Forum Topic

Unified PFSense Users

  • update lang mga boss:

    nakita ko na bill namin ng kuryente mula nung na-deploy ko pfsense sa bahay. mejo napaaray ako, nasa mga Php800.00 ang napadagdag! unang computation ko dapat nasa mga Php300-Php400 lang dapat madadagdag, nadoble pala (aguy!). parang gusto ko tuloy palitan nito:

    http://www.ebay.com/itm/322402624826?_trksid=p2055119.m1438.l2649&ssPageName=STRK%3AMEBIDX%3AIT

    pero palagay ko hindi lang dahil yun sa pfsense box, kasama na din yung mas naging masipag mag-net mga tao sa bahay dahil sa ramdam nilang improvement sa net (dahil sa cache, hehe).

    next nga pala para sa upgrade ng box ko, palit ng NIC, from tp-link fast pci to hp (intel chip) dual port gigabit pcie, sana gumana ng maayos.

    yung snort hindi ko na pinag-aksayahan ng oras pag-aralan pa, sobra tapang, lahat na lang ata bina-block!

    next naman openVPN, basa basa muna bago tira kapag may oras na, hehe.

    cheers!
  • ^nope, price doesnt make it, its freakin old its single core and last but not the least, not a 64bit capable processor.

    if you want pfsense you might as well get a 64bit capable processor, since pfsense is dropping 32bit on 2.4 release.
  • waaaahhhh! nung ikinabit ko yung bagong NIC, hindi na nag-boot ang box ko! puro error na lang during boot up at hindi na ma-repair, huhuhu! kaya re-install lang ang huli naging option... sayang ang naipon na cache back to zero...

    ngayon up and running na ulit pero squid at squidguard na lang muna.
  • sino nag upgrade to 2.3.3?
    pansin ko after ko mag upgrade yung traffic graph nya hindi na umabot ng 2mbps haha, pero sa speedtest 7 to 9mbps naman
  • mga sir patulong naman sa setup ko,
    ang goal maka pag setup ng PUBLIC Wifi using 1 pfsense at naka hiwalay sa office network at naka captive portal

    eto ginagawa ko,
    sa pfsense server 4 lan card
    lan card 1 = dsl1
    lan card 2 = dsl2
    lan card 3 = for public WiFi - dito naka connect yung AP problem ayaw magbigay ng internet kapag naka connect dito.
    Lan card 4 = for LAN

    naka failover/load balance na yung 2 dsl, Mukhang negative na sa VLAN daming babaguhin.

    TIA

    -- edited by dawinsm on Mar 13 2017, 05:59 PM
  • @dawinsm

    sino nag upgrade to 2.3.3?
    pansin ko after ko mag upgrade yung traffic graph nya hindi na umabot ng 2mbps haha, pero sa speedtest 7 to 9mbps naman


    pag kakaintindi ko nasa MB/s yung graph (1Mbps = 0.125 MB/s) so yung 7Mbps = 0.875 MB/s at 9Mbps = 1.125 MB/s, ok lang dapat yan.

    eto ginagawa ko,
    sa pfsense server 3 lan card
    lan card 1 = dsl1
    lan card 2 = dsl2
    lan card 3 = for public WiFi - dito naka connect yung AP problem ayaw magbigay ng internet kapag naka connect dito.
    Lan card 4 = for LAN


    almost same tayo ng ginawa, pero sa amin kasi may 2x fiber tas 1x dsl tas tig isang NIC yung LAN at WIFI.
  • almost same tayo ng ginawa, pero sa amin kasi may 2x fiber tas 1x dsl tas tig isang NIC yung LAN at WIFI.

    paanong config ang ginawa mo sa WiFI NIC interface mo?

    pag kakaintindi ko nasa MB/s yung graph (1Mbps = 0.125 MB/s) so yung 7Mbps = 0.875 MB/s at 9Mbps = 1.125 MB/s, ok lang dapat yan.

    tama nga sir, pero weird lang pag sa dashboard yung tinignan mo kb/s lang ang display .
    pero pag binuksan mo yung traffic graphs mismo don lumalabas na mbps sya

    -- edited by dawinsm on Mar 13 2017, 06:03 PM
  • Post deleted #11891316
  • ang goal maka pag setup ng PUBLIC Wifi using 1 pfsense at naka hiwalay sa office network at naka captive portal


    configure that lan 3 interface and set a static IP, eg, 10.10.10.1 (as long as its not the same subnet as your LAN is).

    now go to DHCP server and set a DHCP lease on that interface, set it as 10.10.10.100 - 10.10.10.254

    now go to firewall and set your firewall setting to allow all.
    and add a new firewall rule to block all traffic from LAN to AP (and vice versa) make sure that the block rule for LAN to AP traffic is above the allow all rule.

    once done, test internet. pag meron na net, then go setup your captive portal to bind on that interface that your AP is connected.

