Help picking out hardware for 1 gbps + VPN
-
@BlueKobold:
I really don't want to spend more than 300 for a pfsense machine,
There are many many options to do so and who is even telling you all must be done
by yours in one step!? If you start with a good basis and then hug the machines up
from time to time would not really deep kicking your bank account!Good point. I think I will either look into one of those Jetway machines, or stick with the router I have now, and build my pfsense machine over the course of a few weeks/months. The more I think about it, the more I would much rather have a pfsense machine over a router. It just seems so much better in comparison.
Thanks for all the input :)
-
When I use the Rogers Cable Hitron device …
Beware!
Cable provider in Germany "Kabeldeutschland" only offers these el-cheapo devices. It's junk.
(Regulations over here make matters worse, but that's a different story and I don't want to open Pandora's box) -
Hi,
I've been try to find a decent setup for the same scenario, reading in other threads I'm surprised that no one has mentioned aes-in. I've gotten the impression that it's more or less vital if you are going to run openvpn on a 1gb line without getting huge speed decline. If that is true none of the mentioned setups have this being Celeron.
Maybe I've misunderstood completely, hope so cause it would make it easier for me to find some hardware.. :)
-
spend a bit more and go supermicro c2758 in your build
-
Looks like the only board available in a reasonable price range that has multiple Intel Lan and processor supporting AES.
Might have to save up a couple of extra months considering the lowest price I've found in my region is around 400$… So the complete setup will be around 500$..
-
I've been try to find a decent setup for the same scenario, reading in other threads
You can surely do so, but then also please have a dedicated look or overview to the challenges
that must be reach or the needs that should be fitted right!!!!
A home set up with SPI/NAT and 50 Mbit/s and on top perhaps one IPSec VPN tunnel would be
never the same as a home setup with 1 GBit/s Internet link and Snort, Squid, SquidGuard, DPI,
many OpenVPN tunnels and must be running like hell by achieving 100 MBit/s OpenVPN throughput!I'm surprised that no one has mentioned aes-in.
This is brand new and with the years it could be a really show stopper likes QuickAssist will be
perhaps also! At this time no one really knows how many it speeds up the VPN part, but if the
developer team, the admins here in the forum and many long time forum users would be guess
this would be a really urgent point it could be sometimes in the future the point!I've gotten the impression that it's more or less vital if you are going to run openvpn on a 1gb line without getting huge speed decline. If that is true none of the mentioned setups have this being Celeron.
As explained above things often changes and this not by setting hard borders easily to see and watch out
by everyone! Mostly this borders and changing are floating over from one point or status to another.A Celeron G3260 @3,3GHz and running this speed on one core at the WAN environment would
be perhaps better, if no VPN stuff is integrated, then an 4 or 8 core Atom CPU, but in the future
I really thing for the entire rest of the system it would be good to have more then one or two CPU
cores and over a more longer or shorter time it will be the best because the WAN Interface will be
also able to use more CPU cores. So going to be future proof, with a 2,4GHz CPU with 4 or 8 Cores
and AES-NI will be at this point for sure the best you can do and if Intel QuickAssist will be also on
board it would be better.Maybe I've misunderstood completely, hope so cause it would make it easier for me to find some hardware..
This is more or less also pointed to the way of usage, running services, needed throughput,
speed of Internet connection and lat but not least to the running field (private or business).spend a bit more and go supermicro c2758 in your build
Sure at this days this would be really on of the best choices compared to the price,
electric usage and delivered power.Might have to save up a couple of extra months considering the lowest price I've found in my region is around 400$… So the complete setup will be around 500$..
Likes here in Germany where I am living, something around 700 € I have to pay for a ready to go C2758
box from Supermicro in the mini ITX format. But related to the circumstance that the power of the
C2758 SoCs is really huge and the miniPCIe options from the Alix APU boards are really good, it might be
sounding likes advertisement, but the SG-xxxx units from the pfSense Store are looking then super to me! -
Thanks for the reply!
I completely changed focus, got my hands on a fujitsu esprimo E710. Will just get another ethernet card and start rocking. The format is of course as convenient as a mini-itx, but it does fit in my server cabinet. :)
-
Hi,
Just wanted to update if someone accidently reads this thread. I ended up with changing from my espirio desktop to a small form computer built specifically for vpn by a Swedish vpn provider. They did add their custom UI on top of pfsense, started to mess things up so I reinstalled with a clean pfsense instead. Works great and has hardware support up to 600mbit.
I'm in no way affiliated with these guys, just like the product. It can be found at https://www.ovpn.se/en/box.
-
That ovpn.se hardware is great - the CPU doesn't even have AES-NI support which surely makes it an outstanding dedicated VPN device…
http://ark.intel.com/de/products/71995/Intel-Celeron-Processor-1037U-2M-Cache-1_80-GHz
And antenna-placement (right next to each other) will improve wireless diversity to the max. -
I got a Mini-PC from Qotom off eBay. Only dual LAN but they may have models with more LAN ports or it does have a miniPCIe slot, you could add more ports that way.
Great unit
-
Quad Core Celeron N3150
-
4GB Kingston RAM
-
32GB mSata SSD - SanDisk
Exact model I brought
http://www.ebay.com.au/itm/262461544164?_trksid=p2057872.m2749.l2649&ssPageName=STRK%3AMEBIDX%3AITI just got it and about to install PfSense on it. It's cheap enough I can buy a spare for when and if the hardware faults.
Worth a look.
Willo
-
-
That ovpn.se hardware is great - the CPU doesn't even have AES-NI support which surely makes it an outstanding dedicated VPN device…
http://ark.intel.com/de/products/71995/Intel-Celeron-Processor-1037U-2M-Cache-1_80-GHz
And antenna-placement (right next to each other) will improve wireless diversity to the max.Performance wise it does pretty ok. Check https://wiki.openwrt.org/doc/howto/benchmark.openssl
And regarding the antennas, you are absolutely correct. However I use a wireless AP so doesn't bother me.
