Do it yourself networking? pfSense?

Does anyone here run their own custom network using PFSense, OPNsense, or maybe even Ubiquiti for a more off the shelf solution?

I might have watched too many YouTube networking videos that make it look easy and far more secure than off-the-shelf do-it-all-in-one-box routers. I would like to lock down my network more than it is. I would also like to create a network that can take advantage of my fiber speeds (too many 1GbE ports on my current setup). I would also like to learn more about networking, and this would be a way to do it.

On the other hand, I don’t really need the fasters speeds everywhere. Also, I am a no one, so it’s not like hackers are some sort of problem for me. I have never been hacked, gotten a virus, etc. Nothing on my network is important.

If you do run a more complicated do-it-yourself system, is it worth the money and time? How did you learn how to do it? Is it something someone who knows almost nothing about networking should try?

Any input appreciated.

I’ve had network wiring of one kind or another for about 30 years at home, so it has changed a lot over the years. Currently have fiber service (100/100) for Internet. Ubiquity UniFi Security Gateway for the router and UniFi WAP for wireless. 3 Ethernet switches spread around the house with quite a bit of CAT-5 or CAT-6 wiring. One stretch goes through RG-6 and MoCA. The networking has always been rock solid, at least since I dropped my ISP’s Router/WAP that had many reliability issues. Goal is to get as much as I can wired rather than wireless.

2023 Network Wiring1549×1851 127 KB

I used to manage fairly complex networks. Now I’m retired and a single eero router is all I need. But I started learning about networks with this white paper. IMO it’s still a good place to start. YMMV.

I have been using Ubiquity Unifi for the last five years and find it very nice to work with. I upgraded from their Security Gateway to the “Dream Router” which also acts as an access point and management node for the whole network. (Earlier I needed to run a management software on the Mac.)

I run three networks on there, the main home network, one IoT network and a Guest network. Works very well.

PFSense would probably be able to do just as much, but the Unifi management console is very slick IMO.

That’s really cool. I also have a Dream Machine and a Ubiquity APs and switch. Could you elaborate a little more on how you setup our IoT network? I’m thinking about doing the same thing at home to better isolate those devices, but I’m a little unclear about how to do it and if I can “migrate” the devices without having to reset each of them.

I figured the Dream Router would be a good entry point if I wanted to get into Ubiquiti stuff, but I was hoping it would get a WiFi 7 update. Not sure if this is coming anytime soon or not. Everything else I looked at I would need a rack or a very large shelf, that is what makes me hesitant.

Which is why I think I should get a Unifi system set up. I am still unclear though, is Unifi more secure than a traditional consumer router most of us use?

When I was setting up my Unifi network & IoT vlan I relied heavily on posts in Ubiquiti’s forums as well as Troy Hunt’s (the guy behind haveibeenpwned) Unifi related blog articles.

I think it safe to say you can do more damage with a Ubiquiti setup than a consumer router, BUT you can also dial it in to a state of security perfection that leaves the consumer router in tears…

That is of course, if you will/want to spend the time learning to do it. No one will deny that there is effort involved.

I was looking, again, at what I would need for a Ubiquiti set up. For me the catch is that my internet plan is 1.2G up/down, but most of their gateways are limited to 1 GbE. The Dream Machine SE has a 2.5GbE WAN, but all the the other jacks are 1GbE. Which isn’t a big deal now, but in future proofing, what if I move up to a higher speed next year?

I wish they would update their smaller home lineup to support faster speeds.

Edit: To do what I want in a Unifi set up (2.5 GbE ports and WiFi 7) I could get a UDMSE, Enterprise 8 2.5GbE switch, and a U7 access point. That’s $1,200. I love the idea of doing this and getting to play with the settings, especially the extra security, but that’s kind of a lot of money for that.

But then again, my $500 (when new) 6e router, does not have enough 2.5 ports, and is not Wifi 7. So really, a fast home network that includes a fast switch and WiFI 7 is just not a cheap project no matter how you do it.

Hey,

I‘m running OPNsense on a protectli vault and a couple of Unifi access points and switch.
All works very very good and I can isolate many devices with separate networks etc.

I started with a USG and watched some of Lawrence YouTube videos. I was so impressed about pfSense that I also wanted the fine grained options to set things up and control.
Some years after that I switched to OPNsense because Netgate did some strange things with licenses etc.

So learning was mostly via YouTube and then getting Hands on experience, and of course fixing things when the family screams.

I can recommend my setup. Works great with 1 gig Internet and also with IPv6.

