PfSense and 802.11 AC MU-MIMO (wave 2)?

Discussion in 'privacy technology' started by Palancar, Mar 20, 2017.

  1. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,734
    I mentioned I was going to start this thread over the weekend. I have an older family router shooting craps. It was never designed with any expectation that it would join and support a >100-150 meg connection that is used 24/7. Those numbers would have been "mystical" 5 years ago where I live. So now I face a decision and can go two ways, which is where your input could be of assistance.

    I effectively need two different types of networks. The first and the one that if done incorrectly will cause me grief with my family, will be running exclusively wireless. Their devices have full support and work well with the wireless signal reflected in the thread title. My current router was mfg before such a signal existed. However; I have connected these devices to other family members' networks and in fact the speed is full >100 meg without any glitches even after a few hours of use. Clearly since I am replacing the router it would be crazy not to utilize the latest signal capabilities. My family has experienced it so now of course they want it. Can't blame them really. I can acquire a high end ASUS and can run either merlin or ddwrt with enough horsepower to handle all our devices with ease, assuming I don't want to run a VPN on the router. If I go this route my family is handled but I am not. Basically 300 bucks for what I like.

    Network 2 would be for me. Its all Ethernet Cat6 involving 2 vpns, then tor, then on to workspace. If I go the ASUS route above I would connect Ethernet to one router LAN port and then use a separate device for vpn1 and proceed down the line from there. I suspect this configuration is the route I will go because I need device 1 to be able to handle the encryption load of >100 meg. The homeowner ASUS is nice but won't do that for me. I have checked and they "burn down" at around 60 meg for 24/7 on a good tunnel. Of course they'll run 100 meg on an open internet, but as you know that is not an encrypted tunnel being mathematically processed.

    My other option is to go full PfSense hardware. I still need a high end AP to use that will handle the newer signal for my wireless internet. Are any of you guys running PfSense and also trying to keep a >100-150 MU-MIMO wireless running along side it? The hardware I see that handles PfSense at >100 meg is $700+ and that doesn't include the AP.

    I am lucky enough to live in a "high power" internet zone. If I lived in a place with <50 meg this discussion would be moot by comparison.
     
    Last edited: Mar 20, 2017
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,248
    I recommend a primary pfSense perimeter router/firewall, with a quad gigabit Intel server card. So you can have three LANs, one with a WiFi AP for your family. With good server NICs, there's not so much load on the CPU. And you can get motherboards with cryptographic accelerators. I don't know the hardware, but yes, it might cost several hundred USD. But hey, that stuff will last for many years.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,238
    Location:
    UK
    I take it the $700 for the pfsense box is the official hardware, yes? You can do it cheaper than that if you spend more of your time, and you'll still get a 4-8 core 2GHz cpu aes-ni with 4 integrated gige intel lan ports or you can pop on the T4 quad card for maximum offload. Obviously depends how much vpn or snort you're intending.

    I'm not using mu-mimo, just a conventional AP supporting VLAN, and much as I love my family, my priority is on the perimeter firewall at this stage. I would want an mu-mimo with VLAN support, not sure how well the current crop support that, and I'll wait till the prices subside a bit.

    Personally, I'd separate the two requirements and budgets because they're for essentially different capabilities and likely they have different lifetimes.
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,734
    In many ways it does seem like two different projects. Still thinking about this. If I could just hit the lottery this decision would be an easy one, LOL!
     
  5. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,132
    Location:
    Southern Rocky Mountains USA
    One way to do it would be to get a basic router that just acts as a gateway and that would be the one that connects to the ISP. It would just need to be able to handle the bandwidth and have enough vlan capacity to create subnets for the mimo router and the pfsense box. Wifi should be turned off, of course. Each subnet will only have one device attached and all other subnetting and nat routing will be handled by the respective devices. That should keep things separated enough and not overburden either the pfsense box or mimo router.
     
Loading...