Hardware Recommendations for Noob
-
So.. i am currently packet saturating my DLINK DIR-825n (flashed to DD-WRT). I assume between, the torrents seeding.. playing swtor, and my gf working from home along with VOIP for her work my dlink takes a poo and reboots its-self randomly.
This gave me a great excuse to the gf to get some new-to-me hardware and load pfsense on it and start learning.. I have a couple questions though..
My current setup is like so..
Motorola SBV 5220 Cable Modem -> DIR-825n (w/ dd-wrt) -> TP-LINK TL-SG3210 Managed Switch -> various PCs (one of which is a nas).
#1 will this NeoWare CA22 i picked up, be sufficient for pfsense? It comes with a 10/100/1000 dual port intel card on it.. http://www.ebay.com/itm/130968356648?ssPageName=STRK:MEBOFFX:IT&_trksid=p3984.m1427.l2649
#2 i have a dual port sfp pci-e card and two "apple copper fibre 4gbps" cables.. should i use these instead of the dual intel nic?
#3 any other suggestions?
Link to the TP-LINK Switch specs.. http://www.amazon.com/gp/product/B006B7R3YC/
-
For a start and learning pfSense the thin client should be fine. 512MB RAM is ok but 1GB should be better. Plus sooner or later you will start experimenting and installing other resource hungry packages that would need more CPU and RAM. If you are looking for a straight firewall with no bells or whistles then the thin client should suffice.
My rule of thumb for pfSense these days is .. if you can spare a few more $$ then just go for a simple mini-itx i3 system with 2/4GB RAM in a small mini-itx enclosure. It's more bang for the buck plus in the end if your think its too powerful for your needs then you can always change it to a small desktop system.
-
Yeah my freenas is running on a mini-itx setup with 16gb of mem..
I have some DDR2 laying around that i can always drop in this thinclient.. I dont need anything major other than some sort of VPN access, and adequate QoS.
in regards to OpenVPN vs pptp.. its just going to be 2-3 devices connecting via VPN at once.. is OpenVPN worth the hassle to config? I never did it on DD-WRT because it was a pretty labored process.
-
OpenVPN is pretty easy in pfSense. Whatever you do make sure you choose an encryption type that is supported by Via Padlock on that CPU, you'll see a significant increase in throughput (or decrease in CPU use).
Steve
-
Forgot to ask.. what kind of WAN speed do you have? I don't think that CPU can stretch more than 50Mbps WAN throughput
-
I don't know about that. I think it depends on what you are doing, how much filtering, how fast you want your VPN to be etc.
With no SNORT or anything that is CPU intensive, he should be able to max out most any ISP in the USA except the rare and rumoured google gigabit networks. Even my tiny E1000 and E2000 with only a 300MHZ processor could hit near 100Mbps.
VPN will do at minimum 5Mbps, no problem and probably upwards of 15Mbps on that CPU.
If you look down the list you can even see a e1000 listed here. These Numbers are no doubt not sustained for long periods and are simple routing with NAT firewall. Nothing fancy.
http://www.smallnetbuilder.com/lanwan/router-charts/
Yours will probably be fine for a home.
-
You can't really directly compare soho routers with x86 hardware like that. Most of them are based on SoCs that have been designed especially to be good at routing. Look at some of the top end models that are pushing close to Gigabit speeds from a 700Mhz CPU. No way you could do that with standard x86 hardware.
I'd be surprised if the 1GHz Via couldn't do well in excess of 100Mbps. The Alix board gets 85Mbps from a 500MHz CPU. There's a fairly detailed thread about those thin clients that has real numbers.
Steve
