I've been running pfSense for almost 7 years. Currently it's on a Qotom mini PC with i5 CPU, 4 GB RAM, 32 GB SSD and 4 1 Gb Ethernet ports. I have a VLAN for my guest WiFi, test LAN, connection to a Cisco router, OpenVPN server, DNS resolver, NTP server and more. I am quite happy with it. I'm also a regular participant on the pfSense software forum, where I'm a bit of an expert on using pfSense with IPv6. Fortunately, my IPv4 host name, from my ISP doesn't change, unless I change hardware, so I have an constant host name for connecting with OpenVPN and don't have to worry about DynDNS. I also have some of my IPv6 addresses on an external DNS server.
WOAH, Last night while staring into the blinky lights of my switch, listening to droning hum of my server fans, and rigioulessly running speed tests I was prayed to network gods in hopes that they would increase my network speed. when that didn't happen I was toataly thinking: Brett's network must be soo coool.
Last month, after getting annoyed trying to get vlans going on my router running asuswrt-merlin, I just pulled the trigger on an intel Celeron fanless box from alixpress... Loaded up pfsense and have let the cash hemorrhage rip as I went down the rabbit hole of upgrading the entire network.. Next month I'm getting a spool of cat6 and hitting the attic to replace some damaged cat5e cables and to add a few more drops. Your channel has been a huge help. Cheers!
Great video! I've been running pfSense on an older PC and it's great, but I've just barely scratched the surface on all it's capable of. I really have a lot to learn with it.
Nice. The only problem is “guessing” what any rule is for or not having a good description or documentation for your firewall setup. Config backups can also be acceded through the GUI as every change gets recorded and can be restored to that state. Btw, pfsense is not an “operating system”. FreeBSD is the OS under pfsense, which is a bunch of packages, scripts and code on TOP of FreeBSD.
I just wanted to say thank you for explaining this. I am currently trying to build my PfSense box now and trying to learn all of this info. Thanks Buddy for this.
I am on OPNsense. I did PFsense for a while and had an issue and tried OPNsense. (I think the issue was me) But anyway, it works and just stayed on it! They are both very similar. I really loved this video. Lots I'm trying to do and learn and this helped me gain some clarity.
I've been using pfSense since 2013, and it's by far the best firewall platform I've ever used. I hear so much stuff from people saying "pfSense sucks" or to use OPNsense, but for me there's literally no reason to switch. I tried OPNsense and can't get past the interface. OPNsense does nothing for me that pfSense doesn't already do. pfSense for life!
I think this is great. I have been doing (trying to do) a lot of this same stuff. A light went on that you had done this,I went back and rewatched and it was really helpful. Especially the "specify a gateway" at 15:25. I would be interested in more of this or the line by line of setting it all up.
I just "discovered" your channel - super nice. I don't use pfsense but opnsense - but 90% is the same - just "vertical" instead of "horizontal" menu ;-)
Great video. Long time pfSense user here. Any reason you are using Pi-Hole over pfBlockerNG? Same functions just built straight into Resolver and you can turn off forwarding by eliminating the Pi-Hole.
Great Stuff. Do you have a video on setting up a VLAN to keep my man PC away from IOT devices as well as other PCs on the my home network, with PFsense?
Hi, thank you for this info. All these firewall rules are related to interVLAN communication. But what about rules for incoming traffic? Is pfsense having a standard set of rules for this. Is everything closed? Bit confused about this.
Great overview. I would like to get your opinion on firewalls. I don't need many of the features of PFsence, but I would like a "strong" firewall. I am using an edge router X now. Do you think the edge router is a good firewall. If not what will you recommend. As always great information in your video.
an update on my lab - I have followed your tutorials to the point and I have a nice Proxmox server with Truenas, Jellyfin, Pihole, PFsense.. Setup a cloudflare argos tunnel and setup my domain to access my server/apps.. I am just beside myself how EASY you made it for me.. PLEASE PLEASE make a playlist on your channel if you could, where you could list the videos in chronological order of setting up a home lab from scratch so no need to search through your videos to see what the next step is :) THANK YOU AGAIN!!! YAYAYAYAYA!