There is a ton of stuff on YouTube how to do it step by step, and it does look pretty easy to get up and running. I was close to ordering a device to run pfSense last night, but, I went the the Dream Machine SE, switch, and WiFi 7 access point instead. It is expensive, but after thinking about it, I realized it’s completely future proof. Unless my internet gets so cheap I can jump up to 10 GbE (which I would never need), I won’t need to replace anything. And once WifI 8 does come around, the access point is the cheapest part of my network.

One thing that already has me scared though, is that Ubiquiti does not have any documentation besides a simple set up guide with pictures. So I am going to have to rely on the YouTube to get this set up.

I’ve been using Ubiquiti/Unifi networking gear for about 10 years now, and I’m on my third generation of hardware for the core network. Prior to using Unifi, I ran pfSense on dedicated appliance hardware. Prior to that I used (and even wrote documentation for) m0n0wall, the original project from which pfSense was forked. In total, more than 20 years of running dedicated, non-consumer firewall/router hardware. (Plus a few years on an AirPort Extreme; I started with Apple devices.)

I think Unifi network gear is fantastic kit for “prosumers” who want to have more control over their home networks than consumer-class routers give you. You can build a better wireless network than any mesh, have flexibility to build around almost any use case, and so on. It’s not cheap, but it’s cheaper than comparable gear from other companies. The management interface, while not exactly “easy”, is certainly easier than most (including pfSense). They are the Apple of networking gear for advanced users. (Eero is probably the Apple of networking gear for more consumer-level needs.)

My advice would be a few things:

• Only do this (yourself) if you want to spend time faffing about with Unifi, your network configuration, firewall rules, and so on. That includes troubleshooting weird problems at inconvenient times with other household members glaring at you for keeping them from Netflix (or whatever).

  It’s work. Yes, it can be fun and interesting, too. (There’s a reason I’ve been doing it for 20+ years.) You will learn a lot. But go into it with your eyes open. Consumer-oriented Wi-Fi solutions cover most home use cases, and are a lot easier to manage.

• Keep it as simple as you can. I personally have (like @airwhale) three separate networks in my house, for regular use, guest use, and IOT devices. It’s a PITA. It required getting various settings right, setting up custom firewall rules, and so on. If it isn’t at least mostly right, you’ll have weird problems where one device can’t see another, or you won’t be able to AirPrint (Bonjour discovery), or use a Chromecast or Sonos, or other things like that.

• If all you want to do is have a better (more advanced) firewall/router than an off-the-shelf unit, then you can go with either pfSense or Unifi. pfSense doesn’t manage switches, wireless access points, etc.; all you’re getting with it is a router/firewall. (Plus related services, like ad blocking, VPNs, etc., but set that aside.) pfSense is significantly more advanced as a router/firewall than Unifi is. That sophistication comes at a cost of complexity, and is only worth it if you have advanced networking needs. (Like multiple public IP addresses routed to the same or multiple private networks, multiple ISPs with custom routing rules, and other things that no normal home user should ever even think about, let alone want.)

• If you’re looking to build a complete network (router/firewall, switches, access points) then you want Unifi. Like with Apple devices, Unifi works best when you go all in on their ecosystem. It’s also easier to manage than pfSense.

• For resources, I would recommend first and foremost the Crosstalk Solutions channel on YouTube. I’ve watched dozens of tutorials on Unifi on YouTube, and there are other good channels, but Crosstalk is the best. He has a reasonably current four-part tutorial about the core concepts of home networking, and a similarly reasonably current series on setting up Unifi from scratch. Including coverage of setting up multiple separate networks for different purposes (guest, IoT, etc.).

• If you decide to go with pfSense, Crosstalk Solutions does have some coverage of it, but Tom Lawrence goes into more depth on the technical side. (He’s also got some great videos on Unifi, but not as good as Crosstalk.)

• Other folks who have published useful videos on Unifi include: Smart Home Hookup (three part setup series is fantastic, but a bit dated now); Mactelecom Networks; Everything Smart Home; Willie Howe.

• Picking out hardware is challenging; everyone’s needs are different. Unifi separates different functions into different devices for maximum flexibility, but that means you need to put the kit together yourself. That’s hard when you don’t know the product line in detail. There are people who can help, if you describe your specific installation needs in more detail. You can start cheap and grow, or dive in and spend your entire budget and then some. (Especially if you need Wi-Fi 7 or 10-Gig, it gets expensive.)

