your home router SUCKS!! (use pfSense instead)

checkout AnsibleFest ------- red.ht/networkchuck
AnsibleFest is a free virtual and immersive experience that brings the entire global automation community together to connect communities and spark collaboration. Typically an in-person event, AnsibleFest was changed to a virtual experience last year due to the pandemic. A virtual environment allows for a larger attendance and expands the conversations to people around the world.
EXTENDED VERSION (VLANs and NordVPN): ntck.co/3jXJUqJ
LINKS
---------------------------------------------------
pfSense Download: www.pfsense.org/download/
PIA on pfSense Official Guide: ntck.co/3tBrvmX
turn your old router into an access point: ntck.co/38U2l9J
What you (might) need:
---------------------------------------------------
Protectli pfSense Router: geni.us/ghLjK (affiliate)
NetGate pfSense Appliance: geni.us/CKLzn (affiliate)
Switch (supports vlans): geni.us/sympWI (affiliate)
🔥🔥Join the NetworkChuck membership: ntck.co/Premium

my router is not insecure you leave him alone

Him: Get rid of your router now
Video: stops

Dude you are a blast to watch. I have been in Cyber forever and it's rare to come across someone that is both smart and able to communicate in a way folks can digest.

Struggled with setup at first, realized I wasn't squinting enough during coffee breaks.. everything works great now..thanks for the help!

Nice work, happy to see some more love out there for pfsense and thanks for the shout out about my pfsense videos.

NOTE: You may have to power cycle a cable modem since it is only capable of leasing out one IP address, and it was already leased to the previous hardware. Power cycling will clear the lease.

I've been using pfsense for awhile. Idk. Most people may be better off with a generic router. A non-technical user can get oneself in trouble pretty quick, which is then really frustrating when all they want is to browse social media. For folks who like to tweak and upgrade performance, oh no doubt, it's great.

Your content and enthusiasm in creating that content has tremendously motivated me to pursue my dream of working in IT. Because of you, I signed up for an IT degree program, paid for by my employer, and I am hard at work at that as well as working towards IT certifications. Thank you for your dedication!

Wish I had a friend like this dude, imagine the amount of knowledge he could supply you with.

My friend I wish I would have had you as a teach back in college man. You explained this in the most simplest of terms and how everything works at operational levels. I even have mine set up with port forwards for remote access. Best day ever on configuring a pfsense router. Actually my first time ever too. You are the best! I'll be checking out more of what you have on here over time during my intervals of non interruption from everyone wanting help with IT or physical labor lol

I've been getting so mad at my Netgear router and so pissed off that I couldn't get my speed or connection issues fixed. Thinking it was my ISP and causing hell with them for months. When I watched your video it hit me, "oh I am the problem". I got myself everything you told me to get (choose a different ap). Everything worked. Literally everything. In one day! I got the speed I wanted, IoT connection issues were gone, and I am the happiest dude in the universe! Thank you for making networking so much fun! I appreciate everything u do!!!!

I just want to say that TH-cam technical presenters could learn a lot from you.
I love the other sources for deep-tech to be sure, but in comparison to even the "best", I think the balance you have found between providing concise information and the pace of your delivery is excellent, compared to the glacial pace at which most other "tutorial" videos provide their material, excellent as they may be otherwise.
I also love the fact that I must pause/repeat during your presentations, rather than wait around for the next connecting concept to emerge from some irrelevant tangent that so many other channels seem to fall into as they attempt to have their material more easily "absorbed". Your delivery is fast, relevant, direct, and structured to be easily comprehensible to beginners, while being an excellent resource for FAST reference by more experienced students of the material, all while remaining very personable. People who do not produce for you will never know the creative process behind videos like yours, with endless decisions to be made about how to structure and present their chosen topic, so I applaud your choices, including the occasional "coffee breaks" and humorous B-rolls that do not interrupt the pacing in any real way.
Anyway, thanks; not just for the materials being presented, but for your fast, concise method of video presentation. All training videos should study your method.

