pfsense
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
pfSense now on ARM!!!
>pfsense
>open source tailored version of FreeBSD for use as a firewall and router with an easy-to-use web interface
https://twitter.com/gonzopancho/status/735704319874371584
>>54750896
Would be nice if I could replace my dlink firmware with this someday.
>>54750896
So the Raspberry Pi has a real use now?
>>54750938
pfSense is not for you unless you want to do that to practice routing and firewall rules for a larger company
you might be looking for openwrt
>>54750962
not unless it has dual 1Gbit NICs
for WAN and LAN
>>54750896
Call me when it supports MIPS
>>54751024
>MIPS
why? what would that bring?
>>54751067
Same thing it brings for ARM, support for machines using said architecture.
>>54751099
never heard of MIPS
ARM is everywhere...
>>54751106
>never heard of MIPS
Get out
what's the use of such a secure OS if the processor / components around it are tracking you botnet-style anyway?
>>54751106
Why are you here?
>ARM is everywhere
So is MIPS, especially in networking devices.
>>54751119
>>54751130
Where exactly should have I heard of it? What kind of articles?
Where is it present? Where is it discussed?
What distros can it run? What OSs?
Does it have its version of raspberry pi?
why should anyone care?
>>54751130
summer seems to come earlier these days
>>54751159
>Where exactly should have I heard of it?
When you found out there were more architectures than ARM and x86
>Where is it present?
Old workstations and servers, set top boxes, SBCs, microcontrollers, routers, etc.
>What distros can it run?
Debian, Gentoo, Angström, Arch, just off the top of my head
>OSs
Linux, OpenBSD, FreeBSD, NetBSD, IRIX, a few others
>>54751106
They are just being pedantic for the sake of it. Don't worry.
>>54750964
>pfSense is not for you unless you want to do that to practice routing and firewall rules for a larger company
>you might be looking for openwrt
You should have said pfsense is not for you unless you want to do things the right way.
>>54751376
No we aren't.
>>54751159
>why should anyone care?
They want to understand how the world works beyond "muh cellfooone and muh rapsberry pie".
>guys, I didn't know green was a color. What does it matter? What can it do that red or blue can't? Why should I care?
>>54751403
Being pedantic is all /g/ does every time. Either because they are self absorbed autists or just to fit in.
>>54751434
nah
>>54751106
Many home/consumer wifi router runs on MIPS, because it's cheap.
>>54751403
>>54751422
lets say they just announced the support for MIPS architercture 3 minutes ago
What will you do now with this good news?
>>54751448
You haven't been here long enough then.
>>54751459
Think neat, now I can use pfsense
>>54751477
In your Leemote Yeeloong autismbox?
>>54751509
Sadly I haven't gotten my hands on any Lemote hardware yet. Anyway why would I run pfsense on a laptop?
>>54751529
>Anyway why would I run pfsense on a laptop?
You could use it as a Stallman-approved router
>>54751558
No shit, but it's a laptop, if I had one I wouldn't be using it as a fucking router.
>>54750896
Question:
Did you buy a computer and throw a bunch of nic in it? or did you install this to a current router?
>>54751577
Then what the fuck do you want pfsense on MIPS for? Any decent router has an ARM processor.
>>54751612
MIPS exists outside of Lemote hardware.
>>54751630
You keep avoiding the question.
>>54751712
Actually alot of new MIPS hardware came out like the creator ci20 or some boards from NXP, they are preferable because the licenses are less locked down
>>54751712
No I don't, I answered it posts ago, it's not my fault you're asking again.
>>54750989
Not everyone has gigabit service anon.
>>54751612
>Any decent router has an ARM processor.
No 'decent' router has ARM period.
Some cheaper but passable routers are MIPS.
>>54751612
https://wiki.openwrt.org/toh/views/toh_dev_instructionset?dataflt%5B0%5D=instruction%20set_%3DMIPS32
Pretty much anything below 32MB RAM runs on MIPS.
>>54751067
lots of SOHO routers use MIPS, i've personally only seen MIPS in them
mine;# cat /proc/cpuinfo
system type : Atheros AR7161 rev 2
machine : NETGEAR WNDR3700/WNDR3800/WNDRMAC
processor : 0
cpu model : MIPS 24Kc V7.4
BogoMIPS : 452.19
>>54751906
mine >>54751915
has 128M ram
it might barely run pfsense, if a MIPS version was available, the ROM is obviously too small, but this router has a usb port, which would fix that issue# cat /proc/meminfo
MemTotal: 126148 kB
>>54751067
Support for more routers.
