AES-IN system for sub £100 that will support an OpenVPN 200mbps connection?
-
I’m looking to build a better system to run Pfsense on.
I’ve currently got it running on an old motherboard and a Pentium D 930 but it’s not the fastest thing when it comes to OpenVPN and a 200mbps internet connection.
I’ve been reading a bit about AES-NI support on new CPU’s and looking at some benchmarks when this is used. The results seem very impressive:
https://uk.hardware.info/reviews/6094/29/amd-vs-intel-57-processor-megatest-benchmarks-igpu-truecrypt-71-aes
VS.
https://uk.hardware.info/reviews/6094/30/amd-vs-intel-57-processor-megatest-benchmarks-igpu-truecrypt-71-aes-+-aes-niI have my eye on this:
https://www.ebuyer.com/708557
What i’m unsure about however is if there is anything else I’m missing like i don’t know, this version of the CPU doesn’t have XXX which limits its encrypting ability, pfsense doesn’t like its network card or that Celerons are crap no matter what?
I’m basically looking for a cheap and cheerful mini box (Ideally sub £100) that has low heat but high speed capable of supporting an OpenVPN connection at 200mbps. I’m a little particular in where i shop from though so ideally i’m looking to buy from places like amazon.co.uk, ebuyer.com, misco.co.uk, overclockers.co.uk, novatech.co.uk or scan.co.uk.
I was also thinking about pairing the above with one of these:
https://www.amazon.co.uk/dp/B071R3YS2H/
Would that work in terms of the single card allowing me to setup a Wan and Lan connection in pfsense as though i have 2 cards separately installed?
The other question i have is if instead of that card i installed Vmware and setup pfsense in a virtual machine does the AES-NI still work as effectively through virtualisation software or does it take a performance hit for doing so?
-
I was in the same position as you, if you don't mind buying from eBay, any Dell core i5 sandy bridge or later will easily handle what you are after. Or, go around computer fair / second hand computer shops / gumtree. You will have a pretty powerful system that can handle pretty much what you are after.
I bought a Qotom afterwards.
-
I settled for the price range that OP asked for, myself, i had some stuff laying around.
but i got a ITX AMD APU-5000 with AES-NI onboard, i run it at 80down.
i also run Surricata and few other services off it, dont usually go above the 30/50% mark.
-
I was in the same position as you, if you don't mind buying from eBay, any Dell core i5 sandy bridge or later will easily handle what you are after. Or, go around computer fair / second hand computer shops / gumtree. You will have a pretty powerful system that can handle pretty much what you are after.
I bought a Qotom afterwards.
The problem with buying a cheap old computer like you suggested is that they tend to be standard size computers with fans and heat, lots and lots of heat.
I'm looking for something smaller, compact and more importantly as heatless as possible which is why i was looking at the board I'd linked above.Devices like a Qotom are really off-putting to me. I can't give a real reason for it, they just aren't a solution i like. Also, looking up the only 1 i could find to buy on Amazon it's got a J1800 processor in it which according to Intel's ARK isn't AES-NI enabled. Nor is the J1900.
Are you saying a Qotom-Q180N would work in regards to a 200mbps OpenVPN connection? Doesn't seem like it would to me.I settled for the price range that OP asked for, myself, i had some stuff laying around.
but i got a ITX AMD APU-5000 with AES-NI onboard, i run it at 80down.
i also run Surricata and few other services off it, dont usually go above the 30/50% mark.
Ok, so would you say the AES-NI seems to have worked like its supposed to then and that a APU-5000 could support 200mps?
-
Keep in mind that Openvpn is single-threaded. High clockspeed will be more important then a lot of cores
Low power things generally have lots of cores, but fail at high speed openvpn.
-
In that bandwidthd for OpenVPN the j3355b is recommended a lot since people have actually used it at those speeds so you know it will work. It's also really cheap. Its newer than what you linked a desktop part instead of.mobile and will be faster for OpenVPN.
For home use NICs on a budget it's generally best to buy a used one off eBay that was a server pull. This will let you buy a better NIC for cheaper.
I'd recommend an i340-t2 or i350-t2.You can also use a picoPSU 80 (non-WI) with the j3355b.
If you want a small case get a riser card for the pcie nic and you can use something like the m300 case from minibox.
-
Keep in mind that Openvpn is single-threaded. High clockspeed will be more important then a lot of cores
Low power things generally have lots of cores, but fail at high speed openvpn.
This is why i'm really interested to know how effective AES-NI is. The impression i get is that it can supposedly turn a low powered CPU into an encryption powerhouse.
-
In that bandwidthd for OpenVPN the j3355b is recommended a lot since people have actually used it at those speeds so you know it will work. It's also really cheap. Its newer than what you linked a desktop part instead of.mobile and will be faster for OpenVPN.
