VSDL2 / OpenVPN Hardware Requirements
-
I’m yet another looking for hardware advice for this my first pfSense build.
Over the past few weeks I have perused the hardware forum, in the hopes that I could establish exactly what I need without bothering anyone. Despite all the superbly informative posts I still find myself unsure as to what to buy, most threads seek hardware specs for provider throughput speeds that I can only dream of. That said I am not nearly as clueless as before, but I do still need a helping hand.
I sport a humble VDSL2 FTTC Sky Pro Broadband service, which on a good day achieves very close to the advertised throughput (76/19).
Requirements:
-
OpenVPN (both Server & Client)
-
Snort
-
Small form factor (fanless?) chassis
-
Multiple interfaces (4+) – Although I’m happy to fall back onto VLANs and a suitable switch.
In terms of what I know:
OpenVPN is single threaded, hence CPU’s with a high base frequency are preferred, it also benefits greatly from CPUs with a modern implementation of AES-NI.
I understand that Sort is arguably more resource hungry that OpenVPN, but just how much depends on how it is used. To be honest I’m not 100% sure how far I’ll go with Snort, so let’s just presume worst case (WAN & LAN). Actually, that creates another question, will I have any issues LAN-side if using VLANs instead of physical interfaces for network segregation?
Whatever the hardware solution, I would like the ability to fully utilise my available bandwidth with OpenVPN. I had considered the Qotom-Q355G4 (Core i5 5250U), but I’m not sure if that CPU is up to the task, and in fairness it might be worth building in some additional headroom.
I have a budget not exceeding £400, although I would happily spend less if that were feasible. My question then is what should I buy? I'm happy to build my own or go with something off the shelf.
-
-
Hi.
Your Requirements was roughly the same as mine. and your speed is pretty much dead on.
I Self built my own Appliance, you can do this with Spare Hardware laying about. in this Instance, i purchased an AMD APU-5000 built onto an Asrock ITX Motherboard, not a single regret. its cheap as shi* to run for electrical cost's and i added 4Gigs of ram and a 40/80GB Hard drive, this can be ran from SSD/USB/CF Card/ IDE Drive, whatever you happen to have!.
USB Drives can and do wear out quicker than most, so always keep a working most up to date Config File for easy repiar if USB Drive needs to be changed.
But yes, i paired this with an 1U Server Rack and a 1U PSU.
Total cost was around £150/200 Tops!
You can Purchase self contained Units from AliExpress that would work for the most part, but the AMD APU supports AES NI.
Im on 80 Down & 20up and max out that speed at 30% CPU at best.
I Use this in Conjuction with AirVPN on AES265bit AES CBC.
-
Whatever the hardware solution, I would like the ability to fully utilise my available bandwidth with OpenVPN. I had considered the Qotom-Q355G4 (Core i5 5250U), but I’m not sure if that CPU is up to the task, and in fairness it might be worth building in some additional headroom.
That CPU should be more than up to the task. ~75Mbps of OpenVPN doesn't take a lot. For reference and perhaps comparison to other hardware, I reached about 70 Mbps with a 1.4GHz dual core AMD Kabini CPU. That was about the max I got for a single thread (tunnel) which should give you some comparison especially if you're considering hardware like the AMD APU-5000 recommended already, which is about 100MHz faster than what I had, and has double the cores. The i5 5250U should be much faster. It's simply faster than the AMD Kabini in IPC (instructions per clock) meaning that even at the same clock speed it will perform better.
-
Thanks for your input guys. I wonder, do either of you run snort or suricata?
I Self built my own Appliance, you can do this with Spare Hardware laying about. in this Instance, i purchased an AMD APU-5000 built onto an Asrock ITX Motherboard, not a single regret.
Must confess I do like the idea of putting together my own system, its been well over 10 years since my last physical build.
That CPU should be more than up to the task. ~75Mbps of OpenVPN doesn't take a lot. For reference and perhaps comparison to other hardware, I reached about 70 Mbps with a 1.4GHz dual core AMD Kabini CPU. That was about the max I got for a single thread (tunnel) which should give you some comparison especially if you're considering hardware like the AMD APU-5000 recommended already, which is about 100MHz faster than what I had, and has double the cores. The i5 5250U should be much faster. It's simply faster than the AMD Kabini in IPC (instructions per clock) meaning that even at the same clock speed it will perform better.
Good to know. I turned away from AMD back in the old A5/Athlon days, Intel have (for me at least) proven to be far more stable and therefore less frustrating.