $66 for the computer itself + $30 in shipping.

 

Reference:  https://noteboox.de/HP-Z220-SFF-Workstation_1

 

 

The computer should be delivered tomorrow.

Ordered a couple of other items for it as well which might get delivered this weekend.

 

So, looking forward to this, and I'll try to keep this up to date.  Found some interesting things when researching parts for pfSense, so I'll likely post those as well later one.

 

 

[desertcomputer]

You should look at getting managed switch if you want do VLANs, if not you can grab 4QUAD Intel Nic and use that as your "switch" for future VLANs.

 

I would just buy a AP(access point) like second hand enterprise but Unifi AP are easier to setup and don't hassle with built in wifi card.

[JacobFW]

2 minutes ago, EMC said:

You should look at getting managed switch if you want do VLANs and stuff but if not you can grab 4QUAD Intel Nic and use that as your switch.

 

I would just buy a AP(access point) like second hand enterprise but Unifi AP are easier to setup and don't hassle with built in wifi card.

Yep to the first: already ordered a 4x1gbe nic.  Hopefully that'll come in tomorrow as well.

 

I am going to give it a shot at using pfSense's wifi manager.  I found an Atheros card that should suit my needs and was only $10.  I rarely do large file transfers over wifi, so I don't need high speed.  If that doesn't work, my current Tenda router can be reconfigured as an access point, so I'll use that.

 

[desertcomputer]

13 minutes ago, JacobFW said:

Yep to the first: already ordered a 4x1gbe nic.  Hopefully that'll come in tomorrow as well.

 

I am going to give it a shot at using pfSense's wifi manager.  I found an Atheros card that should suit my needs and was only $10.  I rarely do large file transfers over wifi, so I don't need high speed.  If that doesn't work, my current Tenda router can be reconfigured as an access point, so I'll use that.

 

I just worry about the range and stability. It probably be better if you reconfigured the Tenda Router as AP. Especially range will decrease if your pfsense is placed under cabinet etc.

 

Unifi AP currently have 250+ day uptime compare to my past consumer router which has to be rebooted every few day because client is not able to connect.

[JacobFW]

Didn't mean to wait so long between posts, but hey, shit happens.  I've actually already got PFsense installed (still working on getting everything setup), but I'll give some updates on what's happened since the first post.

 

The computer showed up.  Ran some tests and the hardware all checked out.  Only issue I had was that the windows 7 installation had some really weird corruptions.  Windows mem test was missing, and for some reason .NET  refused to install.  Sfc couldn't fix either.  A repair install fixed memtest, and I finally I had to wipe the drive and reinstall everything to be able to install .NET.  Might sound stupid to do all that since I'm just installing pfSense later, but I needed to verify all the hardware was working, and it's easier in an OS I'm more comfortable with.

 

Next post will cover some of the additional hardware I bought for the machine as well.

 

 

[JacobFW]

Just a repeat for anyone who didn't read the original post, or who did but this part didn't register:  this entire project is for fun.  I've been wanting to build a router for several years now, and I finally have the time and money to do this.  Because of that, I decided to have some fun with this, and that mean to some degree, going against the common practices the community recommends when building a pfSense router.  Specifically, I'm referring to what should be handled by your router, and what should be handled by other hardware. 

 

The general rule of thumb is that your router should have 2 ethernet ports, one to connect you to the internet, and one that you use to connect to a switch, and then you just connect any additional hardware to that switch.  If you want wifi, you should just buy an Access Point, and connect to that.  To be clear, pfSense does support more hardware than that:  you can have additional ethernet ports and it does have limited wifi support.  My goal was to make this router as self contained as possible.  That means multiple ethernet ports....

 

And built in Wifi.

(Yes, that is a PCI card.  Yes, I will explain why)

 

This was probably the hardest part to choose.  Officially, pfSense supports all wifi Cards that FreeBSD does, and FreeBSD pretty much only has decent support for cards that use the Atheros chipset, which isn't exactly something most manufacturers list.  Got lucky with this card, the TP-Link TL-WN951N v1, which I got from ebay in "Brand New" condition for $13.  So far, the wifi has actually been the most reliable part of the whole setup.  When I ping the router, I get around either <1ms, or 1ms. 

 

Now, for the ancient elephant in the room, why the hell am I using a PCI based card?  I can honestly say that this was intentional:  I was hoping to use a PCI based card, but I wasn't sure I would be able to use one once I found out I was restricted to wifi cards that used the Atheros chipset.  The reason I wanted to use a PCI based card, is because there's no point in wasting PCIe slots on a faster card. Not only is wireless N the fastest standard that pfSense supports, but due to all the walls in my apartment, even with my current dual band tenda router, I'm lucky to get 50mbps on speed tests.  Plus I just flat out don't do a lot of large file transfers over my wifi, and 50mbps works just fine for all my internet needs to my laptop and phone.

 

The router did come with 3 small 2db antennas.  I wanted to do better than that though.  I grabbed 2 8db tp-link antenna (yes, I know the actual db rating is not quite what they say on the package).  I only grabbed 2 because these antennas are thicker than the normal ones, and so there's not enough room for 3 large ones screwed into the wireless card (wink wink, nudge nudge, etc).  These were about $8 a piece from Frys (similar pricing online from what I saw).

 

 

For additional ethernet ports, I grabbed a quad port gigabit adapter.  This is the Intel I340-T4, which I got for $30, again off of ebay.

 

(Sorry, I know it's not very clear on here)

 

And finally I decided to go ahead and upgrade the cpu.  The machine came with an i3-3220, a  dual core @3.3ghz.  I changed it out with an E3-1275, a quad core @3.4ghz.

When I was originally planning this project out, I was hoping to find a sff x79 workstation, as that would give me a lot more flexibility for any future modifications, and since you can get low powered lga2011 8 core xeons for really cheap.  I couldn't find any OEM machines like that, and building one from parts would have quadrupled the cost of this entire project.  If that's what you needs it's actually not a bad deal, but it's a lot more than I wanted to drop on this.  The E3-1275 was a bit more expensive than I would have liked at $80, but I figured what the hell, and dove in.

 

Not as important, but I also spent $30 on a 120 Sandisk SSD from Microcenter.  Just flat out not interested in dealing with an aged work station hard drive. and it should improve the overall reliability of the router.

 

And finally, saving the best for last.

 

 

The Intel X540-T2, a dual port 10gigabit nic (as seen on LTT).  The idea of 10gbe connection was one of the inspirations for this project.  I had decided to run an ethernet line from my router in the living room to my gaming machine in my bedroom, after both wifi and powerline failed to meet my requirements.  I needed a white ethernet cable to blend in against the wall, but the only one I could find locally was a 50ft Cat 7 cable from Frys for $30 (actually a pretty damn good deal).  That got me thinking about 10 gigabit, and over the last few months I've kept my eye on ebay for any good deals, and managed to grab two X540-T2's, one for $80, and one for $90.  I haven't entirely decided what I'm going to do that will use them, but adding it to the router is a hell of a lot cheaper than a 10gig switch.

 

I think that's enough for the moment.  I've spent the last week testing all the hardware and making sure it works correctly.  I currently have pfSense installed and am working on getting everything setup correctly.

 

Until Next Time....