Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    50/50 + VPN now planning for 100/100 & more

    Scheduled Pinned Locked Moved Hardware
    35 Posts 8 Posters 5.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      we currently have a 50/50 Mbps WAN in the house. We plan to use it as a VPN for 1-2 simultaneous connection from the outside into the house, and we plan to upgrade to 100/100 Mbps in the near future.

      • APU2C4 will do that job with ease for you
      • Jetway NF9HG-2930 too!
      • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

      I tried my luck with a HP T5730w Thin Client but unfortunately it doesn't even boot (not related to pfSense), so I would like to buy some hardware to build a pfSense machine.
      As this is for a house low-power should be on a high priority.

      Could be also only a BIOS problem, is the latest BIOS installed?

      I do leave in Europe so parts/shipping might be a problem.

      Shop-Varia sells world wide!
      Shop-Voleatech sells European wide!

      Any recommendation/advise?

      This might be pending on some more things then only the WAN speed or Internet connection speed!

      • Squid & Squid Guard & SARG?
      • pfBlockerNG / tinyDNS?
      • Clam AV Scanning?
      • Snort or Suricata IDS?
      • http-proxy for caching proposes or not?

      Will it also handle the 1Gbps in the internal network?

      Perhaps also this is based on more then only one thing!

      • VLANs or not
      • big or large files or not?
        why sending 3 GBs through the firewall device and not from the PC to the NAS through a smaller
        Layer3 Switch such the Cisco SG300-10(24) or the D-Link DGS1510-20 is!?
      • What is all installed an watching or acting to wich side?
        Clam AV, proxy, IDS,….

      So in normal it would be no problem but it could be pending on some other different configured thinks.

      1 Reply Last reply Reply Quote 0
      • M
        mtk
        last edited by

        @BlueKobold:

        we currently have a 50/50 Mbps WAN in the house. We plan to use it as a VPN for 1-2 simultaneous connection from the outside into the house, and we plan to upgrade to 100/100 Mbps in the near future.

        • APU2C4 will do that job with ease for you
        • Jetway NF9HG-2930 too!
        • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

        I tried my luck with a HP T5730w Thin Client but unfortunately it doesn't even boot (not related to pfSense), so I would like to buy some hardware to build a pfSense machine.
        As this is for a house low-power should be on a high priority.

        Could be also only a BIOS problem, is the latest BIOS installed?

        I do leave in Europe so parts/shipping might be a problem.

        Shop-Varia sells world wide!
        Shop-Voleatech sells European wide!

        Any recommendation/advise?

        This might be pending on some more things then only the WAN speed or Internet connection speed!

        • Squid & Squid Guard & SARG?
        • pfBlockerNG / tinyDNS?
        • Clam AV Scanning?
        • Snort or Suricata IDS?
        • http-proxy for caching proposes or not?

        Will it also handle the 1Gbps in the internal network?

        Perhaps also this is based on more then only one thing!

        • VLANs or not
        • big or large files or not?
          why sending 3 GBs through the firewall device and not from the PC to the NAS through a smaller
          Layer3 Switch such the Cisco SG300-10(24) or the D-Link DGS1510-20 is!?
        • What is all installed an watching or acting to wich side?
          Clam AV, proxy, IDS,….

        So in normal it would be no problem but it could be pending on some other different configured thinks.

        Those are very good questions and part of the reason I got the Thin Client was to give pfSense an initial trail to what I actually would like (or need) to use.
        And yes, there will be a switch in charge of the internal traffic, but I still want to ensure that pfSense won't become a bottleneck on that level…

        1 Reply Last reply Reply Quote 0
        • H
          hda
          last edited by

          @mtk:

          …And yes, there will be a switch in charge of the internal traffic, but I still want to ensure that pfSense won't become a bottleneck on that level...

          All hosts/PCs/Servers on one LAN of pfSense-box will communicate directly, without travelling the firewall…

          1 Reply Last reply Reply Quote 0
          • M
            mtk
            last edited by

            @BlueKobold:

            • APU2C4 will do that job with ease for you
            • Jetway NF9HG-2930 too!
            • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

            Should even be worried about AES or anything else for the VPN connections?

            @BlueKobold:

            Could be also only a BIOS problem, is the latest BIOS installed?

            I wouldn't know because it doesn't POST at all :)
            (All I see is a black screen)

            1 Reply Last reply Reply Quote 0
            • M
              mtk
              last edited by

              @BlueKobold:

              This might be pending on some more things then only the WAN speed or Internet connection speed!

              Here is goes:

              • Squid & Squid Guard & SARG?

              Nice to have, not a must.
              Access limitations are not needed thought…

              • pfBlockerNG / tinyDNS?

              Yes!

              • Clam AV Scanning?

              Yes!

              • Snort or Suricata IDS?

              Nice to have.

              • http-proxy for caching proposes or not?

              Isn't it similar to Squid?

              1 Reply Last reply Reply Quote 0
              • V
                VAMike
                last edited by

                @mtk:

                @BlueKobold:

                • APU2C4 will do that job with ease for you
                • Jetway NF9HG-2930 too!
                • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

                Should even be worried about AES or anything else for the VPN connections?

                APU2C4 has AES-NI as well as PCLMULQDQ (so when openvpn supports AES-GCM it'll do well). For now, though, 100Mbps VPN is probably more than the APU2 can sustain. If you need to sustain 100Mbps VPN today you'll need more power. If you need 50Mbps today and more sometime later (post openvpn-2.4), the APU2C4 is probably ok.

                The N2930 lacks AES-NI and will probably bottleneck VPN, so will the J1900.

