AES-IN system for sub £100 that will support an OpenVPN 200mbps connection?
-
The problem with buying a cheap old computer like you suggested is that they tend to be standard size computers with fans and heat, lots and lots of heat.
But for less then £100 you might be hoping eventually to much from that budget? And it is not only targeted to
one or two things here, but more then targeted to exactly these or that point most be reached.- sub £100
- OpenVPN ~200 MBit/s
- Low noise, low power using
This might be able to get by saving some more coins and go then away with a right matching Qotom box with an
Intel i3, i5 or i7 CPU, 4 GB till 8 GB of RAM and a small SSD or mSATA around 32 GB till 120 GB likes you need it.I'm looking for something smaller, compact and more importantly as headless as possible which is why i was looking at the board I'd linked above.
The WiFi is mostly not able to use at this boards and often (not even) there will be perhaps BIOS problems with this
kind of boards. So go with a small Qotom and all will be fine here as I see it right or other were mentioned it earlier
as me. All other options that will be hitting that points will be more expensive as this variant and even using more
electric power too.Devices like a Qotom are really off-putting to me. I can't give a real reason for it, they just aren't a solution i like. Also, looking up the only 1 i could find to buy on Amazon it's got a J1800 processor in it which according to Intel's ARK isn't AES-NI enabled. Nor is the J1900.
Again, it is based on your needs, wished and goals that must be or should be reached exactly, and not by the available
hardware on the market. Only by your thinking and willing to set it up as you need and want it.Are you saying a Qotom-Q180N would work in regards to a 200mbps OpenVPN connection? Doesn't seem like it would to me.
Around ~300 MBit/s will be the best mark with silent hardware that is not, I repeat it, which is not so strong and
power hungry.This is why i'm really interested to know how effective AES-NI is. The impression i get is that it can supposedly turn a low powered CPU into an encryption powerhouse.
If we talk here about IPSec you will be really near to the realism with that comment, a small SG-4860 is able to
push ~470 MBit/s over IPSec VPN and on top of this counting the TCP/IP overhead will be nearly ~500 MBit/s
real throughput then!!!! That is impressive for that small kind of pfSense box.I'm really not keen on buying second hand.
You want to get or reach nearly real ~200 MBit/s over OpenVPN and that is the fact here in that game play
nothing else. And on top of this, it might be power saving, silent and must be under £100 too! Please don´t forget
that you were setting the levels and not we are doing so, did we?I'm looking for new and easily returnable if it doesn't work out. I don't like eBay for anything really. Auctioned items have far less protection and returnabilty then store brought items. Looking at images of a dell core i5 it also still seems like it would generate a lot of heat?
Axiomtek has very powerful hardware for pfSense but nothing in your budget region or level.
Supermicro has very stable and powerful hardware but again not in your budget level.
Qotom has also very powerful and silent hardware and nearly to your budget or better not so far away from it.This is what is limiting my spending. I also feel like it shouldn't cost an arm and leg to get OpenVPN to run @200mps.
Once again to get the best mark such as ~300 MBit/s total OpenVPN throughput, with sielnt and not so power
hungry hardware will exactly meeting the Qotom Intel i3 or i5 level.I'd say: just get a Qotom box, pay with PayPal, and be done with it. But you seem to be stuck in a circle where you won't buy anything you don't already know, but you would have to buy it to know it ;-)
Me too, but I will also consider to save more money and get then a more powerful Qotom box that is able to
handle all things at the best.Alternately you may be also happy with a refurbished small and silent Intel E3-12xxv3 server, but using
more electric power and not soooo silent as you may whish it perhaps. -
@BlueKobold:
Once again to get the best mark such as ~300 MBit/s total OpenVPN throughput, with sielnt and not so power
hungry hardware will exactly meeting the Qotom Intel i3 or i5 level.Qotom isn't going to hit the price target, and it's frankly not great hardware in the first place. Yeah, it's an i5, but it's a U-series i5 that's a couple of generations old. I'd rather have a J3355 for a small fanless box. The only reason to buy the qotom is if you don't want to deal with parts, but the OP started out talking about parts so that doesn't seem to be the case.
-
I'd rather have a J3355 for a small fanless box.