• For a good starter system, maybe look at the brand new Ultra line, The ULTRA Lineup: Which is Best for You?, or the also new Unifi Express, UniFi Express: The Game-Changer in Home & Small Business Networking!. The Express in particular is very similar to standard off-the-shelf all-in-one consumer router/firewall/wireless devices.

Happy to try to answer more questions if you have them. HTH!

Great write up, thank you!

No one will care, but I need to scream into the void. If you do read this, thanks for reading.

I got my new expensive networking gear, all is good. Hook up the gateway, it does a speed test. I pay for 1.2 gig fiber service, but the speed test is showing it is 2 gig up/down! Great! One of the benefits of a small company trying to compete with Comcast (market dominating cable tv/internet service in the US) is they are quick to make improvements, but charge half as much.

Hook up the switch, spend 30 minutes figuring out why that isn’t working, but I got it (my own stupidity). Except the DAC cable (I think that is what they are called) I got from Ubiquiti is too short. Get on Amazon and order a longer one from some Chinese company. It’s rated well and the “Amazon Bestseller.” it’s not cheap either, only slightly less than the Ubiquiti cable.

Get it the next day, spend a couple of hours going through YouTube videos and getting my devices all set up on the new network. Spending time to get everything labeled so I know what is what. Everything is going great.

Except my Mac Studio is getting really slow upload speeds, about a quarter of what it should be. Everything on the switch is. Spend 2+ hours going through YT videos on settings, reading forum/Reddit posts, etc.

Eventually it occurs to me that maybe it is that Amazon cable? Plug the too-short Ubiquiti cable back in, run the 100th speed test of the day, and speeds are all normal. So it was the Amazon cable.

No idea if it’s a limitation of the cable or a bad cable. The terminology is all above my head, but I don’t see anything about slower upload speeds on the Amazon site or packaging.

One interesting side note, the connectors on the Ubiquiti cable gets very hot quickly. The Amazon cable’s connectors just get slightly warm. Whatever that means.

Anyway, part of the reason I did this was to try to learn something. Definitely doing that. Learning tons.

You should post a link to the cable you bought on Amazon so we can see what it is. Actually you should list all the Ubiquiti equipment you bought. No connector should get hot, ever. Unfortunately Ubiquiti equipment is difficult to set up because their instructions are abysmal. The equipment itself is very good.

When you say the instructions are abysmal, I think you must mean nonexistent. There is a basic diagram of how to physically mount things, but nothing outside of that. At least what I could find. I figured I am buying equipment I shouldn’t be though.

Here is what I bought, thanks for any input:

Gateway:

Switch:

Access point:

Ubiquiti cable:

Amazon Cable:
10Gtek SFP+ DAC Twinax Cable - 10GBASE-CU Passive Direct Attach Copper SFP Cable for Cisco SFP-H10GB-CU10M, Ubiquiti UniFi UC-DAC-SFP+, Meraki, Fortinet, D-Link and More, 10-Meter(32.8ft)
https://www.amazon.com/dp/B0BGMZPL4Z

Dream machine is in a closet with a NAS and IoT hubs. DAC cable runs from UDM to the switch in my office. Access point sitting next to the switch connected with a short ethernet cable.

What documentation there is can be found from here: https://help.ui.com/hc/en-us

I now see why the connectors get hot – these are active (contain amplifiers). I noticed that Ubiquiti recommends their cable for best results. Sounds like more than just an idle claim!

Anyway, my equipment is all an order of magnitude slower. It looks you could have gotten away with just RJ45 and CAT6 cables with runs under a couple hundred feet.

Thanks for the advice and link. There are tons of home lab YouTubers with tutorials that I have been following.

I wanted to just run a Cat 6, but I found that got complicated. The UDM SE ports are all 1 GbE (as are all of their gateways, I believe), so to get a higher speed connection to a 2.5 GbE switch I figured I had to go the SPF+ route. I didn’t see any other way around it.

I have been trying to figure this out for months. I wanted a network that could support fiber speeds (greater than 1 gig), had multiple 2.5 GbE ports, and that I could run out to different rooms. Even at the consumer level, a router with multiple 2.5 GbE ports is hard to find (and very expensive). 2.5 GbE switches are also $400+.

Of course now that I have Wifi 7, I need to buy all new devices that support it.

and then CAT6? Anyway, with the SFP+ you will be more “future-proof”.

I looked at those injectors, but they were sold out (still are apparently). Plus I figured their actual cable was a safer bet on everything working.

Once I get the new cable, everything should be set for a few years. I can’t imagine ever needing more than 2 gig service anyway, everything is blazing quick.