Been subscribed for a while. Love the information you share, and your style of humor! Did you follow a specific guide (or guides) to set this up (and if yes, can you list your recommended guide(s)) you preferred to use? I know there is a lot of information online, but your home-lab setup is similar to mine (proxmox, synology, unifi products etc. I just haven't jumped into the pfsense world yet (even after spending many hours watching vids, reading reviews, etc. etc.). Cheers!
Lawrence Systems is a great channel for some pfSense content and where I started my journey. If you wanna join the discord I can share more about my setup there.
@@RaidOwl Awesome. I'm very familiar with Lawrence systems channel (am a subscriber to them as well). They're good, but much of his stuff is focused on business centric setups. Your stuff is geared towards homelab, which is why your channel is awesome! I'll check out your discord. Cheers.
Howdy. I appreciate your videos. I'm late to the party. I have a Protectli with Pfsense on it. And a tplink tl-sg1024DE behind it. At this point I think I want/need 5 or 6 VLANS. Would you recommend having pfsense to control the vlans and trunk to the tp link switch OR have the switch to handle the vlans?
Hey this video has helped me out a lot. I have just 1 question. I have setup up 2 pia sites 1nyc/2texas. How would I route certain device’s over both location?
@@RaidOwl cool! Thanks! So how many network ports does it need altogether? I'd assume 2 for the VM itself, with one connected to your modem and the other to something like a switch or wireless AP. Do you also need a third port for the host, or can it connect to the VM another way?
@@B13ro 2 is the minimum (1 for WAN and 1 for LAN). There are quite a few guides on how to setup pfSense virtually on a host, those may be able to help you out.
@@RaidOwl Thank you! This is on my list (you know, the homelab to-do list that grows by 2 or 3 items every time you check 1 off), so I'll look those up when I get to it. Keep up the great videos!
I've been curious on switching to a netgate device from my hp server running pfsense. Though from reading the sales page. Is it really limited in ipsec encryption such as wanting to do aes 256 or chacha (if I remember that right). Seems you have to buy the more expensive one to get more options unless I'm reading it wrong.
Thanks for the video! Have you ever played with PFBlockerNG (I know you mentioned Pihole already) and Suracata/Snort (For IDS/IPS)? I find there aren't many tutorials out there to show how to set this up and use it properly. I also wish PFSense had a way to host the Unifi Controller as an add-on service, instead of needing a separate container or VM on another machine.
All I can say is don't bother with ids, the security is too small to pay the price of processing power and endless hours of tweaking filters. While I have not used Pfblocker It's definitely worth it, I believe Tom from Lawrence Systems has something on it.
I too have issues with the DNS resolver / Unbound in pfSense. I had to turn on the forward option to disable the direct pull of DNS from root domains. It seems to happen more on AT&T internet services (VSDL/Fiber) one part is a connection with no response from the root servers filling up the NAT table in their service gateways. The NVG 589 for example only has 4k entries even if you use passthrough it still takes a session from the box. I saw really bad issues when my State Table in the pfSense box go near 4k entries and 1/2 of them were requests from my DNS with no response. I don't know if AT&T is blocking or there is something with the IP passthough since there is no native bridge mode in AT&T equipment.
Great video. I have tmobile home internet and want to access my plex outside my home. I think pfsense is the solution using noip. Any feedback would be appreciated.
I just got the new mochabin and need to replace my trusty Opnsense. I'm just debating on what OS I should go with. OpenWRT, a custom build of VyOS or vanilla Linux either Ubuntu, Debian or RHEL. Hard choice 🥴 (I'm knowledged with routing so either choice will be fine)
Thanks for sharing! Have you ever used the NAT tool? I followed 2 different guides and I still can't get the NAT type on my Xbox to change from strict.