                1 Reply Last reply Reply Quote 0
                • M
                  mtk
                  last edited by

                  @VAMike:

                  @mtk:

                  @BlueKobold:

                  • APU2C4 will do that job with ease for you
                  • Jetway NF9HG-2930 too!
                  • AxiomTek NA342(R), NA361(R) order over the sales team in the UK by phone or email

                  Should even be worried about AES or anything else for the VPN connections?

                  APU2C4 has AES-NI as well as PCLMULQDQ (so when openvpn supports AES-GCM it'll do well). For now, though, 100Mbps VPN is probably more than the APU2 can sustain. If you need to sustain 100Mbps VPN today you'll need more power. If you need 50Mbps today and more sometime later (post openvpn-2.4), the APU2C4 is probably ok.

                  The N2930 lacks AES-NI and will probably bottleneck VPN, so will the J1900.

                  Thanks!
                  are there any cheaper alternatives as this is the first device of the house?

                  1 Reply Last reply Reply Quote 0
                  • V
                    VAMike
                    last edited by

                    @mtk:

                    are there any cheaper alternatives as this is the first device of the house?

                    the apu2 is less than $150 all in, I'm not aware of anything cheaper than that.

                    1 Reply Last reply Reply Quote 0
                    • M
                      mtk
                      last edited by

                      @VAMike:

                      @mtk:

                      are there any cheaper alternatives as this is the first device of the house?

                      the apu2 is less than $150 all in, I'm not aware of anything cheaper than that.

                      yeah, but in EU it's closer to (if not more than) €200, not even including taxes/shipping or the mSata (!)…

                      1 Reply Last reply Reply Quote 0
                      • V
                        VAMike
                        last edited by

                        @mtk:

                        @VAMike:

                        @mtk:

                        are there any cheaper alternatives as this is the first device of the house?

                        the apu2 is less than $150 all in, I'm not aware of anything cheaper than that.

                        yeah, but in EU it's closer to (if not more than) €200, not even including taxes/shipping or the mSata (!)…

                        Have you looked at various resellers? I've seen it less than that, including VAT. You kinda need to buy storage for anything, and there are small/cheap msata drives from many places.

                        1 Reply Last reply Reply Quote 0
                        • M
                          mtk
                          last edited by

                          @VAMike:

                          @mtk:

                          @VAMike:

                          @mtk:

                          are there any cheaper alternatives as this is the first device of the house?

                          the apu2 is less than $150 all in, I'm not aware of anything cheaper than that.

                          yeah, but in EU it's closer to (if not more than) €200, not even including taxes/shipping or the mSata (!)…

                          Have you looked at various resellers? I've seen it less than that, including VAT. You kinda need to buy storage for anything, and there are small/cheap msata drives from many places.

                          If you could point out one reseller, that would be great!

                          1 Reply Last reply Reply Quote 0
                          • H
                            hda
                            last edited by

                            Assemble it yourself, look Varia-store GmbH

                            1 Reply Last reply Reply Quote 0
                            • ?
                              Guest
                              last edited by

                              If you could point out one reseller, that would be great!

                              Please don´t think you might be happy without the storage and a null modem cable.
                              As a bundle you might be paying ~193 Euro and if you buy them all as single spare
                              parts you can get all things for ~169 Euro that would be better then, plus the 16 GB
                              mSATA for ~17 - 20 Euro (alternatively SD card or USB stick) and a null modem cable
                              for ~3 Euro (must have).

                              So something around 200 Euro you should count for that all in all.

                              1 Reply Last reply Reply Quote 0
                              • G
                                geocast
                                last edited by

                                Sorry for hooking in at this point, but this is similar to what I'm looking for. Same speed (100/100), with about 2 openVPN connections for Roadwarriors and 2 Site2Site connections (one for VoIP and one for AD Credentials)

                                So the Alix 2D4 would be sufficent?

                                1 Reply Last reply Reply Quote 0
                                • H
                                  hda
                                  last edited by

                                  @geocast:

                                  So the Alix 2D4 would be sufficent?

                                  No. Not an Alix. But an Apu [2].

                                  1 Reply Last reply Reply Quote 0
                                  • ?
                                    Guest
                                    last edited by

                                    So the Alix 2D4 would be sufficent?

                                    The GUI from pfSense will be more then unresponsible and also the horse power will be less then you will need it.

                                    For your needs in my eyes it would be more then enough to go with;

                                    • APU2C4 (bundle)
                                    • Jetway NF9HG-2930 (PSU, M350, mSATA, RAM)
                                    • alternatively a SG-2440 from the pfSense store
                                    1 Reply Last reply Reply Quote 0
                                    • JeGrJ
                                      JeGr LAYER 8 Moderator
                                      last edited by

                                      APU2 should be enough, please don't throw in Alix with APU, they are NOT the same device (@geocast).
                                      If someone is looking for an even smaller device (dimension-wise) and can go for a bit more money, the Lanner NCA-1010(B) is another viable alternative. Some similarities with the APU2 but another SOC (Intel based). But both sport Intel NICs. Also the Lanner has a HDMI port if someone isn't keen on having console-only like on the APU2, so he/she can plug in a monitor/TV into it if needed (and a keyboard via USB of course). Might be a nice alternative if someone wants a slim tiny device.

                                      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                                      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        BrightEyesDavid
                                        last edited by

                                        The Lanner devices look very interesting, JeGr - thanks. Do you know any good places for consumers to buy them in Germany and the UK?

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          mtk
                                          last edited by

                                          Just to confirm before I order.

                                          • APU2C4 System Board

                                          • Enclosure

                                          • Powersupply

                                          • Memory: MSATA 16GB

                                          • Null modem cable (DB9 F)

                                          Is this a good shopping list?

                                          1 Reply Last reply Reply Quote 0
                                          • JeGrJ
                                            JeGr LAYER 8 Moderator
                                            last edited by

                                            For a single system, that looks complete, yes :)

                                            Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                                            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.