I know close to nothing about networking but your sheer excitement made me watch this lol

For those who find pfsense a bit complicated, ipfire is a great choice. I been running ipfire for many years and switched to running it on a protecli device a year ago. The bad thing about protecli though is many of their lower end devices (2 ports and 4 ports) have many hardware vulnerabilities due to the old intel chips being used. I have the 2 port version and it is plagued with hardware vulnerabilties. Ipfire has a built in checker to check for hardware vulnerabilities unlike pfsense, which is an awesome feature to inspect the hardware to ensure it is not vulnerable. I am working to look at different hardware since my current protecli i bought a year ago has to many hardware vulnerabilities on it now. If you get protecli, get coreboot bios, since all their stuff is made/flashed in china, but at least with coreboot you get opensource firmware vs who knows what extra stuff is included in the china flashed firmware.

Great video! One thing I want to add is that I looked into devices like protectli, but you'll trade that nice, small size, for performance. For about the same price, you could get a mini or micro PC that is a good bit more powerful and has better cooling. I ended up with a new Mobo, slightly older i5, 8GB of RAM, threw in an SSD hard drive I had laying around and it blows those mini routers out of the water. I run a point to point VPN, and initially my PFSense box was running a weaker processor and the usage sat around 30-40% at all times. The mid consumer tier intels (older and newer) and some AMDs have built in encryption capabilities that PFSense can use for things like VPN. I bought an i5 off of eBay for about $50 and now my usage rarely goes above 10%. I really have liked PFSense with Unifi access points.

My girlfriend was mad several times when I was playing with that new toy and overdid it :D... Redundancy and night shift are good thing. Gotta have that coffee!

Firstly LOVE your channel.
Secondly, thanks to you my home is now protected by pfsense. I converted an old core i5 8gb ram workstation, added an extra lan card for $15, now all my home internet runs through it. Runs pfblocker and SNORT like a breeze. Amazing at all the stuff it detects and blocks. Feels like i have the safest home network in my city.

Great work. I loved pfSense: I decided to replace an old Gentoo that I could barely administer with pfSense... In my job... With no experience in pfSense... Only following the documentation in 2014 and worked great. After I finish my house, I will replace the router with a tiny pfSense. Thanks for your video, it was really fun to watch you. Best regards from Argentina.

Thank you for clarifying how things actually connect from a hardware sense. Feels like so many helpful nerds assume I’m already a master of the fundamentals but that means there are less opportunities to actually learn the fundamentals lol. I found this super helpful

"it's slow, it's insecure and it's not very fun" wow I can really relate to my router. Didn't realize we had so much in common 😆

Love the use of the pen on these fast moving tutorials. So much easier to follow. On some of the others (from others) the screen flips to the next before the viewer sees what was clicked (what the hell did he just do? - Rewind!). A great way to add value to your videos! I'm sold. Thank You.

I really appreciate this channel. The education you recieve and the fact that it's free. Most of all, I love his teaching style i.e. enthusiastic, he loves what he does and it comes across. So many teaches are jaded and act like government employees, meaning it's just a job. I don't take this channel for granted and I'm grateful for it. On a different but not unrelated topic, he makes that coffeee look so good, that I had to go this site and order some for myself.

Great video!! As an old Cisco Pix, Checkpoint Firewall, BayNetworks Networking & Security Engineer, I’m blown away by what pfsense can do these days. I’m long been retired but in the tail end of my career years I was working with pfsense in about 2007 -2009. There were two other products named Untangle & I can’t remember the other name I had worked on for some time testing which were pretty solid at that time also. Now, I no longer get involved much with networking even as hobby but I do occasionally browse to see where things are at like tonight and I’m glad I did. You might have just inspired me to to build a little cube and dump pfsense on it to play with at home. Thank you for this fantastic chock full of info and demonstration. I owe you a cup of joe. 🤟

"The ability to have fun with your network which is AWESOME" - Talk about the ultimate stay single for life statement lol (Great video -will look into)

Big fan of PfSense, deployed hundreds of them. Personally I use the Ubiquiti Dreammachine Pro now, cheapest way to get SFP+ connections. If you want next-gen firewall protection with Pfsense, you can setup Suricata on it for even better protection.