>>54751915
Given that openwrt support about 1000 MIPS device compared to around 150 ARM device, i'm pretty sure MIPS are majority in consumer routers.
>>54752014
Yet how many enterprise routers use ARM?
I've not seen any.
I'd wager there isn't any...
>>54752014
i'd imagine they're targeting ARM due to the increasing popularity of ARM single-board computers (like the rpi series)
though it'd be nice to see perhaps a slimmed-down/modular version for common MIPS soho routers, as a competitor to openwrt
Question:
Will a dual-core Bobcat APU cut it as a pfsense router that needs to handle 4 1 Gbps connections and run a VPN?
>>54752081
The problem is none of those single board computers have dual ethernet.
RasPI is easily the worst too, with USB ethernet from the get go.
>>54752106
Probably not.
You'd be better off looking at AM1 or even some cheap CherryTrail-T system.
>>54752111
you realize relatively few people have internet access that fast, right?
even the rpi could handle my internet connection
as far as cheap/small single-board computers go, the odroid-xu4 is probably the best for high-speed networking, it has two usb3 host controllers, one internally connected to an ethernet controller/connector, just add another usb3>GbE adapter and that should theoretically do gigabit routing
>>54752158
it's onboard ethernet is gigabit also, to clarify
>>54752130
What about a dual-core Avoton C2358? Do I really need a quad core C2558 for handling 4+ 1Gbps connections with port teaming and VPN?
And what about 2 10Gbps connections? I think the Avotons have enough PCIe lanes to support a dual 10Gig NIC.
>what do you even need 10Gigs for
Transferring massive files between two rendering stations and a NAS to back them all up
>>54752158
Dual USB ethernet is going to add latency, even if the CPU can handle the throughput.
It doesn't need to be dual gig-e (although for futureproof that might be nice) dual 100/100 is fine.
Fuck USB ethernet though, at that point you'd be better off buying an old MIPS router and forgetting ARM like most of us have already said.
ARM is a generally a bad choice for routers, simply because of what's available.
If more ARM boards with dual (or more!) ethernet were available on the cheap, we'd be having a different thread right now.
>>54750896
TODAY IS A GOOD DAY.
>>54752183
why do you need that on your router? use a switch
>>54752183
Avoton doesn't need PCI-e for dual 10gbps, I'm pretty sure it has that anyway(MAC) (OEM just has to put the appropriate PHY)
Also, anything Avoton should be fine for purpose - unless the OEM actually went out of their way to fuck shit up with a realtek pci-e nic, you're going to have at least 2x Intel NICs with full offloading.
The CPU has AES extensions so providing your VPN uses AES for encryption, you don't even need to spend CPU cycles there either.
Stuff it full of RAM and off you go.
>>54752203
I have a router for handling internet connections, but I need a machine that hosts a VPN that I can access outside of my home office, but also needs to serve as a separate switch for both of the workstation computers and the NAS backing them up. And the closest OTS router that can do that for me will cost upwards $600.
>>54752221
>Avoton doesn't need PCI-e for dual 10gbps
It does, because there are no Avoton boards that have dual 10Gig NICs built in. You need to buy an add-in board for that.
>>54752241
just get a router you can run openvpn if your current one can't. openwrt at least can be configured as an openvpn server
and just use a switch for lan transfers
>>54752345
I don't want all of the computers in my network to be connected to that VPN, I just need the workstations and the NAS. That's why I'm separating the network into two segments, with the new router serving as the primary switch/VPN host for the second network.
>>54752401
i don't have much experience with VPN's, but i imagine you can just as easily segment the network logically, rather than doing it physically
>>54750896
ooh interesting, might well look into that
>>54752496
I'd do it with VLANs, except that it's not physically possible in my house (thank you, 50's built-for-nuclear-blasts construction). That's why I'm resorting to a physical router/VPN to make the second half of the network.
>>54752568
oh well, sounds like you're sure of what you need, i wish you luck finding what you need
>>54752345
Is that the HERD logo?
>>54752604
But no one's answered if the dual core Avoton is strong enough to handle dual 10Gbps connections along with 4 1Gbps connections without reducing bandwidth on any of those ports.
>>54752401
Yes Alex I'll take what is a vlan for 1000
>pfSense
>not opnSense
it's like you hate yourself or something
>>54752650
>>54752568
I can't make holes in my walls to circumvent the need to have 100+ ft cables going from my basement (which is the only place the cable company put their connection), up my stairs, down a hallway, and into my office. Whoever design my house either wanted to fuck with me or had a severe lack of foresight.
