Connection throughput
-
Mainly we would like to have more control of the network with the use of these packages:
Squid + SquidGuard - Mainly to filter the network (i.e. blacklist some websites, possibly block ads, and traffic shaping. It's not necessary with caching).
Snort - for security.
ntop - NetFLow/sFlow: do they run when you've installed ntop?
OpenVPN - Encrypt all network traffic.- some firewall rules and a captive portal will be used.
I'm thinking I maybe will not want to use Squid + SquidGuard.
The network will be used for usual browsing, and downloading (i.e. torrent, Usenet).
Does that help, Steve?
-
OpenVPN - Encrypt all network traffic.
If you really want to encrypt all traffic then you are going to need something a lot more powerful.
The Atom will max out at ~50-60Mbps of VPN traffic and that's without anything else running. If you want to see 100Mbps of VPN with Snort and Squid you will have to step up to an I3 or similar. Again the actual numbers are hard to define.
Steve
-
Is there anywhere I could buy a ready-made pfSense machine which matches the requirements? Even http://store.pfsense.org/FW-7541/ doesn't have an i3. However it seems http://store.pfsense.org/R200/ matches what I'm looking for, though refurbished and it uses Dual Broadcom NIC. Is Dual Broadcom BCM95721 Gigabit Ethernet NICs more than stable and good, like Intel's NICs?. With the latter pfSense box, it would need a server rack it seems.
I'm lost when it comes to choosing the hardware, especially if making a pfSense box on your own.
-
The Broadcom NICs are well regarded. Only Intel NICs are preferred. As you say the Dell R200 is rack mounted and will be big and loud!
Do you need 100Mbps of VPN traffic?Steve
-
The pfSense box would need, at a minimum, around 70~80 Mbps. Do you have any suggestions other than the Dell server? With the Dell server it would need a rack, and I don't know what sort of rack would eventually fit + how noisy is it? I would like, if possible, to keep the costs at a minimum while still being able to deliver the requirements for such a system. It would seem the pfSense store is overpricing the server if compared to eBay prices.
Sorry for being such a newbie!
-
For a lot of people, for home sue at least, the choice of hardware comes down to what you have at hand. Try something convenient, if it's doesn't meet then requirements then upgrade.
If you need 70-80Mbps of VPN traffic then you're going to need something more powerful than an Atom. There are several builds people have detailed using a miniITX board with a low end Sandy/Ivy bridge CPU. That will easily meet your requirements whilst not necessarily being much more expensive than an Atom either to but or run.
The Intel DQ77KB with a Celeron 1610 is a good and tested combination but that board is becoming very hard to get hold of, and isn't the cheapest. Have a look through the forum, avoid the latest Haswell chips and boards that may not be supported.
Steve
-
It isn't cheap to test and try, but I'll try to make an informed decision. If the desired product isnt good enough, it'll take time before another product can be bought. I've asked in the Hardware part of the forum, maybe they can help: https://forum.pfsense.org/index.php/topic,71875.0.html
-
Would a Realtek RTL8111E fit the requirements? It's not an Intel NIC, however, as long as it can keep up with the requirements, it seems OK.
-
It will easily pass the 100Mbps you originally stated. I wouldn't expect to see any sort of restriction until you try to pass, say, >800Mbps. The real issue with Realtek NICs is that they aren't as reliable as others. There are many people (most people) using them who never see any issues.
A lot of the bad reputation that Realtek have is due to the old 10/100 NICs, which were really bad, but their Gigabit NICs are much better.Steve
-
It will easily pass the 100Mbps you originally stated. I wouldn't expect to see any sort of restriction until you try to pass, say, >800Mbps.
100 Mbps down/up through OpenVPN is more than good with the realtek network card?
-
The Realtek card doesn't care what's in the traffic it's passing it just sends and receives Ethernet frames. It has no knowledge of the encrypted connection and is not affected by it.
Steve