One thing I think is neglected on most networks is the use of traffic shaping. On the network I used to run, I could have a couple machines running torrents full blast with zero slowdown for any of the traffic that needed low latency. Traffic shaping is also a great way to get around buffer bloat effects from ISPs using buffers that are much larger than they have any reason to be. If you can shape the whole network's maximum traffic to 95% of your ISP's maximum bandwidth, then you can prevent traffic coming in from or out to the internet bottlenecking on the ISP side because the buffers are overrun.

Instructions unclear: I was so quick to burn my terrible router that I did it before he said I could still use it.

His love for coffee, coupled with playing the video at 2x, is awesome! Moreover, nice to see Lawrence Systems chiming in on someone else's video. I like seeing multiple channels checking out and supporting others.

What I find amazing, is that while watching videos like these, I follow along just fine.. but when I try to do it myself, my mind goes blank ;)

Oh My God Chunk, your content is better than my teacher's courses,I wish that my teachers teach like you and make the student love and fall in love with IT.
All me respect to you...

Just set my pfsense router using the appliances you recommended. Everything is running like a breeze! I appreciate this tutorial video very much thank you!

First met PfSense about 10 years ago... It seems the interface and possibilities have evolved a lot ! Great video ;-)

Hi @NetworkChuck
Awesome what you do BTW! What would be very interesting is to go into the details of IPv6 on pfSense (some hints there.. Prefix delegation, Security topics, what should be allowed per default, how to keep track of all the devices, how to allow for certain ports, etc.). In my eyes, this can get very messy really fast.

You sir are the teacher I never had in school; you make learning so much fun and simple. I’m going to get on this right now as I use UniFi access points for my wifi as well. Thank you so much

The option shown here is actually really cheap for a PfSense router.
If you were to build a cheap PC with new components, the most expensive part would be the Network Card which has the network interface for SFP+ or RJ45 (usually), they're usually as expensive as a budget GPU at the moment.
Intel network cards are pretty much the best, be they Wi-Fi cards for laptops or ethernet network cards for PC/Servers so if possible, get one of those.
Ideally you should get a network card with a minimum of 2 interfaces, one for input (from your ONT) and one for output (which goes in your switch), from your switch you can connect to the internet everything, Smart TVs, Wireless Pots, PCs and so on (depending how you made your network structure around the house/company building).
Thing is more than 2x RJ45 or SFP+ ports used at the same time, can overload your router's CPU and the network speed will go down so don't think about replacing the cost for a switch with a multiple port network card, it's not gonna be good.
As for the CPU and RAM, well, a Pentium is better than a Celeron and are pretty much the same price so get that (for socket LGA1700, those are the latest gen so it's gonna be perfect) and probably 2 sticks of 4GB RAM are gonna be plenty, 3200 MT/s frequency and 22CL to keep things cheap.
Use a mITX motherboard for everything and use the stock cooler, so that everything fits in a Cube Tower case, and you can place the router anywhere, it won't be that big, noisy and ugly sitting somewhere in sight.

"get rid of it!
It's slow, insecure and not really fun"
Exactly what my girlfriend said about me😓😅😂

I’m currently using a MikroTik router at home. It has lots of capabilities, similar to PfSense, but GUI is not as good.

Thank you for this video! I recently purchased the Protectli Vault (8gb ram, 120mSATA) and I was a bit lost in the understanding pfsense. You made it not only easier to understand but did it with great humor! If I had you as a network instructor it wouldn't even feel like school. Thanks again!

You really got the psych down on how to make sure people with ADHD stay focus with the camera pans, my brain is absorbing all the information and I can't look away from the video

Great video. Long but worth it. Would love to see you do a similar video on OpenWRT running on a Raspberry Pi4 (now supported on the latest version of OpenWRT). PfSense is more polished it seems but for me it's amazing to do similar stuff all on a Pi4.