Is there a J3355 board with Intel NICs? I've had enough bad experience with Realtek NICs to not want to deal with them, even if they have fixed their earlier issues :p
I'd love to find a site with motherboards where you can search for things like LAN chipsets, number of LAN ports, etc. PCpartpicker.com is more aimed at enthusiasts - they do have some boards listed there that have multiple NICs but most of them are really old and not really what those of us looking to build low power firewalls are interested in.
That's why I keep combing the forums here looking for what others are using/recommending/looking at too - but talk about time consuming!
-
I'd rather have a J3355 for a small fanless box.
Is there a J3355 board with Intel NICs? I've had enough bad experience with Realtek NICs to not want to deal with them, even if they have fixed their earlier issues :p
I'd love to find a site with motherboards where you can search for things like LAN chipsets, number of LAN ports, etc. PCpartpicker.com is more aimed at enthusiasts - they do have some boards listed there that have multiple NICs but most of them are really old and not really what those of us looking to build low power firewalls are interested in.
That's why I keep combing the forums here looking for what others are using/recommending/looking at too - but talk about time consuming!
You can add a dual port nic and still come out ahead
-
Minibox M300 is small, and takes a PCIe card provided you use a riser. http://www.mini-box.com/Mini-Box-M300
J3355B has an x16 slot and dual gigabit NICs will all be x4 slots.
I think minibox sells a riser for the M300 for like $3.
-
@johnkeates:
Don't bother trying to use Amazon for the Qotom, get them directly from AliExpress. Warranty is the same and delivery is maybe one or two days difference.
I used one of these and they are great.
https://www.aliexpress.com/item/New-Braswell-mini-pc-M150S-with-2G-ram-8G-SSD-celeron-N3150-Dual-H-D-M/32533935685.html
-
I realised about two months ago that it will be impossible to get any new box under ~£200 for getting such OpenVPN performance, not in 2017.
Still, the original question is very close to my own search, the difference is that I am willing to buy from China, especially from AliExpress where you get protection.
Maybe someone can help me decide which box should be better, my question was https://forum.pfsense.org/index.php?topic=137651.0 but if you can point to other one i would not mind.
PS. Also my performance requirements are even lower, I only really need 80mbps OpenVPN as that's my VDSL limit so far. Obviously that I would not mind being able to scale up later it it does not double the cost.
-
If 80 Mbps is all you need and you're willing to build something yourself the J3355B is the way to go I think. Most relatively cheap and power efficiënt builds for your speed requirements include the j3355B, a micro psu and an Intel Nic from ebay.
-
Our US$3K (5 year old) main router took a shot during a recent power outage and until we get a replacement we decided to temporarily use a Zotac ZBOX-CI327NANO-U Intel Celeron N3450 dual LAN box.
It has some unsupported hardware (SD socket), for which we found a solution. But otherwise it is an outstanding machine.
With 4GB of RAM and a 60GB SSD it comes for roughly $175, which puts it in your budget.
The hardware build of this little box is far superior to many products out there. I wouldn't want to put down any products that are hyped on these forums (or elsewhere) but since you seem to be interested in doing your homework diligently I suggest that you take a close look at this little box.
Not sure if blue chip still means much in this day and age as it did 20 years ago, but CI327 is definitely a blue chip product.
It will certainly drive your 200 mbps line, ours runs off a 300/300 without a hiccup. It hardly feels warm as it only burns a few watts. Absolutely perfect for home or SOHO use. If you need more ethernet ports simply put a small VLAN enabled switch on one of the ports. -
J3355B w/ Intel NICs > N3450 w/ Realtek NICs
That zotac box is at a good price point for low bandwidthd out non OpenVPN serious though!
-
Not sure if you've already purchased your new hardware but I thought I'd add my input for hardware recommendation. Trust me I've spent the last 3 weeks looking at a lot of possibilities. First I'll show what I'm currently running and then what I'm upgrading to and why.
