Cheap and low power VPN supporting pfsense box

A Former User

This post is deleted!

stephenw10

If you need 120Mps of OpenVPN you would really want something a bit more powerful than the SG-2220 anyway. Especially if you want to run any packages etc.

To get that for ~$150 you're probably looking at using some old hardware, whatever might be available to you. That will mean higher power consumption though in all likelihood.

Steve

zimbodan

Just a working setup from Europe ;-)
We run Dual WAN Setups at two locations using OpenVPN to connect to our datacenter in a test with Atom boxes (Pondesk MNHO-048). We see full wire speed on both connections (100Mbps Cable and 100Mbps DSL) with more bandwidth issues on the cable connection (as expected). We run two tunnels in round robin load balancing seeing some good 180 Mbps on the link with processor load below 20% thanks to AES-NI. DSL and Cable Routers are set to Modem mode - managing everything from the pfsense box. So in a single line setup this should be well suitable - performance wise.

But I am not sure if that will work with your setup where you have your voice on VoIP as well. Can you terminate VoIP somewhere else? On a separate ATA? You should also check your AVM box as some experience performance issues at throughput rates beyond 70 Mbps. Same might be considered for mullvad as well. Can they handle 120 Mbps?

I am not sure how the Meltdown / Spectre might affect pfsense - as there are very limited scenarios where you run code on it that might exploit these bugs - well - beyond my imagination as of today. And other Out-of-Order processor manufacturers such as AMD, ARM, Qualcom IBM etc. are affected as well.

The boxes sell at around 200EUR as barebones including shipping. And there are special deals from time to time.

Legal things ;-)
To my knowledge the Pondesk boxes are the only ones available in Europe through a European retailer and with full warranty etc. This was a major issue here due to legal reasons. Qotom and other china boxes are offered via 'grey' imports through Honkong/UK. Be aware that this is tax and customs fraud if you are residing outside the UK. You will find a lot of comments even here in the forum of people who managed to get away with it - for a commercial customer a clear show stopper. Not mentioning warranty and other issues dealing under Chinese legislation.

Hope that helps in your decision making
Cheers from Munich,
Daniel

Gil

Closest new hardware for that cost would be the APU2c4. $USD 130 with a case + shipping - direct from PC Engines. (Not sure about your import rules)
Performance would be in the ball park too - but I you would need to check that for yourself.

Ryu945

Keep in mind that OpenVPN is a single threaded process so you will need a CPU whose individual core can handle 120 mb/s

bingo600

@zimbodan:

Qotom and other china boxes are offered via 'grey' imports through Honkong/UK. Be aware that this is tax and customs fraud if you are residing outside the UK.

Wonder how you came up with that statement ??    :-X

If you buy from Qotom , and select the normal DHL shipping.
You will be charged VAT & Import fees via DHL , that makes it totally legit , even in DE.

Wonder if you are affiliated with PonDesk in any way.

/Bingo

ivor

@bingo600:

Wonder if you are affiliated with PonDesk in any way.

/Bingo

I am too interested in this. Pondesk seems to be selling Qotoms as their own hardware. I wonder if they come with pre-installed pfSense like with Qotom.

e: Yes, they do install pfSense. How nice of them. Pondesk or their dealers, since you're so concerned for legal issues here's something you should read:

https://doc.pfsense.org/index.php/Can_I_sell_pfSense

https://www.pfsense.org/trademarks.html

Guest

I'm surprised there is so much Pondesk advertisement here. They are not pfSense distributors yet they do preinstall and 'sell' it, as wel as 'support'.

With Qotom (and MiniSys) we know this, and we inform people, and we want to make sure they know which barebone china special to get straight from the vendor (thus removing most bogus margins on support that vendors put in their pricing trying to freeload off of pfSense). with the Qotom and a very small number of other Chinese sellers, we know that they are straight from the factory and their sales and price doesn't really change if they pretend to make 'pfSense' hardware, they don't make any extra money off of it (smells like SEO most of the time). With Pondesk and the likes it's like they try to make an easy buck by buying MiniSys or Qotom boxes, putting pfSense on it, and pretending to be reputable westen hardware vendors with pfSense/Nategate backing, which simply isn't the case.

Gil

This thread took an interesting turn, thanks for the info.

Regarding APU2 performance, my own testing showed the Bandwidth max was 85.3 Mbits/sec through a TCP OpenVPN connection.
Perhaps a bit slow for the original requirements.

Guest

@Gil:

This thread took an interesting turn, thanks for the info.

Regarding APU2 performance, my own testing showed the Bandwidth max was 85.3 Mbits/sec through a TCP OpenVPN connection.
Perhaps a bit slow for the original requirements.

I suspect with the 120Mbit connection you only get 100Mbit, and with OpenVPN overhead you'd lose another 10, so 85.3 Mbits/sec wouldn't be so bad I think.