Nice Firewall box from IPC2u
-
All C3's do not support hardware crypto. Actually, most earlier generations only provided the RNG so they we not very useful. You need a C3 processor with a Nemeniah core and a stepping of 8 or highter for the ACE (the actual hardware crypto accelerator). Here's some good info about this:
http://www.logix.cz/michal/doc/article.xp/padlock-en
I thought this was a bit underpublished since I ended up, in some cases, owning older C3's with little or no hardware acceleration.
The Via C7, however, is based on the Esther core and offers an even better ACE (Accelerated Crypto Engine).
I think it's important to note that the current stable version of pfSense does not support the hardware acceleration of the PadLock engine (since it's based on FreeBSD 6.1, which doesn't really support it either). This is also the case for most 'specialized' firewall distributions, and should be kept in mind when using the PadLock engine as a sales argument =)
-
We did tests with padlock earlier but didn't get it to work. However these have been done with 6.1 so things might have changed. We should probably revisit it again.
-
Great information so far guys !
I tell you what, i will buy one of this Boxs and if somebody tells me how to do Benchmarks, i will post them.
I have some testing already with different boxes and Firewall Systems.
I got two Outbund Lines in my Office
16.000/1000 ADSL dynamic IP and 2000 SDSL static IP
I have a Pentium 3 866 with 512 MB and 20 GB HDD.
This one runs great with Squid and Snort enabled and Outgoing Loadbalance.
The SDSL is pretty much used for VPN stuff, currently i have two Tunnels open.
One of the Tunnel Endpoint will be moved to pfsense on a Dell 2600 Server (check forum) if it works.I also tested a Box with a 400 MHz Celeron ULV and a 2,5" drive in it, but this was way to slow to use all the bandwith from the ADSL Line.
Maybe i can get IPC2U to donate a box, if this box runs well i may buy 12 of them for my company so good reason for them to think about a donation.Btw Great Forum and great pice of Software.
-
you could try to use the soekris crypto card together with the minipci slot if you want HW crypto acceleration.
Cheers
Daniel S. Haischt -
Yeah i got one of the Sekris Cards (miniPCI) and this box does have a miniPCI Slot.
Does pfsense support this card ?
I have read things about it, that maybe the PCI bus can be a bottleneck.
But on a 16Mbit line it shoud be a big deal. I hope
Anway the box has been ordered and i will keep you posted how it works -
The soekris acceleraters are supported. You will see a "hifnXXXX" listed at status>system if it is detected and used.
-
Would these Soekris accelerators work with OpenVPN?
-
hoba:
I've been testing the padlock module with the latest snapshots, the good news if that the module doesn't need to be patched anymore.
By default, OpenSSL does not make use of the padlock engine in my tests. However, I believe FAST_IPSEC can easily be adjusted to take advantage of the padlock module through the setkey utility (see commented lines in vpn.inc).
I'm going to run some tests this week to try and benchmark ipsec with and without the module, I'll let you guys know.
-
Hi
I'm interessted in the IPC2U box.
Has anyone checked the throughput between two gigabit interfaces? I can't find any datasheet.
-
The soekris acceleraters are supported. You will see a "hifnXXXX" listed at status>system if it is detected and used.
Been using some older ones with IPSEC tunnels and they work great, better throughput and lower latency than without.
-
VIA C3, pfSense snapshot 27-2-2007
command:
#openssl engine padlockgave me ACE but no RNG (ie the crypto engine is recognised, but the random number generator is not there or is not used).
Have no benchmarks though…
-
@Rusty64bit:
I just found a nice box at IPC2U.de
http://www.ipc2u.de/catalog/M/MB/33520.html
Mobile Celeron 1,2
max 1 GB DDR Ram
4x 100Mbit or 4x 1 Gbit Intel
miniPCI Slot
PCI Slot
2,5 or 3,5 Disks are possible.Does anybody run this box ?
would be perfekt for my homeoffices with pfsense
Just the price :(so… was any testing done on this box? looks interesting...
-
Hi, i have bought 10 pieces but the delivery follows….
I will update the information about the box in the next future....
bye
heiko