From nobody Sun Apr 06 10:27:24 2025 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZVpST0rBDz5tJY7 for ; Sun, 06 Apr 2025 10:27:37 +0000 (UTC) (envelope-from jmpalacios@gmail.com) Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZVpSS66D7z3tCN for ; Sun, 06 Apr 2025 10:27:36 +0000 (UTC) (envelope-from jmpalacios@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-qk1-x730.google.com with SMTP id af79cd13be357-7c592764e24so389338585a.0 for ; Sun, 06 Apr 2025 03:27:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743935256; x=1744540056; darn=freebsd.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=PEJZN3I7hKoUqlNXcLonFUnHSFx1Luvvvjduu1InDmg=; b=muMBoNp28wKVnxoR+jIfym8EFB5Mzoq0F7jNy057t97wVk5mQx1ik+kS/QyPE1iMg0 HLzhTBMhR3ogiFl/8Xp9doLmeSixns8ScLFGI5C4QHQTEMog8tyiicvovry98csWxdup OJPEtZWBp1o5V5Q3eVMDal+a/p9Q7/iFZ5BitnErheHee/fFp4vSyXJYMVkIrMvyMI7c HWbcUQKCT/U1+rT4Pa3YKk2w/IlHKiEhLWtpNqAYi1tpE6WwnY3SFhQlFYIq9TT4vq40 5NHKNHgkqcepx1HjIPBl4BK8KDL9mhgGnDhG2Ttc/Thy5FPPpxngFxvXS4hCvOtfPsJg NCjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743935256; x=1744540056; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PEJZN3I7hKoUqlNXcLonFUnHSFx1Luvvvjduu1InDmg=; b=aGzD3ezboQSmeIFW9FDhtNCqZT0S6p8evupoMP2nkkG+yaHoYNV6LXKGbrqZnjq4ok UZvenEKHJkUfI/6dCDM/FSZkMnXugF3TEC9BjVgTnuEQ99diu63f7fDm6bZn96T1mqVX 8i9lDhSRe44mM4lRgrxL8QvPQIDAuxKGrI5L+GDouC81BAl4N/aicK9RUB4CwmxATmjp 3s9oeUbLSSrk6Uymqpj5hBF0kSXKYYVOym8li9w6TmbQnoxjWk/QFb4gGBrd1iw2ookh UTDaqYokr3OJ1ec0YvqVWCteQkB0EJPd8vlhdTBpo6FIlBaA1F6GpIgzoNFxAPtT41i1 hngg== X-Gm-Message-State: AOJu0Yx3eNBkqLcQ/F8xZORW0hFPfZNOabD0C4+PRtUhR7u89fMYc9+Q k16zQLev5TftHI1vCB0Z0DdA0qdE4i9T8i3dYCAJiUso9DyYEaHwxnIOiHlN X-Gm-Gg: ASbGnctvpZFLSMCBbeL1HBBfyxeG5veo+jbTadQIp42B0XuOXHQsqOzaWZuybtNf+sZ ageo2EUKc+7TR7uph7wHb3RKzLxLUfotfrxLDZNuYKc2O+O4roDG9O28wxxyKoLGL1CbQhGA5y+ f2RsH9Ow2tqXwPigFJVCwLmnHrrQv/K2e34q/es9UNu1Zjy+U6yHphXo6eSiR47iIgIK6VZAfox w5dRNG+Xl2/7RejG0Lx9Y9NbJEdAjkvCucgNQ6ONmLy7lEqiI7JuumNQQqwG8G0I8BUZZ/IGBRt z48YBvaTeo7gyluc6PLw7MBwLX5uV8unMuw/2aLHVEAV4tytilWMsAw5Y0GQYaO1rrMV/PijJlY WbfaWhuCQ X-Google-Smtp-Source: AGHT+IE9htutoC+Daiuc7AiD6mSr+pVIBnBJ+Pbsvld3yXA0cNC+RqNUMAQlWD6F4CMlOwBT5sR+mQ== X-Received: by 2002:a05:620a:430e:b0:7c5:6a40:6a7a with SMTP id af79cd13be357-7c76c96c404mr2001329985a.6.1743935255675; Sun, 06 Apr 2025 03:27:35 -0700 (PDT) Received: from smtpclient.apple ([2600:4041:7970:8b10:d048:3743:d011:4dfb]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7c76e738063sm461412685a.9.2025.04.06.03.27.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 06 Apr 2025 03:27:34 -0700 (PDT) Content-Type: text/plain; charset=utf-8 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.500.181.1.5\)) Subject: Re: A FreeBSD-based Router From: Juan Manuel Palacios In-Reply-To: Date: Sun, 6 Apr 2025 06:27:24 -0400 Cc: questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: David Christensen X-Mailer: Apple Mail (2.3826.500.181.1.5) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4ZVpSS66D7z3tCN X-Spamd-Bar: ---- I personally appreciate UniFi quite a bit, I have a few devices here at = home, and even control them via a UniFi Controller instance that I run = locally in a FreeBSD jail. But I=E2=80=99d never ever trade pfSense for a UniFi router! Sure, not a = single pane-of-glass with a single backup & restore button for = everything, but the power and versatility of pfSense is just unmatched = (perhaps only by OPNSense, but I strive to steer clear from that = particular flamewar), and that certainly justifies two backup & restore = buttons ;) (or, well, three if you count my TrueNAS rig). > On Apr 5, 2025, at 7:40=E2=80=AFPM, David Christensen = wrote: >=20 > On 4/5/25 11:02, Martin McCormick wrote: >> We have been using a Netgear wndr3400v2 router since February of >> 2013 and it is probably time to take advantage of newer >> technology especially since there have been no new software updates = for >> it in years. It also has a web GUI interface that must have, at >> one time, worked for somebody, but nobody here because I have >> thrown every browser at it I can get my hands on and the best way >> to describe it is that each browser does okay with some web pages >> on it but not others and anything related to passwords or the >> changing there of seems to always make the most destructive >> changes but never any