Great video and walkthrough, wish I had you as my IT instructor you explain things very well! Can’t wait to try this! Enjoyed your enthusiasm and energy!

Thank you for the raspberry pi comment! This is one of the most important information when I watch videos about such server tools.

I love your videos. They are great, engaging and the content is interesting. But....too many camera changes, it's distracting

I just finished the Google IT Support Cert networking section. I fell in love with it. I can't believe it only took a week and almost everything you did makes sense to me. Like 100%. I'm so buying the exact setup, and will follow along. Then, I promise I will get into trouble lol. Wish me luck. Excellent content. I was thrown off by the guy fawks mask, so glad I clicked on your vids. Great content man

Thank you Jedi for your splendid tutorials and your enthusiasm, which has no equal!

Lol! That’s funny. I immediately thought installing PF on a raspberry pi and you swiftly answered that question. Great video.

chuck, you are one of the very few youtubers in networking that doesnt make me feel like an idiot

Appreciate you doing a supplementary video on VLAN's - particularly with a focus on segregating IOT devices.
Thanks :)

I literally just bought one of these last month and am running PFSense on it!
I migrated from using on old beat-up dell optiplex to this, and transition was SUPER EASY

The picture of the TP-Link TL-SG105E that he said is managed literally says "unmanaged" on it. :)

It's a truth universally accepted that IT is impossible without coffee. I have given up alcohol, dairy and gluten, but coffee... that would be like living without the sun.

Hey Chuck, minimizing the single use USB and use Ventoy, Im going to try to see if i can put Pfsense on it an see if i get boot. Thanks for diversifying your content!

I noticed SHA1 when you were setting up your VPN. Wasn't that deprecated a few years back? Great video, by the way!

how cool is it that you’re doing this just when I started to use pfSense at work. your content ROCKS!!

just remember: fixed IP via DHCP is still just a reservation, not a fix assignment. Better: fix it in the device out of the DHCP-Range

Dude, your enthusiasm is infectious and so fun! Thank you for your expertise, time, and attention.

0:01 i have that router :(

That exact router you had in your thumbnail is a great router for a 2 room apartment. Great coverage, even on the balcony. Switched to DDWRT, payed some 15-20$ 5 years ago. Why would I destroy it? (did subscribe to you because of the enthusiasm about networks you show)

OpenWRT is also an option as an AP for a old router as well.

I followed the instructions exactly, even took coffee breaks when instructed. Thanks for the great tutorial.

Hey Chuck - just found your videos and they're great! 1 thing tho - I don't think you need the block rule if the PIA gateway goes down. In my experience, the rule you set to push traffic out the gateway will still kick in try to push out and get stuck... (so no traffic gets to internet).

Chuck, I love the enthusiasm, you are great teacher. The only concern I have is about the recent reviews for the recommended devices. A large number of users complaining about overheating and not lasting long. What has been you experience since the launch of this video? I've never been this inspired with network. Thanks for your videos.

Mikrotik it's the fairest firewall does everything a pfsense does and more, an RB750gr3 costs $60, with $200 you buy an RB4011iGS+RM (10xGigabit port router with a Quad-core 1.4Ghz CPU, 1GB RAM, SFP+)

If you’re worried about your WAN IP getting out, you need to be a little tighter on your editing. There are still sections where its clearly visible when the dashboards start sliding around

Something to keep in mind. PfSense is not trivial for some smart home scenarios. I had a lot of issues with things like Philips Hue bridges, Home Assistant, etc.. I think this is great if you're accustomed to configuring a Linux firewall and/or have some more advanced network config experience. I don't think this is great for someone who is trying to replace their Netgear all-in-one router/modem/wifi with a couple of port forwards.

