Hey all, I am new here and just wanted to share my story.
I stumbled onto NethServer after doing a ton of research to try and find a Linux based appliance OS that could competently replace my PFSense machine currently running as my home/lab firewall. All the other more traditional firewall projects built on Linux seem to have very outdated interfaces and are generally pretty sparse in features.
The main reason for the switch is performance, my home internet connection requires the use of PPPoE to connect and FreeBSD’s implementation is single threaded which causes about a 200 megabit performance hit. I am hopeful that Linux has a better implementation that will speed up my connection without having to buy new hardware.
Hopefully some of you have had experience with running NS as a firewall appliance and can comment on performance while running over gigabit PPPoE.
I have actually installed it as a VM a few times just to get the feel for the install process and start documenting a install guide for myself, this way when I take down my current firewall there will be less internet down time.
So far I love what I have seen, the only part of configuration that will require the command line is setting a tagged VLAN on my external interface to run PPPoE over. I would have preferred to have everything in the GUI but this is fine and I realize that my config is somewhat unique.
Well that’s not too encouraging, I looked over this thread and it seemed like adding LINUX_PLUGIN=/usr/lib64/pppd/2.4.5/rp-pppoe.so to the ifcfg-ppp0 startup file was the fix for speed and further down it seems that is now default via merge from @davidep so I am hopeful that actually worked.
EDIT: I just looked it over closer and it seems he was actually suggesting a different work around to get the line into the file.
Just wanted to give an update, I just finished setting up Nethserver in place of my PFSense machine. I found that if I manually add in LINUX_PLUGIN=/usr/lib64/pppd/2.4.5/rp-pppoe.so to the ifcfg-ppp0 file I can max out my connection in both directions 900+ megabits. I need to figure out where to hack the code to get it stuck in there any time I edit the interfaces now.
Thanks! Issuing db networks setprop ppp0 linux_plugin /usr/lib64/pppd/2.4.5/rp-pppoe.so signal-event interface-update seems to have fixed the issue with it not sticking when the interfaces reload.
EDIT: I think perhaps you are right about it being a bug, as the ifcfg-ppp0 file had an entry PLUGIN=’/usr/lib64/pppd/2.4.5/rp-pppoe.so’ however the correct one that enables the rp-pppoe plugin is LINUX_PLUGIN=
I am also currently using pfsense as my firewall and VPN gateway and I am looking for another solution.
I have been playing with Opnsense but cant seem to get all of it workin.
Have not thought to use Nethserve for this. I ntrest to see how you go and if possible if you could share your instructions.
My experience with PPPoE on NS is good : it is perfectly reliable. That said, the slightly high CPU power (steady 4-5% on a core2duo and 10-15% peaks if I remember correctly) needed to run it @100Mbps makes me wonder if gigabit speed is possible.
@gpapaiko I have not tried Opnsense, my goal was to move away from FreeBSD to a Linux based firewall and Nethserver had the most features in a nice GUI. If for some reason my ISP drops PPPoE as a requirement to connect I may end up loading Opnsense but I doubt that will ever happen. I currently have Nethserver fully working as a replacement to my old PFSense firewall. I can help you if you would like, but basically I just created a Word document with step by step instructions for my specific use case with all the things I needed to do to make it work. I highly suggest setting up a lab in your favorite VM software(virtualbox) and running through the install a few times before you take down your internet connection for the install. Also if possible use a second hard drive that way if things don’t work out you can just swap the old drive back in and have functional internet again.
@pagaille Once I fixed the LINUX_PLUGIN line in the ifcfg-ppp0 my CPU usage while maxing out my connection dropped to nearly 0%, I suspect this will depend on what your CPU/NIC arrangement is in your server. This is a MASSIVE improvement from what I was seeing using PFSense and also resulted in over 200 megabit increase in download speed for my LAN clients.
@dnutan my only advice is to run that command that you showed me in that bug report. db networks setprop ppp0 linux_plugin /usr/lib64/pppd/2.4.5/rp-pppoe.so
Followed by signal-event interface-update
If you do not run this the rp-pppoe plugin will not load and pppoe will run in userspace rather than in kernel.
I think there may be a bug in how it was implemented as mine had PLUGIN=/usr/lib64/pppd/2.4.5/rp-pppoe.so however the correct line is LINUX_PLUGIN=/usr/lib64/pppd/2.4.5/rp-pppoe.so
EDIT: I have commented on the github issue that @dnutan linked so maybe it will get fixed for future users.
Hopefully someone on the dev team will see my comment on the github page and re-open/fix the implementation. I suspect that the user base that uses NS as a firewall is small and of that group I may be the only one using it on a high speed pppoe connection so its pretty low priority. At least there is a work around for now.
