Monday, February 17, 2014

pfSense - Network Performance

I am lucky enough to live in an area where I can get a fiber connection to my home.
I pay for 100 GB and 100 GB down.   However, I was never able to achieve this performance levels.   About a year ago I took a bandwidth speed test.    This is what I was able to get get.   My wife was on the phone (VOIP) at the time and my kids were watching Netflix.    So I had competing traffic.












At home I have been using a Dlink 665 Router for a long time, and it worked for my needs.

But then I wanted to do the following
  •  Block all DNS Query traffic that is not going to "Approved" DNS Servers.
  •  VPN into my home network.
  •  Monitor bandwidth by device on my network.
I have been researching options on what could provide provide these, including:
  • Devices
  • Aftermarket firmware for existing devices.
  • Using Linux or FreeBSD and spending hours configuring it.
After not having much luck finding something that would meet my needs, in my price range.
asked a co-worker what he used.     He pointed me to pfSense.    

pfSense is a Open Source Firewall based on FreeBSD.

I add a second NIC to an older spare machine I had.   Then I installed pfSense, it was a very easy to install.   I had it running with the base configuration, a few minutes after inserting the CD and starting the install.   

I then spent a few hours to get it configured as desired, but it was really easy.    Most of the time was spend readdressing my home network, as I desired a more structured ip address layout compared to random undocumented method that I had before.

I expected to get the features I was after, but one took me by surprise.
I noticed our connection seemed much faster than before.

So I took another speed test,  I had my son watch Netflix like he was before.










Wow!  

Granted lots of things could have changed in a years time.    So some of the differences may not be attributable to pfSense.     However, I am not about to install the Dlink 665 again to find out out the true differences.

But since I noticed the improvement, without the speed test, I thought I should post a glowing review of pfSense.     All of the features I wanted have been working really well, and it has more feature than I will ever need, allowing me to expand to meet my needs.

If you need need a better firewall at the your home or office.   It's worth looking into pfSense.




9 comments:

  1. Rob, I think one of your advertisers is serving malware. When I loaded this page, I got redirected to a page on http://comparepurchase.com that threw up this big in-your-face banner about how I needed to download a Java update.

    ReplyDelete
    Replies
    1. Thanks for the heads up, I have not seen it, but the ads were google ad sense. I just removed the ads.

      Delete
  2. So, to clarify: You replaced your Dlink 665 router with a PC running Linux + pfSense. Wouldn't that change in CPU and network card account for much of the throughput difference? Consumer level routers are not known for their processing oomph. Also, separating the wifi from the firewall device can improve router throughput in my experience.

    ReplyDelete
    Replies
    1. Basically yes. pfSense is a FreeBSD based distribution.

      Delete
  3. p.s. Damn you and your fiber home connection. :P

    ReplyDelete
  4. You have just learned that everything is better with Linux (or *BSD). :-) Now start playing with the ZFS file system and prepare to really be blown away. Oh, and Linux and BSD would have also protected Mason from his trojan Java update. :-)

    ReplyDelete
  5. All that goes to show me is how backwards things are down under. At home, the best I can get is ADSL 1, I get around 5Mbs down, 385Kbps up. I'm on a RIM, so no direct connection to the exchange. No fibre anywhere near here and not planned for anytime soon.
    At work, we have 100/50Mbit fibre, but it costs us $1200 per month, on a 2 year contract (or I could have paid $7K for install and no contract!). Australia really is a sucky place to run a business.. the costs are just too high (not just internet).

    ReplyDelete