    -- edited by polka on Mar 13 2017, 06:23 PM
  • @dawinsm

    bali yung amin LAN is 192.168.0.x tas WIFI 192.168.254.x basta double check mu lang kung naka enable yung DHCP ni WIFI pag sa una ata naka disable. tas punta ka na sa FW rules sa WIFI tab copy ko lang yung rules sa LAN tab, tas itest mu kung may connection na yung WIFI pag meron na setup mu na captive portal set mu yung WIFI as interface niya tulad ng sabi ni polka.
  • configure that lan 3 interface and set a static IP, eg, 10.10.10.1 (as long as its not the same subnet as your LAN is).

    now go to DHCP server and set a DHCP lease on that interface, set it as 10.10.10.100 - 10.10.10.254

    now go to firewall and set your firewall setting to allow all.
    and add a new firewall rule to block all traffic from LAN to AP (and vice versa) make sure that the block rule for LAN to AP traffic is above the allow all rule.

    once done, test internet. pag meron na net, then go setup your captive portal to bind on that interface that your AP is connected.

    thanks tumpak na tumpak yung turo mo sir, tingin eto yung mali ko ( (as long as its not the same subnet as your LAN is).) same subnet yung IP na nilagay ko sa WiFi NIC,sa ngayun may net na yung public WiFi

    problem;
    captive portal working na sa cellphone,

    pero sa laptop, PC with wireless NIC, ayaw lumabas ng captive portal page authentication, pero pag naka off ang captive portal may internet naman,
    Ano kaya issued nito?

    edit...
    working na sa laptop....isa nalang, masyadong mahaba yung generated na password, ang problem ko nalang ngayun kung paano papaiksiin yung voucher password.

    -- edited by dawinsm on Mar 14 2017, 01:46 PM
  • update ko lang ,working na lahat ^_^ customize portal page with company logo, 7 character voucher length, trobolshooting lang sa firewall rules

    isa pang question, ano difference/ function Hard timeout (Minutes) ?

    1 hr free wifi lang ang pinagawa ni boss sa voucher naka set ng 60min.

    ano mangyayari kung ang hard timeout = 10min
    ma di DC ba sya? then hindi masasama yung idle nya sa 60min?

    TIA
  • Mga sir paano PO ba captive portal? Need lang ba magdagdag Ng WiFi card or magdagdag Ng router? Senya napo gusto ko PO Kasi mag sell Ng WiFi ung piso wifi..Kailangan din PO ba Ng yagi antenna Para malakas ung wifi..Thanks po
  • @dawinsm

    10 min timeout this means, any user that is inactive within certain timeout period, they will automatically logout, so if they logged in again, they need to re-input the voucher again with the remaining time they had from their last usage (+10mins for the timeout).

    I dont recommend this turning down to 1minute since this can flag false alarm to the clients, eg, 1 minute lang syang hindi nag browse sa internet kailangan nanaman nyang mag login sa captive portal. Correct example for this is CoC, even id you manage your base this and that, it only actually sync to the server every 3 minutes or you exit the game, for prolong period of time eg dahil sa laki ng base mo, baka bigla na lang lumabas yung disconnection message.


    @densarlvo

    captive portal sa pfsense is as simple as adding a separate for your wireless AP and bind that interface to Captive portal and enable it, voila, may captive portal ka na.

    for supported wireless chipset, since very limited lang ang support ng wireless chipset ng pfsense (or rather freebsd in general), you might as well go with a separate AP or reuse/repurpose a old wireless router.

    -- edited by polka on Mar 16 2017, 02:05 PM
  • may naka pag try na sa inyo ng opensense? Subukan kong mag deoploy sa bahay this weekend.
  • Greetings to Fellow TPC members.

    Crowd Sourcing for information on a project that was proposed.
    i'm helping out a small car wash with coffee shop to offer free wifi to their customers without the need of changing the password of the router Daily.

    Can i setup CAPTIVE PORTAL using PFSense on an external remote server?

