Not really. Or at least nothing specific to OpenVPN.

You can use something that OpenSSL can use directly, like AES-NI, or something that can tie into the crypto framework, like CESA. Both those will accelerate OpenSSL and hence OpenVPN but total throughput in OpenVPN is still limited by context switching (between kernel and user modes).

Steve

Or use VLANs with whatever interface is built into the laptop.

Steve

There are a lot of variables here but….  I wouldn't expect any of those to have any issues at 150Mbps, including the SG-4860.

The only way you would get close to the limit there is with VPN, probably only with OpenVPN. Though maybe if you ran Snort and Squid and IPSec you might run out of cycles.

Steve

Yes, more info needed.

Has this happened before? Does it happen every 15 days?

What is your hardware?

What version are you running?

Are you running anything unusual, setup or packages?

Steve

Final motherboard choice is ASRock - H270M-ITX/ac Mini ITX LGA1151 Motherboard.

Is there anything I should know when setting up pfsense.

@syndax:

@stephenw10:

Yes, you can bridge the interfaces to put them in the same subnet.

It just than in most situations a switch is a better choice for that. If you have NICs to spare and CPU cycles to service them then you can do it.

Steve

I'm doing this in order to reduce clutter and merge several devices into one. Would an core i5 2500k suffice to achieve 1gbps speeds?

Maybe. Bridging in BSD is not great. Also you're not putting the NICs in the same "subnet" you're putting them in the same broadcast domain (L3 vs L2). Even if you have the CPU to push 1Gb/s on all of your ports, you will still have much higher latency (lag). Get a cheap 12 port gig switch for $20 on ebay and it will be faster and easier to setup. It will also use less power and (if you looking at an i5) make less noise.

Keep in mind bridging in pfSense means you should have an understanding of Layer 2 traffic and broadcast protocols like mDNS.

In short, get the SG-3100 and support the project or look at the qotam boxes and a small switch.

That's a really old thread. You might want to check out 2.4 with ZFS options. For example: https://forum.pfsense.org/index.php?topic=135937.0

Steve

This thread needs to go in the ghetto weirdest thread hall of fame. 8)

what are your actual requirements? the C3xxx series comes in a lot of different sizes designed for a lot of different workloads. Whether they'd be better or worse than a different solution depends on the requirements…

Keep in mind that if you simply ingest that mirror port, you won't really have to worry about NAT speed or bridging or routing etc. Only 'eating' packets fast enough.

It's installed but not enabled by default.

Go to System > Advanced > Miscellaneous.

Enable powerd and set all three power types to 'high adaptive'.

Check the dashboard to see the CPU current frequency. Depending on the CPU load that may make a significant difference.

Steve

Nice. We'll be here.

That hardware looks like it could be pretty slow by modern standards. Fun project though.  ;)

The by-pass relays could be extra fun!

Steve

Thanks for the confirmation. I'm resigned to using an mSATA or plain SATA drive until Up^2 places nicely with FreeBSD.

At least my eMMC wont get hammered with writes…  :-\

Ah!  ;)

Good to know anyway, thanks.

Steve

Yeah I agree with that. Have you seen our store?  ;D

If you really want to run on battery you might be better off with a DC supply. It's generally significantly more efficient even if you need converters.

I salute your use of blue LEDS though.  ;)

Steve

I recommend setting powerd values to high-adaptive. It should fall back to the lowest frequency anyway but won't affect responsiveness like 'minimum' can.

Steve

I think we need a diagram showing exactly how you have it setup. Otherwise any advise we give may be incorrect.

Steve

Yes that's true. I would expect >300Mbps OpenVPN throughput with that CPU though.

YMMV  ;)

Steve

we have a new hardware now, and it seems to be up for two days without issues.
I'll report backup either it crashes again.
thank you for all your support