Another new build - spec check please - NOW WITH PICS
-
The hardware you already have seems on par; the HP NC360T is well supported and is in my own build. 4GB of RAM is plenty; most of it will probably go unused. I think any of the boards you mentioned would be a good choice.
As a lark, I connected to my openvpn server from my own LAN using NAT reflection and ran iperf against the openvpn IP on pfsense, with the pfsense box as the server. On my Sempron 2650 (Kabini, dual 1.45GHz) I got 300+ Mbps and had a little processor room to spare. It may have been even faster had I not used a virtual machine as the client.
Ymmv, but you're on the right track.
Matt
EDIT: Apparently my test wasn't quite on track. So, I'm testing the old fashioned way. I have a machine in AWS and i set it up as an openvpn client (I know, not quite the same) and pushed large files to my home network using SCP and CIFS. Both topped out at about 30Mbps, but my connection download is 50Mbps. CPU usage by openvpn on pfsense was around 22% in both cases. If I can extrapolate (and not sure that is valid) then a single Kabini core @ 1.4GHz should be able to push around 120Mbps of OpenVPN.
-
Bluekobold - thanks, those boards look very interesting, however the clock speed of the processor only appears to be 1GHz, and based on the same AMD jaguar architecture as the A4-5000 chip, presumably meaning it will be almost exactly 2/3 of the speed too. Also, the kit i'm looking at only comes in at €110 for mobo+process, RAM, NIC, and PicoPSU.
Whosmatt - thanks for the test results! That seems to be pretty much in line with the research I've done. Thanks for the confirmation - think I will go with the A4!
I will post results and pics in the new year when I've had a chance to build!
Many thanks,
Tom. -
This one could also match really to your installation and your needs.
Intel Celeron 1037U 8 GB & 2 SFP Slots
But the price is much higher as you want to go;- ~220 € barebone
- ~80 € shipment
But this board has all onboard.
-
Bluekobold - thanks, those boards look very interesting, however the clock speed of the processor only appears to be 1GHz, and based on the same AMD jaguar architecture as the A4-5000 chip, presumably meaning it will be almost exactly 2/3 of the speed too. Also, the kit i'm looking at only comes in at €110 for mobo+process, RAM, NIC, and PicoPSU.
Whosmatt - thanks for the test results! That seems to be pretty much in line with the research I've done. Thanks for the confirmation - think I will go with the A4!
I will post results and pics in the new year when I've had a chance to build!
Many thanks,
Tom.If you're not set on fanless operation, you might try the AM1 socketed boards, which will provide higher clock speeds and the possibility of a drop-in upgrade for the CPU. Current choices go up to the Athlon 5350 which adds 500+ Mhz per core over the A4-5000 and fits in a 25W envelope. I find the small fan on the heatsink not loud at all, especially considering my hardware is located in a cabinet with a Drobo, which is the loudest thing in there.
-
The 1037U board does look great for the price, but I can't see what brand the onboard NIC's are?
Also the 1037U doesn't support AES - something which I think I could do with. There is also no onboard graphics - is this not needed for the initial install of pFsense??I had also looked at the 5350 and an ASUS AM1I-A Mobo to allow me to underclock it (for heat and power management purposes) but the lower power consumption and fanless operation of the A4 swung it for me.
I have ordered the A68N-5000 and 4GB of DDR3L RAM… I'll post on how it works out, with pics of course!
Thanks for the help!
Tom.
-
So… It Lives!!
I went with the Biostar A68N-5000 and 4GB of RAM in the end.I have successfully got a working system, that is now tunneling all of my network traffic over OpenVPN!
I'm currently using AES-128, as I'm still having a problem getting AES-256 to work - I'm currently waiting on the correct settings from the VPN provider.Having done a few Speed tests, I was getting ~108Mbps before the pFsense box was installed, and I'm now getting ~99Mbps through pFsense and OpenVPN.
I have a problem enabling the AES instructions, (but I think that's for a diffrent post) so just using raw processor power, I see 26-30% CPU utilisation when downloading at 99Mbps - I'm very impressed!Expect many other software related questions over the coming months, but for now, here's some pictures!
(Excuse some of mu slightly ghetto cable-tie fixes, but you can't see it when the lid's on ;)Sorry - Google drive's lings don't like being inserted as [IMG's] so you will have to click!
https://drive.google.com/file/d/0B189OsjA9tPSd2xUR3dFZUlwR2c/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSZWtrYktpRmJDaXc/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSUjNZZ1BUM3JiZ2c/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSMi1vSm1jSUNlRjg/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSNGRhSFVueF85MGs/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSUXJCX2N2Z3BQbWM/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSekZDbnJiajEwM2M/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSNlE0RWRkZFJpTWM/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSVV9JNGJUdXZLWjQ/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSUW1QMFAxejB3azg/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSZ0FYS2d6ZFI0UjA/view?usp=sharing
https://drive.google.com/file/d/0B189OsjA9tPSN09LbXN2VFEzdXc/view?usp=sharing -
Having done a few Speed tests, I was getting ~108Mbps before the pFsense box was installed, and I'm now getting ~99Mbps through pFsense and OpenVPN.
You could try out to set up the following;
- Enable PowerD (hi adaptive)
To get the right CPU frequency and RurboBoost really good working - high up the mbuf size
Will not run for you pending on the small amount of RAM
- Enable PowerD (hi adaptive)
-
As far as crypto hardware acceleration is concerned, I believe you need to go to System > Advanced > Miscellaneous and select AES-NI. Then, in OpenVPN, select BSD cryptodev engine.
Someone correct me if I'm wrong.
-
Having done a few Speed tests, I was getting ~108Mbps before the pFsense box was installed, and I'm now getting ~99Mbps through pFsense and OpenVPN.
I have a problem enabling the AES instructions, (but I think that's for a diffrent post) so just using raw processor power, I see 26-30% CPU utilisation when downloading at 99Mbps - I'm very impressed!Do you see that CPU usage at the web UI? What do you see if you get a console going and watch top? Just curious about what the openvpn process itself is using.
Matt
-
Frank - thanks for the advice, I have enabled PowerD on hiadapt and added mbuf as a tunable - currently set to 131072 as in the pfsense docs. Anyone know if this is in bits / bytes or kbits etc??
Matt - good that you said that! In my other thread https://forum.pfsense.org/index.php?topic=104096.0 that is exactly what i've done to get AES, so far quite ineffectually!
Yes that was cpu from the UI - it was at 0-1% until i started a download. Even netflix at 1080 hd doesnt tax the cpu beyond 3-4%.
Not sure what you mean by watching top in a console? Please elaborate.Thanks again,
Tom. -
Not sure what you mean by watching top in a console? Please elaborate.
If you have a monitor and keyboard connected to the system, you can use option 8 in the console menu to get a shell. At the shell prompt, type "top" and you'll be able to see a list of processes sorted by CPU usage. Start a transfer and you'll be able to see how much CPU the individual openvpn process is using. IIRC 100% would mean 100% of one core, not of the entire CPU.
If no monitor / keyboard, then enable SSH (System > Advanced). I think it may be called Secure Shell in the Web UI. Then use an SSH client like Putty to connect to the box using "root" as the user and the same admin password you use for the Web UI. You'll get a console menu like described above.
Matt
-
Thanks for the explanation Matt :)
Currently on my Christmas break, but I will test it out and report back in the New Year.
Tom.