I'm having the following weird issue on my home network doing Jack Sparrow's stuff 😂🤣. I have a TCP\UDP port open to it I check port status only and it says its open. Go to my Torrent app and it says is close but that I can still download stuff. If I get the download started on another ISP and then continue through my pfsense router it does it with no issues. However if it is a new fresh download it won't start on my pfrouter. I have never seen anything like this. Has anyone seen something similar?
Is there a network simulation tool which I can use to first build a simulation for my homelab network and test before actually implementing it. May be something like cisco packet tracer but with the ability to use pfsense etc
Why is this preferred over OPNSense that has a more ethical history? I havent figured out why some people prefer Pfsense. I am trying to figure out what I would be missing out on.
its not, pfsense just had better marketing and became more popular. essentially, they're almost identical, if you know one, you'll be easily able to use the other right away. OPNsense has more frequent updates and in general the company behind it, is more transparent to the community.
@@DarkNightSonata That was my association was that OPNSense has had less scandal's and more transparency, but pfsense is bigger overall it seems. I am curious if they are less transparent, but more people arent moving to OPNSense by now LOL Sticky habits I supposed.
One thing I notice adding PIA_VPN as gateway and splitting the traffic for some VLANS is if the VPN drops or became unavailable It will drop the connection to everything... Package loss for both WAN and VPN, seems to be a issue with pfsense. Any advice?
I've been running pfSense for almost 7 years. Currently it's on a Qotom mini PC with i5 CPU, 4 GB RAM, 32 GB SSD and 4 1 Gb Ethernet ports. I have a VLAN for my guest WiFi, test LAN, connection to a Cisco router, OpenVPN server, DNS resolver, NTP server and more. I am quite happy with it. I'm also a regular participant on the pfSense software forum, where I'm a bit of an expert on using pfSense with IPv6. Fortunately, my IPv4 host name, from my ISP doesn't change, unless I change hardware, so I have an constant host name for connecting with OpenVPN and don't have to worry about DynDNS. I also have some of my IPv6 addresses on an external DNS server.
WOAH, Last night while staring into the blinky lights of my switch, listening to droning hum of my server fans, and rigioulessly running speed tests I was prayed to network gods in hopes that they would increase my network speed. when that didn't happen I was toataly thinking: Brett's network must be soo coool.
Last month, after getting annoyed trying to get vlans going on my router running asuswrt-merlin, I just pulled the trigger on an intel Celeron fanless box from alixpress... Loaded up pfsense and have let the cash hemorrhage rip as I went down the rabbit hole of upgrading the entire network.. Next month I'm getting a spool of cat6 and hitting the attic to replace some damaged cat5e cables and to add a few more drops. Your channel has been a huge help. Cheers!
Super helpful to folks out there justed with pfsense. Your time and effort is very much appreciated.
16:04 captan jack sparrow stuff 🤣 very well put sir. just found this channel and the vibes are already awesome
Great video! I've been running pfSense on an older PC and it's great, but I've just barely scratched the surface on all it's capable of. I really have a lot to learn with it.
Nice. The only problem is “guessing” what any rule is for or not having a good description or documentation for your firewall setup.
Config backups can also be acceded through the GUI as every change gets recorded and can be restored to that state.
Btw, pfsense is not an “operating system”.
FreeBSD is the OS under pfsense, which is a bunch of packages, scripts and code on TOP of FreeBSD.
Really like this compared to a lot of videos on the topic because there is as much "why" as there is "how".
Yeah I wanted this to be a bit less technical that a regular tutorial vid
I just wanted to say thank you for explaining this. I am currently trying to build my PfSense box now and trying to learn all of this info. Thanks Buddy for this.
I am on OPNsense. I did PFsense for a while and had an issue and tried OPNsense. (I think the issue was me) But anyway, it works and just stayed on it! They are both very similar. I really loved this video. Lots I'm trying to do and learn and this helped me gain some clarity.