    Site A Site B
    3 WIFI AP ----- Router ----- internet ----- CAPTIVE PORTAL Server
  • using pfsense I think you cant

    but you can do that with coovachili if im not mistaken.
  • Mga sir, paano mag setup ng pfsense sa virtualbox?

    dapat ba 3 physical NIC? 4 NIC kung dual WAN?
    NIC 1 = for LAN
    NIC 2 = wan
    NIC 3 = LAN side ng pfsense

    then lahat ba ito naka bridged?
  • pag pfsense, ganito setup ko

    2 NICs

    - 1st NIC for wan, adjust the networking properties of that NIC, uncheck all service, this will make the NIC just a dumb NIC that do nothing.
    - 2nd NIC config set static IP to 192.168.1.2/24 gateway and DNS:: 192.168.1.1

    virtualbox setup

    - create new virtual machine set it to freebsd as os and adjust your vhd size to your liking.
    - go to setting on the new vt profile and go to network tab
    - enable adapter 1 and 2
    - set to bridge adapter on both adapter
    - on adapter 1, choose the NIC that corresponds to your WAN interface you configured early on
    - on adapter 2, choose the NIC that corresponds to your LAN interface you configured early on
    - click on advance, set both interface to intel pro 1000 mt
    - promicious mode, allow all on both interface.
    - mac address leave as is
    - click ok
    - now install/load pfsense on that virtual machine.
  • ^ sir Polka,

    Pansin ko 2 NIC lang ang ginamit mo,

    What if yung HOST PC mo may application din , like sample webserver, DHCP server etc.
    bali share yung adapter 2 mo ng function gateway at application ng HOST pc?
  • ^it should pass through since naka state dun sa NIC 2 yung gateway IP ng Pfsense (default IP ng pfsense). kaya nga sinet ko yung promicious mode nya to allow all.

    eto tinest ko lang since yung steps na ginawa ko earlier scratch lang from brain.




    as expected it works.

    also may mali sa step ko, sa wan interface make sure to enable virtualbox bridge network adapter.

    -- edited by polka on Mar 20 2017, 06:52 PM
  • ^ thanks sa mag test sir,

    isa pang question, hindi kaya magkaroon ng bottleneck sa LAN/network since iisa lang yung NIC na gagamitin sa LAN side ni pfsense at sa Host?
  • technically none, since the traffic doesnt goes through the NIC it self.

    test it for your self, just download something, you will see that the activity light on your NIC on the LAN side is steady even though youre making traffic.

    oh well this is just common sense in virtualization.

    also forgot, there's a caveat on my config, if for some reason that NIC2 (LAN) is not connected to switch or just plainly disconnected, the host will also loose connectivity to pfsense. so just make sure that youre LAN side is constantly connected to switch.
  • ^ Sir polka, thanks for that info laking tulong sir,

    i think i got all the info na kailangan kung makuha,
    now its time to test, pag success i bi VM ko nalang yung PFsence ko, para bawas PC sa server.
  • Mga Sir hingi lang po ang comment sa inyo
    I plan to build a pc with pfsense to serve as my main router, the CPU is Core2duo E7600, may NIC po na intel na gigabit and I plan to add another one. May spare ako na 4gb ddr2 na ram. Ok na po ba ito and regarding sa electricity malakas kay ito if 24/7 naka open yung pfsense. Medyo bago pa lang ako sa pfsense kay mangangapa pa ako sa pag setup
  • go for atom base mas matipid sa kuryente
  • yeah marami naman atom dyan, if your pair that atom board with picopsu, it should consumer around 18-20watts based on a diamonville atom processor (atom 230 and 330) pineview is much more efficient (d410, d510) and can consume around 14-17watts, baytrail chipset can consume around 8-12watts (j1800 or j1900)

    I can still remember that a d510 motherboard can powerup using picopsu and 12v 2amp power adapter (with no hard drive) which can power up just fine with pfsense with dual port intel nic, and flash drive as your pfsense boot drive.
  • Salamat sa info baygel and polka, hanap ako meron yata ako dito
    Last question yung PCIEx16 slot for video card pwede ba lagyan ng PCIE NIC? Balak ko bumili ng intel dual gigabit NIC, yung motherboard ko may 1 x PCIEx1, 1 x PCIEx16 and 2 PCI slots
    Salamat!

    -- edited by istanbul on Mar 24 2017, 11:44 PM
  • ^ There's also Intel J1800/J900 boards (or maybe AMD E350/450 too) floating around.
  • Meron pala ako Intel Atom 330 and yung mobo gigabit ethernet na din pala sakto may pci intel gigabit NIC din ako
    ano minimum storage an kailangan for a router mode? and may perfromance difference ba ang 1gb and 2gb RAM?
    Balak ko gumamit ng squid and baka mag snort din plus yung throttling