Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    50/50 + VPN now planning for 100/100 & more

    Scheduled Pinned Locked Moved Hardware
    35 Posts 8 Posters 5.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hda
      last edited by

      @mtk:

      Will it also handle the 1Gbps in the internal network?

      Not unlikely, but a pfSense-APU2 is not a switch !
      You could put a switch on LAN and a switch on OPT1, for having 2 firewalled segmented groups.

      1 Reply Last reply Reply Quote 0
      • M
        mtk
        last edited by

        @hda:

        @mtk:

        Will it also handle the 1Gbps in the internal network?

        Not unlikely, but a pfSense-APU2 is not a switch !
        You could put a switch on LAN and a switch on OPT1, for having 2 firewalled segmented groups.

        1 switch (which I have) for the internal network will do - thanks!

        How about a build like this: https://mathew.id.au/2014/09/build-awesome-apu-based-pfsense-router/
        but with the APU2C4, would that do the trick?

        1 Reply Last reply Reply Quote 0
        • H
          hda
          last edited by

          @mtk:

          APU2C4, would that do the trick?

          Sure.

          1 Reply Last reply Reply Quote 0
          • M
            mtk
            last edited by

            @hda:

            @mtk:

            APU2C4, would that do the trick?

            Sure.

            Will the APU2C4 also handle the occasional 1-2 OpenVPN connections?

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              we currently have a 50/50 Mbps WAN in the house. We plan to use it as a VPN for 1-2 simultaneous connection from the outside into the house, and we plan to upgrade to 100/100 Mbps in the near future.

              • APU2C4 will do that job with ease for you
              • Jetway NF9HG-2930 too!
              • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

              I tried my luck with a HP T5730w Thin Client but unfortunately it doesn't even boot (not related to pfSense), so I would like to buy some hardware to build a pfSense machine.
              As this is for a house low-power should be on a high priority.

              Could be also only a BIOS problem, is the latest BIOS installed?

              I do leave in Europe so parts/shipping might be a problem.

              Shop-Varia sells world wide!
              Shop-Voleatech sells European wide!

              Any recommendation/advise?

              This might be pending on some more things then only the WAN speed or Internet connection speed!

              • Squid & Squid Guard & SARG?
              • pfBlockerNG / tinyDNS?
              • Clam AV Scanning?
              • Snort or Suricata IDS?
              • http-proxy for caching proposes or not?

              Will it also handle the 1Gbps in the internal network?

              Perhaps also this is based on more then only one thing!

              • VLANs or not
              • big or large files or not?
                why sending 3 GBs through the firewall device and not from the PC to the NAS through a smaller
                Layer3 Switch such the Cisco SG300-10(24) or the D-Link DGS1510-20 is!?
              • What is all installed an watching or acting to wich side?
                Clam AV, proxy, IDS,….

              So in normal it would be no problem but it could be pending on some other different configured thinks.

              1 Reply Last reply Reply Quote 0
              • M
                mtk
                last edited by

                @BlueKobold:

                we currently have a 50/50 Mbps WAN in the house. We plan to use it as a VPN for 1-2 simultaneous connection from the outside into the house, and we plan to upgrade to 100/100 Mbps in the near future.

                • APU2C4 will do that job with ease for you
                • Jetway NF9HG-2930 too!
                • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

                I tried my luck with a HP T5730w Thin Client but unfortunately it doesn't even boot (not related to pfSense), so I would like to buy some hardware to build a pfSense machine.
                As this is for a house low-power should be on a high priority.

                Could be also only a BIOS problem, is the latest BIOS installed?

                I do leave in Europe so parts/shipping might be a problem.

                Shop-Varia sells world wide!
                Shop-Voleatech sells European wide!

                Any recommendation/advise?

                This might be pending on some more things then only the WAN speed or Internet connection speed!

                • Squid & Squid Guard & SARG?
                • pfBlockerNG / tinyDNS?
                • Clam AV Scanning?
                • Snort or Suricata IDS?
                • http-proxy for caching proposes or not?

                Will it also handle the 1Gbps in the internal network?

                Perhaps also this is based on more then only one thing!

                • VLANs or not
                • big or large files or not?
                  why sending 3 GBs through the firewall device and not from the PC to the NAS through a smaller
                  Layer3 Switch such the Cisco SG300-10(24) or the D-Link DGS1510-20 is!?
                • What is all installed an watching or acting to wich side?
                  Clam AV, proxy, IDS,….

                So in normal it would be no problem but it could be pending on some other different configured thinks.

                Those are very good questions and part of the reason I got the Thin Client was to give pfSense an initial trail to what I actually would like (or need) to use.
                And yes, there will be a switch in charge of the internal traffic, but I still want to ensure that pfSense won't become a bottleneck on that level…

                1 Reply Last reply Reply Quote 0
                • H
                  hda
                  last edited by

                  @mtk:

                  …And yes, there will be a switch in charge of the internal traffic, but I still want to ensure that pfSense won't become a bottleneck on that level...

                  All hosts/PCs/Servers on one LAN of pfSense-box will communicate directly, without travelling the firewall…

                  1 Reply Last reply Reply Quote 0
                  • M
                    mtk
                    last edited by

                    @BlueKobold:

                    • APU2C4 will do that job with ease for you
                    • Jetway NF9HG-2930 too!
                    • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

                    Should even be worried about AES or anything else for the VPN connections?

                    @BlueKobold:

                    Could be also only a BIOS problem, is the latest BIOS installed?

                    I wouldn't know because it doesn't POST at all :)
                    (All I see is a black screen)

                    1 Reply Last reply Reply Quote 0
                    • M
                      mtk
                      last edited by

                      @BlueKobold:

                      This might be pending on some more things then only the WAN speed or Internet connection speed!