I tried a few bits of hardware back in 2010 - a dual P3 server, a P4 Celeron system but eventually settled for and have had a Mini-ITX setup for the last 7 years consisting of:
Thermaltake Element Q ITX case with 220W PSU (I replaced PSU with a Pico PSU)
Point of View Atom 330 Mini ITX motherboard (I disconnected the fan)
2GB DDR2
Old 2.5" laptop hard drive
HP NC364T quad port gigabit NIC - added a few years ago to replace a single port NIC that I had in the 16x PCI-e slot.In those 7 years my ISP has upgraded my connection several times to where I'm at 200Mb/12Mb as well as me recently using a VPN service, I can certainly tell my silent little box is struggling with how much I'm hammering it. (I run a games server, Teamspeak server, etc)
I currently struggle to get over 60Mb/s Download when the VPN is connected, I get near enough the full 200Mb/s when it is not connected. I can see the CPU usage for the OpenVPN process (running top in the shell) is hovering around 80%+
Not wanting to spend too much on hardware and with the recent announcement that a CPU with AES-NI instructions will be required and I need one anyway as I use OpenVPN, I decided now is a good time for me to upgrade.
I'm keeping the case, PSU, hard drive and Quad port NIC. This immediately limited me to an ITX board with a minimum of a PCI-e 4x slot. So with that search criteria I have ordered the following, all second hand but that doesn't bother me as I've used second hand parts in my current build:
Portwell WADE-8320 motherboard, with heatsink (£45 delivered)
Intel Core i5 520m CPU (£8 delivered)
2GB DDR3 SO-DIMM (free as I had spare but less than £10)The reasons are price, performance and features. The motherboard comes with two Intel Gigabit NIC's onboard and has a 4x PCI-e slot. It supports 1st gen mobile i3,i5 and i7 CPU's which are all cheap nowadays. I recommend the i5 5xxm series as they are cheap, dual core hyper threaded and have AES-NI. It has a mini PCI-e slot on the reverse of the board if you wanted to add in a small SSD rather than use a normal drive via SATA.
Currently my Atom system draws 40W at the wall (30W for the motherboard/CPU/RAM and 10W for the HP NIC) this is due in part to the incredibly inefficient southbridge used on older Atoms boards, so although the CPU has a low TDP, the motherboard chipset negates any gains.
I'm confident that even though the i5 520m is rated at 35W TDP, the fact that the QM57 chipset used on the motherboard is only rated at 3.5W TDP, my new system won’t draw much more power than the Atom it’s replacing, especially as the Core i5 has better C states when idling.
Trust me, I looked at a LOT of options, including the later Atoms, Celerons, etc. Nothing beat the price/performance ratio of what I've mentioned above, in my opinion and use case scenario.
-
40W for an Atom? yikes - that's atrocious.
TDP is heat dissipation, nothing to do with power draw - as your atom obviously proves.
As far as price performance, check out ebay.
My current system is a SFF i5-2400 i340t4 box drawing <40W and it cost me <$150, and that box performance is crazy overkill.
Since you already have a case, storage, RAM and a NIC - why don't you just buy a J3355B? That will draw way less power and is honestly pretty close in performance to the i5-520m - it almost certainly outclasses the 520m in OpenVPN throughput, it will also probably cost you less upfront.
-
40W for an Atom? yikes - that's atrocious.
Yeah, they rushed it out the door to meet the schedule before a low power chipset was ready to go with the low power cpu. Nine years ago, though, it was the cheapest & easiest way to get passive cooling, dual cores, and 64 bit instructions.
Since you already have a case, storage, RAM and a NIC - why don't you just buy a J3355B? That will draw way less power and is honestly pretty close in performance to the i5-520m - it almost certainly outclasses the 520m in OpenVPN throughput, it will also probably cost you less upfront.
atom 330 was DDR2, need new ram.
-
Yeah that's crazy! I use an old N450 in a netbook to run a Unifi controller on it (really should figure out VMware and virtualize all this stuff on my i5-2400) - it doesn't get great power consumption numbers but certainly not that bad.
User said they had 2GB DDR3 SO-DIMM on hand, if not though that stuff is super cheap on eBay. Ultimately, the idea of "upgrading" from one incredibly inefficient, anemic CPU to another inefficient but slightly-less anemic CPU makes no sense to me when there are cheap products out there like the Apollo Lake Celerons.
Trust me, I looked at a LOT of options, including the later Atoms, Celerons, etc. Nothing beat the price/performance ratio of what I've mentioned above, in my opinion and use case scenario.
https://www.newegg.com/global/uk/Product/Product.aspx?Item=N82E16813157726&cm_re=j3355b--13-157-726--Product
Looks like about £55 including VAT for a much better product that also happens to be new instead of used.