For home use NICs on a budget it's generally best to buy a used one off eBay that was a server pull. This will let you buy a better NIC for cheaper.
I'd recommend an i340-t2 or i350-t2.You can also use a picoPSU 80 (non-WI) with the j3355b.
If you want a small case get a riser card for the pcie nic and you can use something like the m300 case from minibox.
Thanks for this. Shall go check it out. Sounds promising.
-
I was in the same position as you, if you don't mind buying from eBay, any Dell core i5 sandy bridge or later will easily handle what you are after. Or, go around computer fair / second hand computer shops / gumtree. You will have a pretty powerful system that can handle pretty much what you are after.
I bought a Qotom afterwards.
The problem with buying a cheap old computer like you suggested is that they tend to be standard size computers with fans and heat, lots and lots of heat.
I'm looking for something smaller, compact and more importantly as heatless as possible which is why i was looking at the board I'd linked above.Devices like a Qotom are really off-putting to me. I can't give a real reason for it, they just aren't a solution i like. Also, looking up the only 1 i could find to buy on Amazon it's got a J1800 processor in it which according to Intel's ARK isn't AES-NI enabled. Nor is the J1900.
Are you saying a Qotom-Q180N would work in regards to a 200mbps OpenVPN connection? Doesn't seem like it would to me.I settled for the price range that OP asked for, myself, i had some stuff laying around.
but i got a ITX AMD APU-5000 with AES-NI onboard, i run it at 80down.
i also run Surricata and few other services off it, dont usually go above the 30/50% mark.
Ok, so would you say the AES-NI seems to have worked like its supposed to then and that a APU-5000 could support 200mps?
I have seen a small form factor (sff) Dell core i5 go for the same price. So fitting a say dual lan NIC card should be possible.
My Qotom is a i5 - 5250 U, has all the possible AES instructions, passive cooling and cheap to run. -
Don't bother trying to use Amazon for the Qotom, get them directly from AliExpress. Warranty is the same and delivery is maybe one or two days difference.
-
@johnkeates:
Don't bother trying to use Amazon for the Qotom, get them directly from AliExpress. Warranty is the same and delivery is maybe one or two days difference.
So true, if the OP uses the official Qotom shop on Aliexpress, it will be very easy to order. They accept PayPal so your credit card details will never be seen by Qotom. It took about 3 weeks for my one to arrive to the UK. Their operation is very slick. If OP has any questions, they reply within 24 hours or less.
-
Keep in mind that Openvpn is single-threaded. High clockspeed will be more important then a lot of cores
Low power things generally have lots of cores, but fail at high speed openvpn.
This is why i'm really interested to know how effective AES-NI is. The impression i get is that it can supposedly turn a low powered CPU into an encryption powerhouse.
-
openvpn has bottlenecks that don't involve AES encryption. speeding up the crypto routines just means you hit one of the other bottlenecks.
-
AES-NI implementations are not all the same. at the same clock speed, a skylake processor can perform crypto at 10 times the rate of a silvermont processor.
There is a lot more to choosing a solution than just whether it "has" AES-NI
-
-
I have seen a small form factor (sff) Dell core i5 go for the same price. So fitting a say dual lan NIC card should be possible.
My Qotom is a i5 - 5250 U, has all the possible AES instructions, passive cooling and cheap to run.I'm really not keen on buying second hand. I'm looking for new and easily returnable if it doesn't work out. I don't like eBay for anything really. Auctioned items have far less protection and returnabilty then store brought items. Looking at images of a dell core i5 it also still seems like it would generate a lot of heat?
So true, if the OP uses the official Qotom shop on Aliexpress, it will be very easy to order. They accept PayPal so your credit card details will never be seen by Qotom. It took about 3 weeks for my one to arrive to the UK. Their operation is vey slick. If OP has any questions, they reply within 24 hours or less.
As i already said though, separate to me being picky about where i buy from devices like those from QOTOM are not something i'm looking for as a solution. It's hard to describe why. It's just a set thing i have little control over. Whereas i feel much more in control if i buy the board, case, psu etc or have at least heard of the manufacture before.
I don't like buying from a place so far away, the time it takes to arrive and other little niggles that just add up to me considering it too much of a hassle/risk to bother giving them ago.
When dealing with something I'm not all that familiar or sure about to start with (pfsense) i don't want to compound the problem and risk giving myself more issues by buying from an unknown place an unknown companies product.-
openvpn has bottlenecks that don't involve AES encryption. speeding up the crypto routines just means you hit one of the other bottlenecks.
-
AES-NI implementations are not all the same. at the same clock speed, a skylake processor can perform crypto at 10 times the rate of a silvermont processor.
There is a lot more to choosing a solution than just whether it "has" AES-NI
Ok cool, are you able to explain further what those thing are so i know what i need to look for and can work out the cheapest items to buy that will do the job?