beneficial adjustments so one doesn't >> really know what got changed until later when this or that >> function no longer works. >> If I do the factory default reset, that will certainly >> set things back to originals while also deleting the dhcp table >> so I don't really want to do that. >> What I really want is a modern router with a command-line >> method of control which allows for good old text-base >> configuration files for changing router settings as well as the >> dhcpd server which it would also be running. >> My idea is to load a mini PC with FreeBSD and a router >> engine which means that the mini PC would need to have at least 2 = NICS. >> Is there any particular mini PC with a good track record >> on running FreeBSD? I just put our Netgear router on a UPS so >> that the occasional power glitches aren't as easily passed >> through to our home network and hopefully a mini PC would not run >> the UPS battery down as quickly as a full-sized work station >> might. >> Before I retired in 2015, I ran the FreeBSD-based bind >> name servers along with ISC Dhcpd for my employer and we had >> virtually no issues at all with that particular scheme so that's >> why I want to use FreeBSD in our house for this purpose even >> though I use debian Linux for most hobby activities so I can say >> good things about both unixen (I believe that is a correct form >> of speech.) >> Our router is still working, knock on wood, but we >> recently had issues with our ISP that so choked the router that I >> thought it had crashed only to find out that it came back to life >> when whatever traffic the ISC was throwing on to their system >> went away and things got back to what passes for normal. >> The FreeBSD/dhcp environment we had for over 20 years was >> run on Dell servers and we had one FreeBSD box that ran continuously >> without a reboot for over a year so I know FreeBSD gets things >> done. >> Thanks for any suggestions. >> Martin McCormick >=20 >=20 > Network engineering in the age of the Internet is a never-ending = learning curve with potentially disastrous consequences if it is done = incorrectly (including not keeping it up-to-date). >=20 >=20 > I have a SOHO network with a file server, various client devices, and = residential Internet service. I want a safe and reliable network, but = am not a network engineer. >=20 >=20 > Back in the day, I started with a homebrew dial-up firewall router = using a desktop PC, dual NIC's, and Red Hat Linux. It was a useful = learning exercise. Later, I tried purpose-built FOSS distributions. = pfSense was too powerful and complex for my needs. IPCop was a good fit = and I used it for years. But, the PC was bulky, made noise, produced = heat, and consumed power. Compact energy-efficient PC's have always = come at a premium price. I tried a few Netgear products, but also had = problems with the web user interface (WUI). More importantly, the = devices tended to crash every few months; especially in summer. FOSS = firmware (DD-WRT) helped with the WUI, but I bricked at least one device = attempting to upgrade. When I added a Wi-Fi access point (AP), I soon = discovery the hassle of trying to keep configuration settings = synchronized across multiple network devices. >=20 >=20 > Then I discovered Ubiquitti Networks and their UniFi lineup of = products. The killer feature is the UniFi Network Application -- = centralized high-level network command and control with one WUI to "rule = them all". I bought a UniFi Security Gateway, a UniFi AP AC-Lite, rented = a Linode VPS, installed Debian and the UniFi Network Application (via a = Linode StackScript), configured everything, and have been up and running = 24x7 ever since. The UniFi Network Application WUI has evolved over the = years, but has always been very polished. Upgrades have been = uneventful. Backup is achieved by downloading a configuration file. = Restore is achieved by uploading a configuration file. I easily added = incoming firewall pinholes and forwarding rules to allow remote SSH = access from the Internet. At one point, I set up a VPN to allow remote = Samba access from the Internet. I easily added two more AP's to my LAN. = Technical support was excellent when I needed it. UniFi devices are = Linux on the inside, so I can look; but I dare not touch. >=20 >=20 > David >=20 >=20