@thedoctor399 Thanks for watching! So the best answer I can give you is, kind of. According to my quick research, the owners of pfSense (Netgate) do have ARM hardware for pfSense, so in theory it could work on a Raspberry Pi, but I have yet to see any supported builds. That said, you can try to build it for Raspberry Pi, but its likely going to be very difficult. According to this article I found, there are references to Raspberry Pi in the pfSense github repository, but no actual build. raspberrytips.com/can-pfsense-run-on-raspberry-pi/ With OPNsense, we're a bit luckier as, there are alpha builds out there, as noted in the video, (links in the description). However, as noted, stability is questionable. I haven't tried this, but it sure would be fun, and likely frustrating at times. Now specifically for CM4, since its bare bones RPi, you shouldnt have issues with getting the same build to run, more or less. However, as you noted, with the interfaces, thats a different story. You'd have the native NIC working on the DFRobot, as for the secondary NIC, on the DFRobot, you'd need to have the appropriate driver for the RTL8111 secondary NIC on the board. From the looks of it, and reading the comments in the blog post below, it looks like its possible. Now if that driver has been ported to ARM, is a different question, since this article refers to an Intel build. Seems like the driver is not as performant as Intel NICs, but nonetheless, it's possible. forum.opnsense.org/index.php?topic=22019.0 I imagine WiFi would work since the chipset on the CM4 are RPi 4 are practically the same. Overall, going about this journey will be tough. You will have better luck with OPNsense over pfSense, but its still not something I would recommend in any production scenario, including home network where you rely on it for internet connectivity. It would certainly be fun to play around with, until a more stable build comes in the future, which OPNsense does have slated in the new 2-3 years.
@thedoctor399 You’re welcome! Thanks for sharing your build. I know how it feels to go down that rabbit hole, sometimes you can’t even see the light with how deep you get haha. I’m definitely more of a OPNSense fan, but it’s neat how you can repurpose old tech and make it useful networking equipment. So your old HP can handle fiber which is awesome (with that express card). Yea that 30w does add up over time, especially depending on how much you pay for energy, it can be a chunk of change. As for the look of pfSense, I can relate. I run OPNsense and I prefer it’s web GUI to OpenWrt. I feel it’s way more polished and robust, while OpenWrt is a bit more minimalistic. However, given the number of architectures and devices OpenWrt supports, their time is clearly better spent on supported hardware. So at least with that, you can do so much with OpenWrt that’s just so difficult with OPNsense or pfSense. Would love to integrate a cellular modem into my OPNsense, but sadly they’re options for supported modems are very limited. Sounds like you have the easy part figured out haha. In my opinion, if you’re set on pfSense, find Intel build that has decent amount of power but also lower power consumption. You can find Intel SBCs that might be able to serve your needs. I admire the ambition for building pfSense on the CM4, but if you’re hard set on that, I’d recommend trying OPNsense first, since there are builds already out there, with more instruction probably on how to build for RPi. Otherwise, search eBay or find some other Intel based build and save yourself the headache. Unless you want to be the first to build an ARM supported pfSense, then have at it and best of luck 😊.
@thedoctor399 Definitely! I would start with OPNsense builds for arm. You can embark on that journey here github.com/opnsense/tools/ This might be something I'll entertain myself 😊 I can always try to help create a working pipeline / build for OPNsense on their git repository, by doing a pull request, or basically getting in touch with the administrators of the repository, but chances are since they are not focusing on ARM support until 2025 (I think), they likely won't set that up, and instead you're basically left on your own to build your own ARM images of OPNsense. As for pfSense, I wish you better luck there, as I would have no clue where to begin there. Somehow it would involve working with Netgate in some capacity, and I can't speak to how easy that would be.
Thanks for watching @ShawnWebb. I appreciated you chiming in and sharing that correction for everyone to see. Its been sometime since I read the docs, so I must've missed it when I read over the history. Definitely adds to its fascinating timeline with m0n0wall, FreeBSD and HardenedBSD.
Thanks for watching and for sharing @DaveRGV! I've been using vi / vim for so long, I'm just used to typing out the commands, and didn't explicit mention how to exit and save in vim. Appreciate you sharing this with everyone, since I'd hope most people actually saved their file, instead of just rebooting, since you'd then get stuck. While I haven't checked, hopefully this isn't an issue with newer versions of OPNsense.
Thanks for watching Mr D! They both certainly are, and while I haven’t really used pfSense, I’ve seen enough to know the similarities, and have read a great book from No Starch Press on setting up good firewall rules using pf firewall, the basis of both OPNsense and pfSense. So much to play around with it as it’s all free. While I’ve gotten quite a few features working, I’ve only scratched the surface. More videos to come on what I’ve done thus far!