Sometimes I really wish I could like your videos more than 1 time. You have a very cool way of explaining Networking concepts/Tech and also simplifying everything. Thank you Network Chuck for all you do for the community

The coffee probably has something to do with the fast pace. 😂

I LOVE IT. I learned tons of things. And now, im gonna research and learn more. Thanks for this great content 😊

Great video. One thing I would love to see (maybe a tip for next video) is how to set it up in a way so you don't bridge the ISP router, so it works as your 1st fw and pfsense is your 2nd fw. Hopefully and theoretically increasing the overall security by introducing different layers.
Also bit on zoning (family devices in one zone, NAS in another, your rPi web server in another, etc.) in case the sh** hits the fan, would be lovely.

I can imagine there are few more literal "something secure" passwords now.

I recently purchased the Protectli Vault (8gb ram, 120mSATA) and I was a bit lost in the understanding pfsense. You made it not only easier to understand but did it with great humor!

"I love when things make noises" - network chuck

I wonder why you never talked about Mikrotik Routerboard routers. They are amazing.

I'd love to see the next version up from this video. The one that caters to home users that have moved to gigabit or better Internet connection using a 2.5GB port on a cable modem. Also home WiFi is version 6 or better and you need gig+ to each mesh node using a wired backhaul. I am not finding much for pfSense at gig+ speeds because the CPU overhead grows for the firewall. Also, getting backhaul connections at 2.5 is hard because of switch selection. You almost have to go to all 10gig connections which is nuts for a home.

We are live. Just did a huge network switch. Hitting 1.4 gbps now thanks to this video. 2.5gbe ports on the appliance. A lot more to learn now. Very exciting. thanks so much!!!!

Love your videos but the continues "Coffee Break" inserts are annoying.
Everything else, you're brilliant!

This is going to be part of my first feat now that we own a forever home; I want to get this running & figure out Virtualization on TrueNas Scale.
Haven't tried myself with a major project since leaving IT in 2k6ish. There's a ton of change, I'm in dire need of major Crash Courses.
Keep up the Great Work

Chuck, or anyone really, what are the pros/cons of going with Protectli vs a Netgate?

knockturn alley was a shopping area off Diagon Alley in London. It was filled with numerous shops devoted to the Dark Arts. Tom Riddle worked at one of those shops; Borgin and Burkes.

Outstanding video. You teaching style is always on point. Would love to see how you integrate your Ubiquiti/Unifi hardware into the mix. Thinking of moving from the UDM-Pro to a Protectli (already have a FW6E) based PFS setup but not quite sure of the best method for getting it to play nice with my current Unifi setup. Thanks again for your great videos!

Great video 👍 but as a cybersecurity consultant, there's a couple of things I think were really misleading. First of all, changing the network IP address is completely irrelevant. That is what is called security by obscurity and it's crap because it could make you think your network is secured when it does not change anything : 1. knowing the ip address of the network is not a vulnerability in itself. 2. Even though it can be an information offered to an attacker, they would get the layout of our network with a simple scan in a couple of seconds. 3. To launch any attack on this private IP address, the attacker would have to be on the network, in which case, the attacker knowing the address of your router is the least of your problems.
Second, and I think this is a very dangerous part in the video, routing your networking through a VPN provider is the OPPOSITE of security. You have to understand that routing your networking means making your requests go through some company's servers, which is never a "more secured" thing. Furthermore, with VPNs you don't always know in how many servers your requests are going to pass and in which countries along the way. For example, as a European, I definitely prefer sticking with my ISP's servers located only in my country and not let my requests go to *some obscure company I know from TH-cam adds*' servers in United States. I really think that it is a disastrous thing to tell IT beginners it's a good and secure thing to do. That would only be relevant for people living in restrictive countries with censorship and spying on Internet.

Your tutorials are amazing you explain every aspect of it, your a great teacher, thank you very much I learned a lot and still learning!

Ordered a full on ACER Aspire TC - Desktop Intel Core i5-12400 2.50GHz 12GB RAM 512GB SSD W11H that I now have to open up and install NIC CISCO INTEL i350 UCSC-PCIE-IRJ45 4x ports RJ45 Low Profle to and a Wireless Access point in order to fully join this pfSense community. Thanks NetworkChuck, you've taught me a lot.

