I recently replaced my home pfSense router, previously a Zotac CI323, with a Qotom Q355G4. While the Zotac was never a bad machine as a router, it wasn’t great, and as my needs began to expand, so too did my issues. I frequently experienced a complete failure of the WAN link, only solved by rebooting, and when running Suricata, a saturated WAN link meant a quick performance degradation to the point where I completely lost internet access and could not access the pfSense web interface or SSH. Hacky workarounds, cron jobs to monitor my internet connection, and preference tweaks kept me chugging along well enough, but eventually I decided to bite the bullet and replace the Zotac. Anyone doing any research will eventually come across the advice to avoid Realtek network interfaces at all costs, and had I heeded that advice, I may not have ever purchased the Zotac. However, it is now chugging along as a Hyper-V Server 2016 machine and doing just fine!
So, I researched, and read forums, and reviewed performance numbers, and checked my bank account, and finally decided on the Qotom Q355G4 to become my new pfSense platform. I purchased the barebones version from Amazon and outfitted it with 8GB of Kingston RAM and a 120GB Kingston mSATA SSD. After backing up my configuration from the CI323, I did a fresh install of pfSense 2.4 Nightly, restored my configuration, and…everything just worked. No dropped connections, Suricata didn’t lock everything up, performance was good; it was a breath of fresh air! So, now I had a router I wasn’t constantly trying to troubleshoot, what’s next? Well, I built out some more Suricata rules, I set up softflowd to export data to my PRTG server, and then I decided I wanted a VPN solution that didn’t require a client installed on all of my devices. OpenVPN works pretty well, but it’s sooo much work to open it and make sure I have the right VPN selected and have to tap the connect toggle! So I started looking into IPSEC, and that’s where the next blog post will begin!