Thanks for watching Subhasis! I do not, but out of the box, from a base install, you shouldn't have to configure a WAN port, or the routing between WAN and LAN. You just have to plug the right cables into the right ports, and it should work right away. Usually port 1 is the LAN port, and port 2 is the WAN port. At worst, should require minimal trial and error.
Thanks for watching Timotheus! Could you elaborate more on what you mean? Like are you talking about how many active TCP connections? (UDP not apply since its connectionless). In general, an intel device like this can handle many connections at once and unless you had hundreds of devices all active at the same time, I wouldn't be too concerned.
@@DevOdyssey hi! thx for your answer! i mean how many network cards in this route firewall device is recommend. for example a zywall hase 5 ports to plug in a ethernet cable.
@@hannes8004 you’re welcome! Thanks for watching. So that really all depends on what you plan to use the router for, and how many physical networks you plan to have, though to overcome any limits there you can always create VLANs. Anyway in my opinion, you should at least have 2, and I think 3 to 4 is a good number for home network or small business networks, as it would cover most use cases.
You’re welcome snax44, thanks for watching! I bought it from eBay, from a seller called raptor firewalls, but I can’t seem to find their listing anymore. Nonetheless it’s just a generic pc firewall appliance that you can find on eBay and AliBaba with an Intel CPU. I found a similar one, which you can see below. This one might actually be better, given the extra ports it has that are very convenient. The Intel cpu is roughly the same, and should be performant enough for firewall workloads. www.ebay.com/itm/123876249983?mkcid=16&mkevt=1&mkrid=711-127632-2357-0&ssspo=xaU7Qli9R-2&sssrc=2349624&ssuid=2ap7u_szrem&var=&widget_ver=artemis&media=COPY Hope this helps!
What excites you about OPNsense, pfSense, or other BSD based firewalls?
@thedoctor399 Thanks for watching!
So the best answer I can give you is, kind of.
According to my quick research, the owners of pfSense (Netgate) do have ARM hardware for pfSense, so in theory it could work on a Raspberry Pi, but I have yet to see any supported builds. That said, you can try to build it for Raspberry Pi, but its likely going to be very difficult. According to this article I found, there are references to Raspberry Pi in the pfSense github repository, but no actual build.
raspberrytips.com/can-pfsense-run-on-raspberry-pi/
With OPNsense, we're a bit luckier as, there are alpha builds out there, as noted in the video, (links in the description). However, as noted, stability is questionable. I haven't tried this, but it sure would be fun, and likely frustrating at times.
Now specifically for CM4, since its bare bones RPi, you shouldnt have issues with getting the same build to run, more or less. However, as you noted, with the interfaces, thats a different story. You'd have the native NIC working on the DFRobot, as for the secondary NIC, on the DFRobot, you'd need to have the appropriate driver for the RTL8111 secondary NIC on the board. From the looks of it, and reading the comments in the blog post below, it looks like its possible. Now if that driver has been ported to ARM, is a different question, since this article refers to an Intel build. Seems like the driver is not as performant as Intel NICs, but nonetheless, it's possible.
forum.opnsense.org/index.php?topic=22019.0
I imagine WiFi would work since the chipset on the CM4 are RPi 4 are practically the same.
Overall, going about this journey will be tough. You will have better luck with OPNsense over pfSense, but its still not something I would recommend in any production scenario, including home network where you rely on it for internet connectivity. It would certainly be fun to play around with, until a more stable build comes in the future, which OPNsense does have slated in the new 2-3 years.
@thedoctor399 You’re welcome! Thanks for sharing your build.
I know how it feels to go down that rabbit hole, sometimes you can’t even see the light with how deep you get haha.
I’m definitely more of a OPNSense fan, but it’s neat how you can repurpose old tech and make it useful networking equipment. So your old HP can handle fiber which is awesome (with that express card). Yea that 30w does add up over time, especially depending on how much you pay for energy, it can be a chunk of change.
As for the look of pfSense, I can relate. I run OPNsense and I prefer it’s web GUI to OpenWrt. I feel it’s way more polished and robust, while OpenWrt is a bit more minimalistic. However, given the number of architectures and devices OpenWrt supports, their time is clearly better spent on supported hardware. So at least with that, you can do so much with OpenWrt that’s just so difficult with OPNsense or pfSense. Would love to integrate a cellular modem into my OPNsense, but sadly they’re options for supported modems are very limited.
