[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 29/02/2020 15:00, Simon Avery wrote: > Funnily enough I was pondering this myself (Rural and my once fine Wifi > internet provider's performance has now dropped to sub adsl levels at > peak, so I'm going to try 4g and wanted something to load > balance/failover between two WANs whilst I decide which is better) > > I've used pfSense in the past and thought about it, downloading onto a > vm a couple of days ago. It's had a lot of the rough edges knocked off > the interface now, and the upselling for support isn't too intrusive > (yet) - so feels like a good product. I may use it like that whilst I > twiddle, but would prefer it to be homeserver or homedesktop independent. > > There is some talk about it running of Rpis and the hardware should be > ample for it, and there is an ARM version - but I don't know if it's > really been used in anger yet, and the single-nicness is a sticky point > (although VLANs might be a thing). I think some of the negativity on the > following is probably a lack of understanding, or an unwillingness to try. > > https://www.reddit.com/r/PFSENSE/comments/c6if8f/would_pfsense_run_well_on_a_raspberry_pi4/ > > > > I don't have good history with RPis for doing "proper" work > unfortunately, much as I love them. Stability sucks :[ > > > I do have a Pi4 that I use for Pihole and Backuppc (with a usb hdd caddy > attached). I spotted some voltage underrun errors in syslog and switched > to a beefier USB feed and they went away, and it's been a lot more solid > since. In fact, 100% uptime for about two months, barring power cuts > (which exposed a dead battery on my desktop one, so that's now powered > by an old tractor battery that has a quoted runtime of 35 minutes > according to the UPS, but I'd be surprised if it quits sooner than six > hours...) I end up saying this every time but have a look at opnsense before you get too invested in pfsense - I'm convinced that people only end up using pfsense because of it's visibility (it's the one general purpose turnkey firewall/gateway/router distro that everyone knows of off the top of their head). I've been using both quite heavily for years and years and there is nothing to particularly commend pfsense over opnsense. Quite the opposite actually (in my opinion, obviously). I only used pf/opnsense as an example - both are freebsd based appliances and not necessarily a good fit for the RPi ecosystem anyway. Just installing a regular lightweight linux distro and doing the routing/iptables/masquerading/DNS/DHCP stuff myself would probably work better on RPi. OpenBSD on RPi is in pretty good shape these days so that's an option too and a better fit for this kind of network job - it's not the software side that is going to be the problem though, it's the hardware limitations. You'd be ok I think for all the wrong reasons - your internet is slow enough that even a RPi3 with a USB gigabit adaptor could shunt traffic between it's two NICs fast enough (for now, hopefully you'll get higher speed internet eventually!) that it won't bottleneck. My home internet is currently managing just shy of 25MBps downstream and that's very close to the maximum throughput people have been measuring through RPI3 with gigabit USB adaptors - I know plenty of people on considerably faster fibre connections than that at home. Additionally scanning the forums/reddit/etc for the various distros that support this kind of role on RPis it seems pretty unanimous that the USB throughput limitations are pretty severe and that's before any CPU intensive stuff like VPNs or wireguard, complex firewall rules, etc. Basically all the stuff you'd obviously want on an all-in-one gateway box doing pfsense-like work. There's not a lot of reports for the RPi4 yet though, which hopefully might push performance up to a level where it wouldn't bottleneck doing 24/7 moderate pfsense-type loads even on increasingly typical high speed broadband. It's a lot to ask to be fair - especially at the price point. But I'm clearly not the only person really interested! I'd guess for your available bandwidth a RPi3 probably would be sufficient and a 4 surely would? Long term stability is the next issue though. For my scope of interest, dual NIC is critical - my use case is for a single dirt cheap "box of tricks" that I could drop into any basic SOHO network to physically isolate the cursed ISP supplied router from the rest of the intranet completely and take over standard network duties, just like you'd use a pfsense type network appliance for normally. This absolutely presumes a typical SOHO environment so zero chance of any layer 2 management features. As usual I'm looking for super cheap options basically! RPi4 plus a gigabit adaptor and a cheap-ass SSD would weigh in at under £100 and that's a much easier sell to people than convincing them to let you put in a full x86 box running pfsense and a new VLAN capable switch. There's clearly nothing else to do except test it I guess and I've got a pile of RPi3s next to me... So far I've downloaded ipfire and opnsense RPi images and will try out a handmade arch linux based setup as well I guess. I've had every generation of RPi so far (and loved them) so I'm definitely going to get a couple of 4s but will hopefully wait for Pi day sales I guess. It was puzzling me why I hadn't already bought some but then I remembered that there was an issue with the USB-C design wasn't there? I was probably going to wait until it had been fixed and the old supply backlogs had been used up and then just forget about it. If you decide to try out for doing your dual WAN tests definitely let us know, it would be really interesting to see how you get on. -- The Mailing List for the Devon & Cornwall LUG https://mailman.dcglug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq