Box for high speed IPsec site to site tunnel (streaming, normal web traffic)
-
Looking to build my first pfSense box!
The most important requirement would be the ability to setup an IPsec site to site connection between a 200 mbit/s link and a 1 gbit/s link in a data center. I guess this means the box will need some CPU power? I also have to keep in mind that the 200 mbit/s pipe is going to be upgraded to a 500 mbit/s connection in a year or so.
Wireless will be handled by an access point. Besides that I'm not looking for anything fancy. The most important is speed over VPN. Casing a small as possible. Does not need to be rack mount.
Any recommendations for at least a board and CPU? I guess it might be a good idea to invest in an Intel CPU with AES-NI support in case I'm making the switch to OpenVPN in the future. Not planned but you'll never know.
Just to clarify, this box will be routing all of my home traffic encrypted to a data center. This means streaming (Netflix, Spotify, Plex) and normal web traffic.
-
I was not really able to find out how many boxes you really will need and what is the other end
of the IPSec VPN based on? More interesting it will be that on both ends hardware will be capable
to handle IPSec traffic smooth and liquid.At this days I really think nothing beats a Intel Xeon E3-12xxv3 really out.
Great performance, able to insert new PCIe cards if needed and powerful
enough to handle this links now and the futures ones. But this is not cheap
and not a power saving platform, as it is for your home usage.Big:
Supermicro A1SRM-2758F
Comtech AHA AHA363PCIE
INTEL-I210T1-Server-Adapter
FlexATX case with 250 Watt PSU
Small:
Supermicro A1SRi-2758F
Comtech AHA AHA363PCIE
Supermicro SC101iFrom the pfSense store:
SG-2240
SG-4860
SG-8860 -
@BlueKobold:
I was not really able to find out how many boxes you really will need and what is the other end
of the IPSec VPN based on? More interesting it will be that on both ends hardware will be capable
to handle IPSec traffic smooth and liquid.At this days I really think nothing beats a Intel Xeon E3-12xxv3 really out.
Great performance, able to insert new PCIe cards if needed and powerful
enough to handle this links now and the futures ones. But this is not cheap
and not a power saving platform, as it is for your home usage.Big:
Supermicro A1SRM-2758F
Comtech AHA AHA363PCIE
INTEL-I210T1-Server-Adapter
FlexATX case with 250 Watt PSU
Small:
Supermicro A1SRi-2758F
Comtech AHA AHA363PCIE
Supermicro SC101iFrom the pfSense store:
SG-2240
SG-4860
SG-8860The data center box is a powerful Linux server. The other end will be my box at home. My LAN has about 25 clients. Most of them wireless except for a couple of servers. For wireless networking, I will keep my current Netgear R7000 router.
That SG-4860 pfSense box does look interesting I must say. I checked the https://www.pfsense.org/hardware/#requirements page and it states I'll be needing "Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters." for 501+ Mbps. The SG-4860 seems to match those requirements.
Do you think the Supermicro A1SRi-2758F will suffice?
-
Do you think the Supermicro A1SRi-2758F will suffice?
Both Supermicro boards are coming with 8 CPU cores and 2,4 GHz + support 64 GB of ECC RAM
and they offers a PCIe slot. The PCIe slot is able to hold either a Intel i210-t1 server grade adapter
and/or a Comtech AHA AHA363PCIE compression card and this card would be really interesting if
you have on the other side a chance to insert a second one!!! VPN accelerators are rarely to get
hands on and often to high pricing, this card is available "used" at eBay for ~$30 - $50 so it
would be a real cheap and suffer solution.The data center box is a powerful Linux server. The other end will be my box at home.
OK are able to insert in this Linux Server a card such as the Comtech AHA AHA363PCIe?
That SG-4860 pfSense box does look interesting I must say.
4 Cores and 8 GB RAM but no extra PCIe slots.
I checked the https://www.pfsense.org/hardware/#requirements page and it states I'll be needing "Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters." for 501+ Mbps.
So what I was telling first: "Nothing is beating a Intel Xeon E3-12xxv3 at this time!"
The SG-4860 seems to match those requirements.
I really thing more the SG-8860 will do so, all the appliances from the entire SG-xxxx series are
coming with AES-NI and Intel QuickAssist, but at this time there are not really many effects coming
from this tech. specs. as I see it right. -
I think I'm going for a Dell T20 with an Intel Xeon E3-1225 v3, 4GB RAM and a separate Intel network interface (dual port) card. That should be enough to process a 200 mbit/s (in the future 500 mbit/s) site to site IPsec tunnel right?
-
I think I'm going for a Dell T20 with an Intel Xeon E3-1225 v3, 4GB RAM and a separate Intel network interface (dual port) card.
I really don´t know if the Dell T20 will be able to hold pfSense, I mean that you are able to
install pfSense on this, I would perhaps before getting more informations on this try out.That should be enough to process a 200 mbit/s (in the future 500 mbit/s) site to site IPsec tunnel right?
Yes I think so really enough.
-
Yes, the Dell T20 seem to have full support on FreeBSD. I also decided on the NIC; Intel I350-T2.
Now I'm only wondering if 4GB RAM is enough but that must be I guess…?
-
Now I'm only wondering if 4GB RAM is enough but that must be I guess…?
This must be find out from each user it selfs, but this is even also based on the usage of pfSense
with Squid + SquidGuard + Snort + AV Scan,….....I really think 4 GB for normal usage will be enormous and 8 GB for the named above services
will be really enough, but this attends also even on the connections, users, and throughput that
is needed and/or in the entire LAN. -
Just FYI, I've received the server and been playing around with pfSense. Liking it so far!
Next up: IPsec to my data center box ::)
-
Perhaps the comtech would work with Linux, but it won't work with pfsense afaik