Trust me, I'd rather do it with VLANs, but it's not physically possible in my home.
>>54751607
you can either do that or get one of those specialized embedded computers like a soekris or something
>>54751106
>>54751159
> what distros can it run ?
Seriously GTFO normie, you dont have a clue what the fuck people here is talking about
>>54750989
.1q encapsulation support is built-in already. If you have 50Mbps service or less, you should be able to do wire speed with a pi.
>>54753931
Unless you also have multiple subnets set up and no l3 ''''''''''''switches''''''''''''''. Ya no, this is just retarted
Affordable ($69) ARM SBC for router use coming through.
>>54754152
damn this looks cool. specs? link?
>>54754187
https://mqmaker.com/product/witi-board/
2x Gigabit WAN ports
4x Gigabit LAN ports
It has a Mediakek SoC though.
>>54754225
fuck, could've been something great, mediatek tends to be a locked down piece of shit
Thanks, but i'll keep using my x86 (K6 system) Gentoo router for the next ten years also.
>>54754276
I think ODROID has a board coming soon with two Gigabit ports and SoC that actually has proper Linux drivers.
You'd need a separate switch, but it'd work fine as a router.
>>54754225
Serious question: at the hardware level, is there any fundamental difference between WAN and LAN ports or are all the differences at the OS configuration level. What stops me from making IP tables that route differently from the default wan/lan config?
>>54754152
If only I could install a SATA controller card, that will be my next router/NAS
>>54751067
Yeah seems like ARM support is a waste considering very few single board computers are built with multiple Ethernet ports. Meanwhile a fuck ton of routers are MIPS based.
>>54754325
It has a SATA port.
>>54754406
Can you actually put the boot partition on a SATA drive or is it silly like AllWinner ARM SoCs?
>>54754442
idk, probably not
>>54754406
Yeah but I need at least 4.
If supports port multiplier, I'm happy.
>>54754488
IT only has two.
>>54751159
Your router.
Any distro you can compile for it, which is every distro.
>>54751067
my routerroot@GL-MT300A:/# cat /proc/cpuinfo
system type : MediaTek MT7620A ver:2 eco:6
machine : GL-MT300A
processor : 0
cpu model : MIPS 24KEc V5.0
BogoMIPS : 385.84
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp
shadow register sets : 1
kscratch registers : 0
package : 0
core : 0
VCED exceptions : not available
VCEI exceptions : not available
>>54751459
>lets say they just announced the support for MIPS architercture 3 minutes ago
>What will you do now with this good news?
Run pfSense on $30 networking devices that work really fucking well.
>>54752106
>Question:
>Will a dual-core Bobcat APU cut it as a pfsense router that needs to handle 4 1 Gbps connections and run a VPN?
If you expect to push data through a vpn tunnel near 1Gbps you're going to need a modern XEON or encryption accelerated hardware, plus a lot of tuning in pfSense.
>>54751864
Retard.
>>54754967
pfsense recommend 1GB RAM (minimum 256MB) and 1GB disk space to run, so most cheap network device are already out.
>>54750896
Trash BSDRP is better.
>>54751558
>>54751558
Stallman never approved pfsense, pfsense is also clunky as fuck.
If you want to learn start with FreeBSD + BIRD or bsdrp and DN42 is pretty cool if you find a BGP buddy
>>54752671
>>pfSense
>>not opnSense
>it's like you hate yourself or something
Fuck off, Stallman.
>>54756218
what
both use a freebsd base
actually what i would like to see is an openbsd spinoff in the style of pfsense, because openbsd actually has the better pf
will see if something comes out that can beat Ubiquiti ER-X
>5 interfaces
>$50
they sure have no chance in hell beating their commercials
https://www.youtube.com/watch?v=v2OL5uLEclk
>>54751159
>never heard of x
>don't know anything about the subject
>hurrrdurrr who even needs it I've never seen it durr
What the fuck kinda logic is that man.
>>54754225
>mediatek
Goes in the trash!
>>54756483
>purchasing a shitty prosumer router because of the commercials.
No one wants your shitty routers, stop trying to shill them every thread.
>>54750896
Just buy a Netgate your poor fucker
>>54750896
Oh cool too bad there's no ARM hardware I want to run it on.
>>54751067
Generally consumer edge appliances are using MIPS.
>>54760949
Edge routers are pretty good, why the hate? I'm definitely putting one in my house where I don't need pfSense/Sophos.
