pfsense router
- Thread starter rajil.s
- Start date
- Status
I've been using pfsense on Alix (nonobsd) for years until a lighting strike took off the alix board among other things in my house. I've replaced the router with a TPlink load balance router which keeps hanging every other day. With pfsense, it was very stable, just configure and forget it exists. Supports open VPN as well.
Where id you buy your alix board from ? price ?
Where id you buy your alix board from ? price ?
Haven't bought it yet.
Lightning strike effect through the telephone cable?
Did you have it hooked to the UPS? I don't want to use a UPS. How resilient is nanobsd to power cuts? Off the shelf routers are safe due to raw flash. I wonder whether nanobsd uses a readonly filesystem.
Lightning strike effect through the telephone cable?
Did you have it hooked to the UPS? I don't want to use a UPS. How resilient is nanobsd to power cuts? Off the shelf routers are safe due to raw flash. I wonder whether nanobsd uses a readonly filesystem.
It is very resilient to power cuts.
I've two internet connections, one from Airtel/ADSL and another from Alliance/Ethernet, I added the later recently, and the strike came via ethernet only. It took off everything that was physically connected on my network including the router & switches. I have not purchased the belkin 8 soc gold series spike buster which has phone & ethernet incoming protections as well. Yes my router is connected with a APC UPS.
I've two internet connections, one from Airtel/ADSL and another from Alliance/Ethernet, I added the later recently, and the strike came via ethernet only. It took off everything that was physically connected on my network including the router & switches. I have not purchased the belkin 8 soc gold series spike buster which has phone & ethernet incoming protections as well. Yes my router is connected with a APC UPS.
cyberwarfare
Galvanizer
Yes, I have run the nanoBSD version at 3 locations. Its very good and kept working after multiple power cuts. Unfortunately, the hardware did not fare that well - mobo died, PSU died, LAN port kaput - each occuring at a different location. At one location, with a full pfsense 2.2 build, the lightning strike took out the PSU, HDDs and RAM.
I have run it off a Sandisk Cruzer or HP v160w pendrive. I would recommend it if you dont need the advanced packages and can do with simple ones.
I have run it off a Sandisk Cruzer or HP v160w pendrive. I would recommend it if you dont need the advanced packages and can do with simple ones.
Thanks vbhoj74 and Vivek for your replies. This is what I was looking for
- Direct connection to wall wart (No UPS)
-Readonly file system on storage. I don't care about logs. Everything should be run from memory
- Failover to 3g
-Low power
- Snort will be good.
Any recommendations for hardware?
My present openwrt router sees multiple power curt every but been going strong for a few years.
- Direct connection to wall wart (No UPS)
-Readonly file system on storage. I don't care about logs. Everything should be run from memory
- Failover to 3g
-Low power
- Snort will be good.
Any recommendations for hardware?
My present openwrt router sees multiple power curt every but been going strong for a few years.
I've never tried switching off the log. But if you worry about the CFLASH getting full, do not worry, it flushes the logs on reboot. I've one installation with 1g Cflash, another on 4gb which went kaput after 5 yrs. It was my fault only, I added a ethernet cat5 cable directly to Alix from Alliance with no lighting protection.
I've set it up once with MTS 3g dongle, worked fine except with the dongle connected it does not used to take remote reboot.
Yes, you can do it. but i would advice against running snort on nanoBSD. Ensure you give it atleast 2gigs of RAM.
As for failover to 3G, yes, you can do that as well. Tested about 1.5 years back and works. However, remember it will keep the data connection active and use a couple of MBs daily to check link
As for failover to 3G, yes, you can do that as well. Tested about 1.5 years back and works. However, remember it will keep the data connection active and use a couple of MBs daily to check link
This is a deal breaker and something which was requested in pfsense 4 years ago (https://redmine.pfsense.org/issues/1388)
Paying for a continuous 3g connection to keep as a failover device will rack up the bill.
Yes, but TINA (unless some sort of dialup hack is achieved - which is also possible). Also, from what I see, the total usage will hardly cross about 100 MB in a month. You want enterprise class features, you pay for it
Yes, but TINA (unless some sort of dialup hack is achieved - which is also possible). Also, from what I see, the total usage will hardly cross about 100 MB in a month. You want enterprise class features, you pay for it
What sort of hack are you talking about?
I don't see any mobile data plan for long term with low volume data. What this means one has to shell out for gigabytes of data which will not be used. So it is not question of the data being used rather finding a plan for long term usage.
At the moment whenever my BSNL craps out i refill my data plan to get through a day and costs me 100 rupees.
Well, actually the hack would be to use a 3G data card with a device like TP Link 3020 and do double NAT. The TP link should be configured to switch on the device when internet traffic is detected - aka idle timeout option should be selected.
pfSense will be monitoring the link with the tplink on the IP of the tplink box. Make it less weighted so that it is not used when the main line is back.
I have always thought of this, but never ever put it in practise. So, if it does not work, sorry!
LAN <---> pfSense Box <<-Dual WAN->>
WAN#1 - Main ISP
WAN#2 - TP Link 3020 with 3G dongle in idle timeout mode. You may want to setup DMZ and DDNS on the TPLink box.
Also, you do have plans which have 1GB/month for 1 year @ 1300 from MTNL - guess BSNL should have a similar plan.
This is an interesting suggestion. How will the tplink router find out when the main routers network is down?
I am looking for a data limited plan with no time restrictions like 1GB/year @1300. With your quoted plan one has to shell out 1300 every month I think.
Isn't there a scripting support on pfsense? Say, your script could unshut the 3G port when it detects the primary WAN has failed?
The TP Link router does not need to know if the main ISP is down. That will be taken care of by pfsense.
When pfsense detects that the main ISP is down, it will re route all packets to the second LAN. When there are packets which are for an external interface, the TP Link should dial up the 3G dongle and get it working. However, for a few seconds, there will be some packet loss. So, you will need to tweak the gateway details as well.[DOUBLEPOST=1439455191][/DOUBLEPOST]
Yes, but that the issue - he wants failover, which needs to keep both lines active.
- Status