Building The "Ultimate" Router - [PFSense + Pi-hole + PIVPN]

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this might look a bit goofy but hey I'm proud of it because this goofy little thing is actually a pretty cool little machine this is eventually going to be my new router and it's not like any other boring old router this guy has quite a few tricks up its sleeve in this video I'm going to show you what all it can do and how I put it all together so stick around [Music] now before we get too far into this video I want to take just a second to thank the sponsor of today's video hellofresh if you're a fan of the hardware Haven Channel you know I'm not too shabby at putting together a DIY project or Home Server but when it comes to putting together a healthy meal that's a different story that's why I'm happy to talk about the sponsor of today's video hellofresh I'm sure many of you have goals for the new year and hellofresh can be a game changer when it comes to sticking to them with a variety of weekly recipes to choose from including options like calorie smart and carb smart hellofresh makes it easy to eat well and achieve your goals not only do you get top quality ingredients with hellofresh but they travel from the farm to you in less than seven days ensuring that everything is nice and fresh plus they make it easy to save time and be environmentally friendly by delivering everything straight to your door and eco-friendly packaging and surprisingly it's often more affordable than the grocery store and 25 cheaper than takeout my wife and I love using hellofresh even though she's a great cook and loves finding new recipes on her own but sometimes life just gets crazy and it's nice to have an easy and affordable option for eating healthy and tasty meals we love trying all the new recipes they offer but our favorite is definitely the yogurt marinated garlic chicken and the lemony couscous if you're looking for a way to eat healthy while still preserving your valuable time and money give hellofresh a shot right now you can go to hellofresh.com and use code Hardware Haven 21 for 21 free meals plus free shipping make your New Year healthy stress-free and delicious with hellofresh if you're a regular viewer of the channel you might have seen my previous video installing proxmox and pfSense on this Odyssey from Seed Studio and in this video I'll be doing something really similar but I'm going to take advantage of some of the features that the Odyssey offers and take things to the next level if you're unfamiliar with pfSense or proxmox you can check out my video covering them both here but to sum things up pfSense is an open source software that turns basically any PC into a router and allows for a lot of control and flexibility and proxmox is a hypervisor or operating system that will let us install pfSense as a virtual machine meaning we can run that and multiple other operating systems all on this one computer if you are familiar with all of those things you might be concerned about using a VM for a router however this thing seems to be super stable after testing I'm also going to have a dedicated drive for pfSense so if proxmox gets all scrambled up for some reason I should be able to just boot from the psn's SSD and at least have my router back up and running I'll talk more about that in a bit though also all the services I'm running on the system are pretty much reliant on my router so it's not really a problem if my router goes down or is being serviced The Odyssey from Seed Studio is packed with a lot of cool features and I O and the two that I'm taking advantage of today are the SATA port and the m.2 pcie slot in the previous video where I covered pfSense virtualization on this little guy I had to use a USB to ethernet adapter to pass through both onboard Nix to the pfSense VM that way I'd still have Network to my proxbox hypervisor but today I'm going to use this cool little dual two and a half gigabit Ethernet to m.2 adapter I found on AliExpress this will let me have four onboard Nicks that I can hopefully pass through to VMS or use for proxmox as needed I'm also going to add a two and a half inch 128 gigabyte SSD alongside the m.2 SATA SSD the m.2 drive will be the boot drive and lvm storage for proxmox and the two and a half inch Drive will be a dedicated boot drive for pfSense this allows as I mentioned earlier to boot directly from the pfSense Drive in case something terrible happens to my proxmox machine allowing me to at least get my router back up and running as quickly as possible now there's no sense in running pfSense as a virtual machine unless I plan on running other things on this machine as well which I am hence the name ultimate router alongside the router virtual machine I'm going to set up Pi hole which is a DNS sinkhole or essentially a DNS server between your network and your actual DNS server they can do cool things like block ads or other malicious content but I'll mostly be using it just to set up local DNS records so I can for example access my router's web UI by going to something like https colon myrouter.home