-
That's not a bad board for £55 and I did put that on my short list. It requires DDR3L (1.35v) memory which I don't have so I would have needed to spend a little more to get some. It also lacks an Intel NIC onboard and I have plans to utilize the two I'll be getting on the Portwell board. So that's what swayed me in the end.
The inefficiency is yet to be seen, I think the difference between a Apollo lake celeron and a Arrandale i5 won't be too big a concern for me personally.
I may post back with the wattage numbers from the wall if anyone is interested?
-
It can use DDR3L, but standard ddr3 SO-DIMM is also.supported , per the product specs and my j3355 HTPC with standard ddr3.
J3355b build would pull sub 20w, likely sub 15w. That i5 very likely in excess of 40W. J3355 also better at openvpn.
Realtek NICs work just fine for sub gigabit throughput (management nic, wireless AP NIC, fast ether NIC, etc.).Anyways, to each their own. It might somehow have made sense for you, but I wouldn't go around claiming that it's a great price/performance buy for others -it is decidedly not a good way to go for most people.
-
That heper guy is correct if you ask me.
I like the newest latest greatest low power stuff but if you want something cheap with high performance, an old 3ghz to 4ghz 4 core desktop intel or amd that can be had for like $75 or $100 is just unbeatable. You will pay for it in the power bill but they are cheap and reliable and blazing fast.
Alternately, AMD processors like the 8150 just scream and support AES-NI at the same time. Not energy efficient but cheap and reliable. Probably 3 or 4 times faster than the top of the line energy efficient appliances.
-
It can use DDR3L, but standard ddr3 SO-DIMM is also.supported , per the product specs and my j3355 HTPC with standard ddr3.
J3355b build would pull sub 20w, likely sub 15w. That i5 very likely in excess of 40W. J3355 also better at openvpn.
Realtek NICs work just fine for sub gigabit throughput (management nic, wireless AP NIC, fast ether NIC, etc.).Anyways, to each their own. It might somehow have made sense for you, but I wouldn't go around claiming that it's a great price/performance buy for others -it is decidedly not a good way to go for most people.
I will admit the J3355 will more than likely consume less power than the i5 520m, I will give you that one.
To dismiss the performance advantage of the "older" i5 over the J3355 is one thing I will not concede on. Every benchmark I looked at has the i5 520m in front of the J3355, not by a huge margin but its quicker, including AES, LZMA, SQLite, etc. That is just single core benchmarks, when multicore is factored in, the i5 further stretches its legs.
I haven't cherry picked any site or benchmark, feel free to look for yourself if you wish.
-
It can use DDR3L, but standard ddr3 SO-DIMM is also.supported , per the product specs and my j3355 HTPC with standard ddr3.
J3355b build would pull sub 20w, likely sub 15w. That i5 very likely in excess of 40W. J3355 also better at openvpn.
Realtek NICs work just fine for sub gigabit throughput (management nic, wireless AP NIC, fast ether NIC, etc.).Anyways, to each their own. It might somehow have made sense for you, but I wouldn't go around claiming that it's a great price/performance buy for others -it is decidedly not a good way to go for most people.
I will admit the J3355 will more than likely consume less power than the i5 520m, I will give you that one.
To dismiss the performance advantage of the "older" i5 over the J3355 is one thing I will not concede on. Every benchmark I looked at has the i5 520m in front of the J3355, not by a huge margin but its quicker, including AES, LZMA, SQLite, etc. That is just single core benchmarks, when multicore is factored in, the i5 further stretches its legs.
I haven't cherry picked any site or benchmark, feel free to look for yourself if you wish.
i5 520m is new enough to PCLMULQDQ, so it has optimized AES-GCM but not the improved implementation of the newer generations of intel's high-power chips. In theory the goldmont has SHA acceleration, which would help for non-GCM openvpn, but I honestly haven't looked to see if OpenVPN would actually benefit from that. In the end I'd expect the two chips to be pretty similar performance-wise. The J3355 isn't a performance beast, it's just "good enough" for most home users at a compelling price point (and much faster at crypto than avoton, let alone the crippled non-aes bay trail chips like the J1900.)
-
SHA acceleration effectively makes CBC encryption like GCM.
There are some benchmarks comparing them on the j3355 and the results are pretty much odentical.Yes, the i5 will edge out the Celeron, barely. Still probably not I'm OpenVPN. But that doesn't make it a good selection.