Chuck, You are a great teacher. And the love you put into this is amazing. Its effen funnn man.
Keep it up.
and now, coffe brake! Siiiiiip
lol

Another upload from our amazing Chuck! Will watch it when I am back home!

Thanks for this. Other recommendations (including other comments) are for OPNsense as a fork of pfSense.
I'm behind an IPv4 CGNAT, but with a /64 IPv6 static allocation. I'd love to see something from you about IPv6 and DHCP/Static/DDNS.

I really agree on the need for coffee in the IT-environment... :-)
But you should mention to put the USB to boot on the lower USB when using for example the FW4B, as (vendor) protectli also recommends. That will save users some headache, luckily I read before trying, but have seen similar issues for other hardware as well. Despite of that, great tutorial.

I'm basing this point based on the title post relating to your "home router SUCKS".
What I think is an important factor that is not talked about in the video is who is the customer for this setup and what problem are you trying to solve. The potential overhead from having multiple single points of failure, a blend of different technologies, some consumer, some prosumer gear introduces its own challenged. I am happy to stand corrected but outside a niche sandbox environment for a network engineer to try. Would anyone really have this as a home setup or recommendation for anyone other then someone that wants a network to tinker and try things/features.
Separately what is also not mentioned (as a comparison and for consideration) is that there are a lot of all in solutions from consumer, prosumer and up that provide a lot of similar functionality, without the bits and the operational support , complexity and potential cost that would come with the business type solution being proposed for the home environment.

Love your videos Chuck. Thanks for helping so many people get into IT.

WOW! Thank you so much for this video! I wanted to securely route IoT devices separately from my LAN (and growing computer lab lol), and also have access to VPN, and you showed me how to do it all with 1 appliance! I am a network student right now and all of this has given me so much experience! Cannot thank you enough, brother! The vid is 45 mins, my start to finish setup time with an out of the box Protectli was about 4 hours with troubleshooting and just plain ignorance lol.

Just learned this in school. Great recap here; thanks!

What about Mikrotik? I've been working more and more with Mikrotik and its super cool and fun and rewarding to figure out and setup

I used to use refurb dell optiplex's with extra NICs to connect branch offices together. I would have loved to see some kind of comparison between PC vs hardware like you used.

Update: Never mind, I bought everything he suggested (protectli, tplink switch), and followed this guide to a T. Amazing job. pfSense is still strong. Use it. I even followed the OpenVPN settings with a different VPN provider, but it works great. I wish I could give three thumbs up. I did just buy some coffee and a shirt.
Hello Chuck, great video! Just found your channel. Was going to try this pfsense router firewall in this video, but I’m now seeing that there may some drama surrounding it. Being a relative newbie, could you give me (or us, collectively) an update if this still a good idea? Thanks.

Time for a Update

This is a super awesome walkthrough of pfSense! I have been running my own pf box for years now and really enjoyed the experience, but recently switched to OPNSense while doing a hardware upgrade. Any reason you chose pfSense over OPNSense? I am really loving the monitoring on OPNSense through the Sensei package and dashboards. Curious on your thoughts or comparison between the two!

Chuck thanks for the good info here, much appreciated. I started with an old PC cobbled together, but for power draw 24/7 that's one reason to definitely move it over to a dedicated mini PC. Just got that done this evening!
One thing to mention perhaps is how pfSense and specifically the underlying FreeBSD doesn't play too well with Realtek NICs out of the box. Maybe a follow up to detail how that's done. Did a bit of research on this new (to me) Zotac that has the Realtek's .. glad I did, otherwise it could potentially be a big pain later when pfSense goes out to lunch due to the original driver.

Just a note when you want a IP address always assigned and use the STATIC setting it doesn't work like other firewalls. You have to select an IP address OUTSIDE the DHCP range but inside the network range.

Very professional, just a suggestion, when you evoke the technical parts, may you go slower to improve understanding for apprentice like me, thank you very much.