instead of having to remember the specific IP address I'm also going to set up a wireguard VPN server which will let me tunnel back into my home network from multiple devices providing a little bit of security and privacy in certain situations but the main reason to have a VPN like this is that I'll be able to access devices and services on my home network without having to individually expose ports for them to keep this video from getting too long I'm gonna stop there but I could add a lot more things like nginx for reverse proxying to any of my hosted Services a dedicated Dynamic DNS service or even not Network related services like home assistant however I do like the idea of this just being a network-centric server also if you're enjoying this video maybe give it a like as that goes a long way also if you're new to the channel and this all seems interesting to you maybe consider subscribing to make sure you see more videos like this when they come out this all sounds great you might be saying but how do we make it all work well the first thing we need to do is assemble all the hardware now to make this the ultimate router we obviously need to add some Hardware starting with this m.2 to dual two and a half gigabit Nic like I mentioned earlier I'm also going to be adding in this 128 gigabyte SSD for pfSense and I'll use this adapter from Seed Studio to connect it to the board I also use this mounting plate to attach the SSD to the top of our case now obviously to fit all this Hardware in here we're going to need some more space and seat Studio makes these cool little stackable middle frames for their recomputer case that we're going to use I had my buddy chance cut one of these open so you'd have some room for the two and a half gigabit nics after a few modifications to the middle frame as well as the PCI card plate I ended up with this which isn't perfect but I think it gets the job done with everything ready to go it was time to just put it all together [Music] foreign [Music] with all the hardware assembled it was clearly time to move on to the software first I installed proxmox the same way I always would and then enabled iommu following proxmox's guide iommu is required to pass through PCI devices like our Nix I also quickly labeled the Real Techniques and the network tab just to keep things straight it was obvious which interface was already in use so I knew the other was going to be the one that gets passed through to pfSense then I started on pfSense by creating a virtual machine first I uploaded the pfSense install ISO which I already had on hand then started creating a new virtual machine with the OS type other and gave it the installer ISO I went with Q35 and ovmf instead of cbios because I need a pfSense to boot in UEFI so that it could work both in our virtual machine and on bare metal if needed because I'm going to pass through the disk I deleted the default Virtual Drive I gave it four CPU cores and selected host as the CPU type to give pfSense access to all the instruction sets on the CPU and then gave it three gigabytes of memory under Network I selected none because I'll be passing through the Nyx via PCI pass-through before starting up the VM I needed to pass through our drive and Nyx the Knicks were easy because they're all on individual iommu groups so I just passed through each one selecting all functions and PCI Express since we're running Q35 passing the disc through wasn't quite as easy since the SATA controller is used for both the SATA port as well as the SATA m.2 boot drive so instead of using PCI pass-through I was able to follow a guide that I'll link in the description below to pass the disk virtually to the VM and it worked great with that all out of the way I booted up the virtual machine making sure to uncheck secure boot on the first startup and then installed pfSense as I did in the previous video once installed I could identify Which Intel Nick was which by plugging one in and seeing which interface was shown as up the two and a half gigabit interface wasn't listed because BSD which is what pfSense is built on doesn't include the correct drivers by default so following another guide which I'll also Link in the description I managed to get the correct drivers installed and rebooted the machine there's also a hardware checksum offloading option in pf sense that needs to be disabled for real Technics or virtualized interfaces to work properly because I was expecting some issues with the real technique at first I set it up on a separate switch and a 192.168.2 subnet and connected my desktop to that switch just to make sure it worked properly at first I thought it wasn't functioning as I couldn't get access to the web or the pfSense admin panel but then I realized I was just being a bit dumb because it was set up as the opt1 interface and not the Lan interface there were no default rules set up so packets weren't being routed anywhere after copying some rules over from the Lan interface everything worked perfectly so I switched over the Intel Lan port to be on the 192.168.2 subnet and on its own switch and I ran the