For me pfsense is always lacking a nic driver. Opensense just works with more devices.
This is great! I love the 5000 ft view to see how everything fits together. I get lost during single topic in depth videos sometimes.
I've been using pfSense since 2013, and it's by far the best firewall platform I've ever used. I hear so much stuff from people saying "pfSense sucks" or to use OPNsense, but for me there's literally no reason to switch. I tried OPNsense and can't get past the interface. OPNsense does nothing for me that pfSense doesn't already do. pfSense for life!
I think this is great. I have been doing (trying to do) a lot of this same stuff. A light went on that you had done this,I went back and rewatched and it was really helpful. Especially the "specify a gateway" at 15:25.
I would be interested in more of this or the line by line of setting it all up.
I just "discovered" your channel - super nice. I don't use pfsense but opnsense - but 90% is the same - just "vertical" instead of "horizontal" menu ;-)
You are quickly becoming one of my preferred youtube tech channels Brotein Shake.
You’re becoming one of my preferred viewers 😘
Great video. Long time pfSense user here. Any reason you are using Pi-Hole over pfBlockerNG? Same functions just built straight into Resolver and you can turn off forwarding by eliminating the Pi-Hole.
Great Stuff. Do you have a video on setting up a VLAN to keep my man PC away from IOT devices as well as other PCs on the my home network, with PFsense?
I actually woke up with that thought "i need to figure out how to setup my pfsense" lmao, thank you for the video
Hi, thank you for this info. All these firewall rules are related to interVLAN communication. But what about rules for incoming traffic? Is pfsense having a standard set of rules for this. Is everything closed? Bit confused about this.
Great overview. I would like to get your opinion on firewalls. I don't need many of the features of PFsence, but I would like a "strong" firewall. I am using an edge router X now. Do you think the edge router is a good firewall. If not what will you recommend. As always great information in your video.
Keep up the great work my friend!! You're an inspiration to us all!!
an update on my lab - I have followed your tutorials to the point and I have a nice Proxmox server with Truenas, Jellyfin, Pihole, PFsense.. Setup a cloudflare argos tunnel and setup my domain to access my server/apps.. I am just beside myself how EASY you made it for me..
PLEASE PLEASE make a playlist on your channel if you could, where you could list the videos in chronological order of setting up a home lab from scratch so no need to search through your videos to see what the next step is :)
THANK YOU AGAIN!!! YAYAYAYAYA!
The style of humor/comedy here mixed with nerdy dweeb shit is right up my alley
"Limit your guest to 10Kbit/s, and then they'll want to go home.........perfect!" haha, a man after my own heart
Been subscribed for a while. Love the information you share, and your style of humor! Did you follow a specific guide (or guides) to set this up (and if yes, can you list your recommended guide(s)) you preferred to use? I know there is a lot of information online, but your home-lab setup is similar to mine (proxmox, synology, unifi products etc. I just haven't jumped into the pfsense world yet (even after spending many hours watching vids, reading reviews, etc. etc.). Cheers!
Lawrence Systems is a great channel for some pfSense content and where I started my journey. If you wanna join the discord I can share more about my setup there.
@@RaidOwl Awesome. I'm very familiar with Lawrence systems channel (am a subscriber to them as well). They're good, but much of his stuff is focused on business centric setups. Your stuff is geared towards homelab, which is why your channel is awesome! I'll check out your discord. Cheers.
great video thank you. how do you tell a device what vlan you want it to go on please say your setting up a alexa device
Do you recommend this for a 10g network?
cheese factor of 10 here - opnsense is a fork and much better licensing - opnsense is way to go
Dude this is a great channel! I'm glad I stumbled upon this
System > General setup > Theme > pfSense-dark yw :P also great vid, ty :D
Light mode wakes me up in the morning lol
Nice good and relaxing explanation of firewall stuff thanx
Howdy. I appreciate your videos. I'm late to the party. I have a Protectli with Pfsense on it. And a tplink tl-sg1024DE behind it. At this point I think I want/need 5 or 6 VLANS. Would you recommend having pfsense to control the vlans and trunk to the tp link switch OR have the switch to handle the vlans?