-
-
Ok cool, are you able to explain further what those thing are so i know what i need to look for and can work out the cheapest items to buy that will do the job?
If you want all the details, I suggest you search around on the forum where you'll find a lot of threads about AES-NI performance. Or, just be specific about requirements (bandwidth, VPN, PPPoE, etc.) to get a more tailored response. The J3355 has already been suggested, and I'd say that's probably an obvious choice for you. You can search for existing reports from people who have that hardware.
-
The problem here is that your requirements are in conflict. You don't want to spend money, but you do expect certain performance. That's not going to happen, especially when adding 'store bought' (which IMHO is the worst place to buy anything computer related) to the list.
If you want decent performance and buy it from the store, you'll have to triple your budget.
Alternatives are:
- not buying from the store, but from the country where the stuff is made (that's where the stores get their stuff)
- going for less performance
It's basically a 3-choice pick-2 game. You can't have it all ;)
-
Keep in mind that Openvpn is single-threaded. High clockspeed will be more important then a lot of cores
Low power things generally have lots of cores, but fail at high speed openvpn.
Single threaded per tunnel instance. Depends if they need a single tunnel to be fast or just the connection of active tunnels to be fast.
-
You can have it all, just buy a j3355b - they are like $55 from Newegg and will do exactly what you want.
For what you want you can even use the onboard NIC with VLANS on a smart switch, or buy a single NIC, or buy a solid dual NIC. all are not that expensive even if you buy new.
picoPSU 80 is cheap, m300 is cheap.
The problem is that people are recommending an i5 when only a Celeron is called for.
-
You can have it all, just buy a j3355b - they are like $55 from Newegg and will do exactly what you want.
For what you want you can even use the onboard NIC with VLANS on a smart switch, or buy a single NIC, or buy a solid dual NIC. all are not that expensive even if you buy new.
picoPSU 80 is cheap, m300 is cheap.
The problem is that people are recommending an i5 when only a Celeron is called for.
Maybe if you are in the US, but outside of the US, newegg is pointless.
Getting a few UK prices show j3355b systems cost about 130 GBP and that's only mainboard, RAM and PSU. -
https://www.amazon.co.uk/gp/aw/d/B01M9EXCYB/ref=mp_s_a_1_1?ie=UTF8&qid=1507218936&sr=8-1&pi=AC_SX236_SY340_FMwebp_QL65&keywords=j3355b&dpPl=1&dpID=51Q-%2BTonTML&ref=plSrch
62gbp for board.
At 130gbp including ram and PSU all you need is a nic and case for 70gbp. Can easily get away with a single how port nic for 200Mbps.
I personally don't agree with OPs ideas about purchasing computer components, but he can get what he wants in his price range.
-
If i really wanted to i could already use an old i7-4770K system to manage the 200mbps requirement. The problem is the heat it will generate. I've got a computer cupboard with a number of systems inside it and over the years the number of systems has steadily increased but the ventilation has remained the same and is not something i can change.
I don't want to spend loads on a new system when i have a perfectly good capable system sitting right next to it. I also don't want to 'waste' a still powerful and useful system on what is essentially a glorified router that can do OpenVPN. This is what is limiting my spending. I also feel like it shouldn't cost an arm and leg to get OpenVPN to run @200mps.
I do agree though that it's starting to look a little unlikely i can get what i want since after having looked at normal power supplies i fear that is where a lot of the heat will still come from.
The picoPSU does not inspire confidence when looking at it. Looks like it will start generating smoke a couple of days after I've installed it and I'm not willing to buy what i consider to be an unknown and risky power supply from a company I've never heard of before, especially when experimenting for the first time with something like I'm currently doing.
The hope was to, for example, buy an all in one solution for as close to £100 as possible from a place like Amazon and from a main stream brand i recognise like Asus for example. Failing that buy things like an asus all in one board, a low watt / low heat corsair power supply, cheap ram, a cheap micro-atx case and a dual network card and have pfsense run OpenVPN 24/7 on it while generating little heat and spending as close to £150 as possible.
The money and size of case wasn't the important part, the heat was, though if it got to £200+ I'd start to consider it no longer cost effective. The whole AES-NI thing is where i got my hopes up i guess. I thought maybe, finally, i could buy a cheap, low cost, low heat system that could encrypt OpenVPN @200mbps.
Having now gotten these replies and gone through the advice i can see that what i want and what's available are 2 different things. I'd like to buy a Qotom system but i see it as too much of an unknown risk which is of a similar catch 22. I don't know how good it is till i buy it but i won't buy it unless i know how good it is first, especially not when its shipped from abroad.
It's a shame Amazon don't have the more powerful AES-NI enabled Qotom's available from within the UK otherwise i'd give one a go.
Thanks to everyone for the help and advice though. It was all useful even if it was only to help me realise i can't do what i want within the limitations I've set myself.