two and a half gigabit interface to my two and a half gigabit switch that my Mas devices and such are on and everything seemed to be working great with pfSense setup it was time to move on to pie hole for this I decided to run an lxc container rather than a full-fledged VM to help preserve resources I'm not an expert on lxc containers or anything I cover on this channel for that matter but I felt confident enough to give things a shot after a little bit of research because I'm comfortable with it I landed on just downloading the Debian 11 template and creating an lxc container with it that I called pie hole I gave it eight gigabytes of storage one CPU core and 512 megabytes of RAM this should be plenty but if I ever do run at a bottlenecks down the road I can always allocate more resources I gave it a static IP and spun it up running python Debian is as simple as installing curl running a single script and then following the instructions I actually have a whole video covering the setup process on a really old Mac Mini if you're interested in learning more about pie hole with pie hole setup all I needed to do was change the DNS server and the pfSense config and then the router started handing out the pie hole DNS address to all of its DHCP clients to set up a container for wireguard I'm set up a container in the exact same way as the pie hole container but gave it two CPU cores just because maybe wireguard needs a little bit more processing I don't know I probably could have run my wire guard and pie hole services on the same container but I like the idea of having some separation for maintenance and such and lxc is very lightweight compared to Virtual machines to run wireguard there was a little bit of configuration needed on the host machine to make sure all of the tunneling networking stuff worked properly this is all over my head and Way Beyond my scope of knowledge but I'll also link the guide that I referenced in the description rather than trying to do all of the wire guard config manually I decided to use Pi VPN which can also be set up using a convenient single script once again I just followed the instructions selecting to force IPv6 routing creating a new non-root user and then selecting wireguard as my VPN protocol I changed my port to 51821 to avoid conflicts with my actual wireguard server which is 51820 and selected a custom DNS server so that I could use my pie hole instance to run wireguard you will need a domain name pointing back to your public IP you'll probably want to use a Dynamic DNS service like Duck DNS since you probably have a dynamic IP address I've covered this quite a few times before I set my instance up with a pre-existing domain name that I have and then set up port forwarding on my current actual router the forward port 51821 to my wire guard container in the command line I use the pi vbn tool to create a new peer for my phone and then scan the QR code in the wireguard app to set up my tunnel and boom I had a working VPN over a Cellular Connection at this point everything seemed to be working great after running it for a few hours I even tested to make sure I could boot directly off the psense SSD but you may have noticed that I mentioned port forwarding on my actual router a minute ago and not pfSense that's because I haven't actually swapped this out for my current router yet and I know that's kind of lame I mean why build an ultimate router if I'm not going to use it well I do plan to use this as my actual router but I just haven't quite had the time to do it I don't mind breaking stuff and my wife doesn't even care that much when I mess with their computer but breaking our home internet just isn't really something I want to do until I have a lot of time to troubleshoot while no one else is home I'd also like to have some time to brush up on my PF sense and networking skills before I make the switch but just know that I fully plan to make a full video covering it when I do if this all seems interesting to you maybe check out this video here where I do a full-on deep dive into setting up proxmox and PCI pass-through for a Home Server I also want to thank hello fresh again for making this video possible and don't forget to go to the description or hellofresh.com and use code Hardware Haven 21 to get 21 free meals plus free shipping that's about it for this one though so as always thanks for watching stay curious and I hope to see you in the next one [Music]

Info

Channel: Hardware Haven

Views: 158,991

Rating: undefined out of 5

Keywords: pfsense, 2022, 2022 router, building router, debian, diy router, docker, docker with pfsense, home server, homelab, linux, low power server, mini, mini server, pfsense docker, pfsense firewall, pfsense proxmox, pfsense router, pfsense setup, pfsense vm, proxmox, proxmox router, proxmox ve, router, running pfsense and docker, self hosted, single board computer, virtualizing pfsense, pihole, pivpn, wireguard, 2.5gb router, 2.5gb ethernet, pfsense with pihole, pfsense with wireguard

Id: 8QTdW0Q8U3E

Channel Id: undefined

Length: 15min 45sec (945 seconds)

Published: Sat Jan 14 2023