Hey this video has helped me out a lot. I have just 1 question. I have setup up 2 pia sites 1nyc/2texas. How would I route certain device’s over both location?
Great video! I was wondering, can pfsense run in a VM? What are the pros and cons of doing it that way?
Yeah it can! You just have to pass through enough network ports. Then you have to worry about the host going down and bringing down your whole network
@@RaidOwl cool! Thanks! So how many network ports does it need altogether? I'd assume 2 for the VM itself, with one connected to your modem and the other to something like a switch or wireless AP. Do you also need a third port for the host, or can it connect to the VM another way?
@@B13ro 2 is the minimum (1 for WAN and 1 for LAN). There are quite a few guides on how to setup pfSense virtually on a host, those may be able to help you out.
@@RaidOwl Thank you! This is on my list (you know, the homelab to-do list that grows by 2 or 3 items every time you check 1 off), so I'll look those up when I get to it. Keep up the great videos!
I've been curious on switching to a netgate device from my hp server running pfsense. Though from reading the sales page. Is it really limited in ipsec encryption such as wanting to do aes 256 or chacha (if I remember that right). Seems you have to buy the more expensive one to get more options unless I'm reading it wrong.
Thanks for the video! Have you ever played with PFBlockerNG (I know you mentioned Pihole already) and Suracata/Snort (For IDS/IPS)? I find there aren't many tutorials out there to show how to set this up and use it properly. I also wish PFSense had a way to host the Unifi Controller as an add-on service, instead of needing a separate container or VM on another machine.
I think there is a way as u can SSH into the device and use the linux there ... as its linux FREEBSD at backend .. u can try lol ...
All I can say is don't bother with ids, the security is too small to pay the price of processing power and endless hours of tweaking filters. While I have not used Pfblocker It's definitely worth it, I believe Tom from Lawrence Systems has something on it.
@@PrazinBhaktaShrestha pfSense isn’t based on Linux. It’s based on FreeBSD, and FreeBSD is not Linux.
Nice set up. Mine is very similar, except I don't have a privacy VPN. I don't practice safe piracy. I drink the rum straight from the bottle.
I too have issues with the DNS resolver / Unbound in pfSense. I had to turn on the forward option to disable the direct pull of DNS from root domains. It seems to happen more on AT&T internet services (VSDL/Fiber) one part is a connection with no response from the root servers filling up the NAT table in their service gateways. The NVG 589 for example only has 4k entries even if you use passthrough it still takes a session from the box. I saw really bad issues when my State Table in the pfSense box go near 4k entries and 1/2 of them were requests from my DNS with no response. I don't know if AT&T is blocking or there is something with the IP passthough since there is no native bridge mode in AT&T equipment.
I've also had a pfSense firewall for years, right behind my provider router. They only see my phones and a single device, my firewall 😉
Great video. I have tmobile home internet and want to access my plex outside my home. I think pfsense is the solution using noip. Any feedback would be appreciated.
I just got the new mochabin and need to replace my trusty Opnsense. I'm just debating on what OS I should go with. OpenWRT, a custom build of VyOS or vanilla Linux either Ubuntu, Debian or RHEL. Hard choice 🥴 (I'm knowledged with routing so either choice will be fine)
Thanks for sharing! Have you ever used the NAT tool? I followed 2 different guides and I still can't get the NAT type on my Xbox to change from strict.
0:00 surprisingly that's exactly what happened
I'm having the following weird issue on my home network doing Jack Sparrow's stuff 😂🤣. I have a TCP\UDP port open to it I check port status only and it says its open. Go to my Torrent app and it says is close but that I can still download stuff. If I get the download started on another ISP and then continue through my pfsense router it does it with no issues. However if it is a new fresh download it won't start on my pfrouter. I have never seen anything like this. Has anyone seen something similar?