Sounds like you have the easy part figured out haha. In my opinion, if you’re set on pfSense, find Intel build that has decent amount of power but also lower power consumption. You can find Intel SBCs that might be able to serve your needs. I admire the ambition for building pfSense on the CM4, but if you’re hard set on that, I’d recommend trying OPNsense first, since there are builds already out there, with more instruction probably on how to build for RPi. Otherwise, search eBay or find some other Intel based build and save yourself the headache. Unless you want to be the first to build an ARM supported pfSense, then have at it and best of luck 😊.
@thedoctor399 Definitely! I would start with OPNsense builds for arm. You can embark on that journey here
github.com/opnsense/tools/
This might be something I'll entertain myself 😊
I can always try to help create a working pipeline / build for OPNsense on their git repository, by doing a pull request, or basically getting in touch with the administrators of the repository, but chances are since they are not focusing on ARM support until 2025 (I think), they likely won't set that up, and instead you're basically left on your own to build your own ARM images of OPNsense.
As for pfSense, I wish you better luck there, as I would have no clue where to begin there. Somehow it would involve working with Netgate in some capacity, and I can't speak to how easy that would be.
A small correction: OPNsense is no longer based on HardenedBSD, but switched back to FreeBSD as the base operating system.
Thanks for watching @ShawnWebb.
I appreciated you chiming in and sharing that correction for everyone to see. Its been sometime since I read the docs, so I must've missed it when I read over the history. Definitely adds to its fascinating timeline with m0n0wall, FreeBSD and HardenedBSD.
11:48 After typing set kern.vty=sc, hit escape, then :wq! to save the file. then type reboot
Thanks for watching and for sharing @DaveRGV!
I've been using vi / vim for so long, I'm just used to typing out the commands, and didn't explicit mention how to exit and save in vim. Appreciate you sharing this with everyone, since I'd hope most people actually saved their file, instead of just rebooting, since you'd then get stuck.
While I haven't checked, hopefully this isn't an issue with newer versions of OPNsense.
OPNSense and PFsense is pretty powerful in all aspects....especially all this technology is out there for free 😎
Thanks for watching Mr D!
They both certainly are, and while I haven’t really used pfSense, I’ve seen enough to know the similarities, and have read a great book from No Starch Press on setting up good firewall rules using pf firewall, the basis of both OPNsense and pfSense.
So much to play around with it as it’s all free. While I’ve gotten quite a few features working, I’ve only scratched the surface.
More videos to come on what I’ve done thus far!
Do you have a video on configuring the WAN port and the routing between WAN and LAN port ? If so please could you mention the link here?
Thanks for watching Subhasis! I do not, but out of the box, from a base install, you shouldn't have to configure a WAN port, or the routing between WAN and LAN. You just have to plug the right cables into the right ports, and it should work right away. Usually port 1 is the LAN port, and port 2 is the WAN port. At worst, should require minimal trial and error.
How many network connection are recommend?
Thanks for watching Timotheus!
Could you elaborate more on what you mean? Like are you talking about how many active TCP connections? (UDP not apply since its connectionless). In general, an intel device like this can handle many connections at once and unless you had hundreds of devices all active at the same time, I wouldn't be too concerned.
@@DevOdyssey hi! thx for your answer! i mean how many network cards in this route firewall device is recommend. for example a zywall hase 5 ports to plug in a ethernet cable.
@@hannes8004 you’re welcome! Thanks for watching.
So that really all depends on what you plan to use the router for, and how many physical networks you plan to have, though to overcome any limits there you can always create VLANs.
Anyway in my opinion, you should at least have 2, and I think 3 to 4 is a good number for home network or small business networks, as it would cover most use cases.
Thank's for the video.
What's the model of the PC you're using ?
You’re welcome snax44, thanks for watching!
I bought it from eBay, from a seller called raptor firewalls, but I can’t seem to find their listing anymore. Nonetheless it’s just a generic pc firewall appliance that you can find on eBay and AliBaba with an Intel CPU.
I found a similar one, which you can see below. This one might actually be better, given the extra ports it has that are very convenient. The Intel cpu is roughly the same, and should be performant enough for firewall workloads.
www.ebay.com/itm/123876249983?mkcid=16&mkevt=1&mkrid=711-127632-2357-0&ssspo=xaU7Qli9R-2&sssrc=2349624&ssuid=2ap7u_szrem&var=&widget_ver=artemis&media=COPY
Hope this helps!
@@DevOdyssey oh great!
Thank you very much for all this information and the link.
@@snax4499 You're welcome, Good luck with your build!