                      Here is goes:

                      • Squid & Squid Guard & SARG?

                      Nice to have, not a must.
                      Access limitations are not needed thought…

                      • pfBlockerNG / tinyDNS?

                      Yes!

                      • Clam AV Scanning?

                      Yes!

                      • Snort or Suricata IDS?

                      Nice to have.

                      • http-proxy for caching proposes or not?

                      Isn't it similar to Squid?

                      1 Reply Last reply Reply Quote 0
                      • V
                        VAMike
                        last edited by

                        @mtk:

                        @BlueKobold:

                        • APU2C4 will do that job with ease for you
                        • Jetway NF9HG-2930 too!
                        • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

                        Should even be worried about AES or anything else for the VPN connections?

                        APU2C4 has AES-NI as well as PCLMULQDQ (so when openvpn supports AES-GCM it'll do well). For now, though, 100Mbps VPN is probably more than the APU2 can sustain. If you need to sustain 100Mbps VPN today you'll need more power. If you need 50Mbps today and more sometime later (post openvpn-2.4), the APU2C4 is probably ok.

                        The N2930 lacks AES-NI and will probably bottleneck VPN, so will the J1900.

                        1 Reply Last reply Reply Quote 0
                        • M
                          mtk
                          last edited by

                          @VAMike:

                          @mtk:

                          @BlueKobold:

                          • APU2C4 will do that job with ease for you
                          • Jetway NF9HG-2930 too!
                          • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

                          Should even be worried about AES or anything else for the VPN connections?

                          APU2C4 has AES-NI as well as PCLMULQDQ (so when openvpn supports AES-GCM it'll do well). For now, though, 100Mbps VPN is probably more than the APU2 can sustain. If you need to sustain 100Mbps VPN today you'll need more power. If you need 50Mbps today and more sometime later (post openvpn-2.4), the APU2C4 is probably ok.

                          The N2930 lacks AES-NI and will probably bottleneck VPN, so will the J1900.

                          Thanks!
                          are there any cheaper alternatives as this is the first device of the house?

                          1 Reply Last reply Reply Quote 0
                          • V
                            VAMike
                            last edited by

                            @mtk:

                            are there any cheaper alternatives as this is the first device of the house?

                            the apu2 is less than $150 all in, I'm not aware of anything cheaper than that.

                            1 Reply Last reply Reply Quote 0
                            • M
                              mtk
                              last edited by

                              @VAMike:

                              @mtk:

                              are there any cheaper alternatives as this is the first device of the house?

                              the apu2 is less than $150 all in, I'm not aware of anything cheaper than that.

                              yeah, but in EU it's closer to (if not more than) €200, not even including taxes/shipping or the mSata (!)…

                              1 Reply Last reply Reply Quote 0
                              • V
                                VAMike
                                last edited by

                                @mtk:

                                @VAMike:

                                @mtk:

                                are there any cheaper alternatives as this is the first device of the house?

                                the apu2 is less than $150 all in, I'm not aware of anything cheaper than that.

                                yeah, but in EU it's closer to (if not more than) €200, not even including taxes/shipping or the mSata (!)…

                                Have you looked at various resellers? I've seen it less than that, including VAT. You kinda need to buy storage for anything, and there are small/cheap msata drives from many places.

                                1 Reply Last reply Reply Quote 0
                                • M
                                  mtk
                                  last edited by

                                  @VAMike:

                                  @mtk:

                                  @VAMike:

                                  @mtk:

                                  are there any cheaper alternatives as this is the first device of the house?

                                  the apu2 is less than $150 all in, I'm not aware of anything cheaper than that.

                                  yeah, but in EU it's closer to (if not more than) €200, not even including taxes/shipping or the mSata (!)…

                                  Have you looked at various resellers? I've seen it less than that, including VAT. You kinda need to buy storage for anything, and there are small/cheap msata drives from many places.

                                  If you could point out one reseller, that would be great!

                                  1 Reply Last reply Reply Quote 0
                                  • H
                                    hda
                                    last edited by

                                    Assemble it yourself, look Varia-store GmbH

                                    1 Reply Last reply Reply Quote 0
                                    • ?
                                      Guest
                                      last edited by

                                      If you could point out one reseller, that would be great!

                                      Please don´t think you might be happy without the storage and a null modem cable.
                                      As a bundle you might be paying ~193 Euro and if you buy them all as single spare
                                      parts you can get all things for ~169 Euro that would be better then, plus the 16 GB
                                      mSATA for ~17 - 20 Euro (alternatively SD card or USB stick) and a null modem cable
                                      for ~3 Euro (must have).

                                      So something around 200 Euro you should count for that all in all.

                                      1 Reply Last reply Reply Quote 0
                                      • G
                                        geocast
                                        last edited by

                                        Sorry for hooking in at this point, but this is similar to what I'm looking for. Same speed (100/100), with about 2 openVPN connections for Roadwarriors and 2 Site2Site connections (one for VoIP and one for AD Credentials)

                                        So the Alix 2D4 would be sufficent?

                                        1 Reply Last reply Reply Quote 0
                                        • H
                                          hda
                                          last edited by

                                          @geocast:

                                          So the Alix 2D4 would be sufficent?

                                          No. Not an Alix. But an Apu [2].

                                          1 Reply Last reply Reply Quote 0
                                          • ?
                                            Guest
                                            last edited by

                                            So the Alix 2D4 would be sufficent?

                                            The GUI from pfSense will be more then unresponsible and also the horse power will be less then you will need it.

                                            For your needs in my eyes it would be more then enough to go with;

                                            • APU2C4 (bundle)
                                            • Jetway NF9HG-2930 (PSU, M350, mSATA, RAM)
                                            • alternatively a SG-2440 from the pfSense store
                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.