Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cheap and low power VPN supporting pfsense box

    Scheduled Pinned Locked Moved Hardware
    10 Posts 8 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        If you need 120Mps of OpenVPN you would really want something a bit more powerful than the SG-2220 anyway. Especially if you want to run any packages etc.

        To get that for ~$150 you're probably looking at using some old hardware, whatever might be available to you. That will mean higher power consumption though in all likelihood.

        Steve

        1 Reply Last reply Reply Quote 0
        • Z
          zimbodan Banned
          last edited by

          Just a working setup from Europe ;-)
          We run Dual WAN Setups at two locations using OpenVPN to connect to our datacenter in a test with Atom boxes (Pondesk MNHO-048). We see full wire speed on both connections (100Mbps Cable and 100Mbps DSL) with more bandwidth issues on the cable connection (as expected). We run two tunnels in round robin load balancing seeing some good 180 Mbps on the link with processor load below 20% thanks to AES-NI. DSL and Cable Routers are set to Modem mode - managing everything from the pfsense box. So in a single line setup this should be well suitable - performance wise.

          But I am not sure if that will work with your setup where you have your voice on VoIP as well. Can you terminate VoIP somewhere else? On a separate ATA? You should also check your AVM box as some experience performance issues at throughput rates beyond 70 Mbps. Same might be considered for mullvad as well. Can they handle 120 Mbps?

          I am not sure how the Meltdown / Spectre might affect pfsense - as there are very limited scenarios where you run code on it that might exploit these bugs - well - beyond my imagination as of today. And other Out-of-Order processor manufacturers such as AMD, ARM, Qualcom IBM etc. are affected as well.

          The boxes sell at around 200EUR as barebones including shipping. And there are special deals from time to time.

          Legal things ;-)
          To my knowledge the Pondesk boxes are the only ones available in Europe through a European retailer and with full warranty etc. This was a major issue here due to legal reasons. Qotom and other china boxes are offered via 'grey' imports through Honkong/UK. Be aware that this is tax and customs fraud if you are residing outside the UK. You will find a lot of comments even here in the forum of people who managed to get away with it - for a commercial customer a clear show stopper. Not mentioning warranty and other issues dealing under Chinese legislation.

          Hope that helps in your decision making
          Cheers from Munich,
          Daniel

          1 Reply Last reply Reply Quote 0
          • GilG
            Gil Rebel Alliance
            last edited by

            Closest new hardware for that cost would be the APU2c4. $USD 130 with a case + shipping - direct from PC Engines. (Not sure about your import rules)
            Performance would be in the ball park too - but I you would need to check that for yourself.

            11 cheers for binary

            1 Reply Last reply Reply Quote 0
            • R
              Ryu945
              last edited by

              Keep in mind that OpenVPN is a single threaded process so you will need a CPU whose individual core can handle 120 mb/s

              1 Reply Last reply Reply Quote 0
              • bingo600B
                bingo600
                last edited by

                @zimbodan:

                Qotom and other china boxes are offered via 'grey' imports through Honkong/UK. Be aware that this is tax and customs fraud if you are residing outside the UK.

                Wonder how you came up with that statement ??    :-X

                If you buy from Qotom , and select the normal DHL shipping.
                You will be charged VAT & Import fees via DHL , that makes it totally legit , even in DE.

                Wonder if you are affiliated with PonDesk in any way.

                /Bingo

                If you find my answer useful - Please give the post a 👍 - "thumbs up"

                pfSense+ 23.05.1 (ZFS)

                QOTOM-Q355G4 Quad Lan.
                CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

                1 Reply Last reply Reply Quote 0
                • ivorI
                  ivor
                  last edited by

                  @bingo600:

                  Wonder if you are affiliated with PonDesk in any way.

                  /Bingo

                  I am too interested in this. Pondesk seems to be selling Qotoms as their own hardware. I wonder if they come with pre-installed pfSense like with Qotom.

                  e: Yes, they do install pfSense. How nice of them. Pondesk or their dealers, since you're so concerned for legal issues here's something you should read:

                  https://doc.pfsense.org/index.php/Can_I_sell_pfSense

                  https://www.pfsense.org/trademarks.html

                  Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                  1 Reply Last reply Reply Quote 0
                  • ?
                    Guest
                    last edited by

                    I'm surprised there is so much Pondesk advertisement here. They are not pfSense distributors yet they do preinstall and 'sell' it, as wel as 'support'.

                    With Qotom (and MiniSys) we know this, and we inform people, and we want to make sure they know which barebone china special to get straight from the vendor (thus removing most bogus margins on support that vendors put in their pricing trying to freeload off of pfSense). with the Qotom and a very small number of other Chinese sellers, we know that they are straight from the factory and their sales and price doesn't really change if they pretend to make 'pfSense' hardware, they don't make any extra money off of it (smells like SEO most of the time). With Pondesk and the likes it's like they try to make an easy buck by buying MiniSys or Qotom boxes, putting pfSense on it, and pretending to be reputable westen hardware vendors with pfSense/Nategate backing, which simply isn't the case.

                    1 Reply Last reply Reply Quote 0
                    • GilG
                      Gil Rebel Alliance
                      last edited by

                      This thread took an interesting turn, thanks for the info.

                      Regarding APU2 performance, my own testing showed the Bandwidth max was 85.3 Mbits/sec through a TCP OpenVPN connection.
                      Perhaps a bit slow for the original requirements.

                      11 cheers for binary

                      1 Reply Last reply Reply Quote 0
                      • ?
                        Guest
                        last edited by

                        @Gil:

                        This thread took an interesting turn, thanks for the info.

                        Regarding APU2 performance, my own testing showed the Bandwidth max was 85.3 Mbits/sec through a TCP OpenVPN connection.
                        Perhaps a bit slow for the original requirements.

                        I suspect with the 120Mbit connection you only get 100Mbit, and with OpenVPN overhead you'd lose another 10, so 85.3 Mbits/sec wouldn't be so bad I think.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.