My pf sense always blocks Outlook emails .
But work well after a reboot .
For about hour.
What might be the problem
Now we takin', finally something interesting :)))))))
I'd like to know how you connect your Macbook to the box and use the screen and keyboard as input. Do you have a video on that?
You just connect to the web ui via the gateway address
Hello .. do u have a video guide how to configure vpn client setup? Or other vpn provider? Just bought sg1100 but I stuck at vpn
How to create openvpn in pfsense and restrict my openvpn users to allow access to only specific ip? Please share how i can do this
I've heard there's issues with pfsense and upnp for online gaming ports. Have you run into any issues in that area?
I don’t use upnp so I can’t really speak to that
Just set it on DMZ. Easy
Nice one man. :D Love it. :D
I'm currently use pfSense but having issue with port forwarding sume of game..
Is there a network simulation tool which I can use to first build a simulation for my homelab network and test before actually implementing it. May be something like cisco packet tracer but with the ability to use pfsense etc
Interesting that you run your Guest Portal through Unifi and nor Pfsense
hi
can you pls tel me how to configure secondary wan configuration
Excellent
Great guide!
great work!
Sir that's a great content for pfSense. Sir when explaining the traffic, it will be easier for understanding.
Good video man, we need to convert you to FruitLoops tho !
Lol fruit loops still hold up to the test of time. Fruity pebbles tho…
@@RaidOwl mmmmmmmmm NOW i'm hungry !!
surprised at all the HA proxy setup considering you also have a video on cloudflare tunnels.
That’s for all my CGNAT peeps
Why is this preferred over OPNSense that has a more ethical history? I havent figured out why some people prefer Pfsense. I am trying to figure out what I would be missing out on.
Idk I’ve never tried OPNSense
its not, pfsense just had better marketing and became more popular. essentially, they're almost identical, if you know one, you'll be easily able to use the other right away. OPNsense has more frequent updates and in general the company behind it, is more transparent to the community.
@@DarkNightSonata That was my association was that OPNSense has had less scandal's and more transparency, but pfsense is bigger overall it seems. I am curious if they are less transparent, but more people arent moving to OPNSense by now LOL
Sticky habits I supposed.
One thing I notice adding PIA_VPN as gateway and splitting the traffic for some VLANS is if the VPN drops or became unavailable It will drop the connection to everything... Package loss for both WAN and VPN, seems to be a issue with pfsense. Any advice?
What’s your default gateway in your Routing settings? Any gateway groups created?
@@RaidOwl Hey Raid thanks for replying. I have my gateway setup to my WAN_DHCP (ISP) with no gateway groups created
Great video
I think this video just did its magic and I need to try it out now, because my asus router is just oof (I had problem with "out of memory")
You roll out pfsense to clients?
I don’t have any clients
@@RaidOwl nobody’s perfect
That intro tho hahahahaha
Hi, do you uwe a centrale Authenticator Server like OpenLDAP for OpenVPN and NextCloud ex.. ?
Nah I haven’t gotten around to that yet
@@RaidOwl That’s too bad. I’m trying to use a OpenLDAP and/or my Synology LDAP server.
Are you for real in Spring Texas?
For real
@@RaidOwl I used to live in Copperfield off Hiway 6 and 249…cool beans.
Lots of head scratching on your firewall rules, remember there is the description field so you can leave yourself handy notes ;)
Lol yeah that’s what I get for testing in prod and not cleaning up after
Baby back bi
Or wonder how my hair slipped down to the bottom of my face???
🤔🤔🤔
would be funny if you actually got a DDOS after this vijeo xD
Impossible
@@RaidOwl AT&T now offers ddos reflection?
The first step is admitting it
NO I NEVER HAVE. YES, it is very very weird
Hello Sir, can I get your personal email or any form of communication channel to discuss a challenge am facing with pfsense for your help?
networking is aids for me when it doesn't work the way you want it to