Off the shelf box < $300
-
Since you know you can't have PPTP anymore, let's ditch that discussion. Depending on who/what you are connecting to, you might need beefier hardware than you'd expect since OpenVPN is still single-threaded. You might have some luck trying the OpenVPN client version of whatever service you are using with PPTP at the moment, if the OpenVPN speed is ok and we know your PC specs, we can give you some better suggestions. If it turns out you need i5-level hardware, you'll probably end up with a used office PC or a china box.
-
"I am aware that PPTP is not fully secure but it is fine for my purpose"
This is what is wrong… This mentality... You understand its not secure but continue to use it.. Move to something better vs holding on to old no longer secure protocols... Same goes for ftp - why will it not just die already... It should have been killed off 10 years ago as well..
That so called "vpn" providers still provide it - WTF?? Just utter nonsense.. There are plenty of easy to use and setup secure options - supporting dead tech doesn't do anyone any favors...
whist i totally agree with you, the option should be there to turn on or install manually
sometimes you may have to work with some old ancient piece of kit or long for this world server that you need to pull legacy data off
-
"I am aware that PPTP is not fully secure but it is fine for my purpose"
This is what is wrong… This mentality... You understand its not secure but continue to use it.. Move to something better vs holding on to old no longer secure protocols... Same goes for ftp - why will it not just die already... It should have been killed off 10 years ago as well..
That so called "vpn" providers still provide it - WTF?? Just utter nonsense.. There are plenty of easy to use and setup secure options - supporting dead tech doesn't do anyone any favors...
whist i totally agree with you, the option should be there to turn on or install manually
sometimes you may have to work with some old ancient piece of kit or long for this world server that you need to pull legacy data off
I'm not sure PPTP has anything to do with that :p
-
@johnkeates:
Since you know you can't have PPTP anymore, let's ditch that discussion. Depending on who/what you are connecting to, you might need beefier hardware than you'd expect since OpenVPN is still single-threaded. You might have some luck trying the OpenVPN client version of whatever service you are using with PPTP at the moment, if the OpenVPN speed is ok and we know your PC specs, we can give you some better suggestions. If it turns out you need i5-level hardware, you'll probably end up with a used office PC or a china box.
So I tried using openvpn on my PC, which has Q8200 processor. I was getting about 60 mbps, which is about the same I get using pptp. My cpu usage was about 25%.
So thoughts on what router/ hardware can I use to get the same speed
-
In that case an APU might do, but an i3-based Qotom or MiniSys will definitely work.
-
Thanks John. I am leaning towards QOTOM with i3 4005u and 4gb ram/32gb ssd
-
I wouldn’t buy a qotom if you’re concerned about security.
We’ll look at adding wireguard after it runs on FreeBSD.
-
-
@jwt:
I wouldn’t buy a qotom if you’re concerned about security.
Can you expand on this please?
He was probably referring to the fact that they are chineese-made. But pretty much everything else is too, so it doesn't really matter as much as people think it does.
Another angle I find to refer to myself is the fact that due to their location they have no incentive to update their firmwares and microcode or supply post-sales support. In practise, they seem to be reasonable (a few people on this forum had DOAs and got successful RMAs, no failed post-sales support yet) and they do supply dedicated EMEA, North America and BRIC support contacts on their site. It appears they care enough about their brand name to not just drop hardware all over the world and leave it at that.
Depending on where you are in the world, some other issues might arise like shipping times, taxes and your nation's stance regarding China, but that's just politics and non-product specifics and will very between all countries and vendors all the time. (i.e. the APU2 in the USA is a good choice, but outside it's not that easy to get or cheap at all)
For home use, the good China ODM/OEM boxes are not a bad choice, for business use you'll probably want to keep a private stock of replacement units or use EU or USA vendors instead. Keep in mind that not all asian sales are equal in quality and finding the good ones isn't very easy. So far, at least on this forum, we have identified Qotom and MiniSys as somewhat 'true' vendors (they make their own stuff instead of rebranding white label crap) but there are a ton of resellers just slapping their own brand name on those boxes and pretending they are the manufacturer instead (while not adding any value and asking 100-400 more for the same stuff).
Ideally, we'd manage to get one of the good ones from China to get a deal with pfSense/Netgate/whoever to supply cheap non-commercial-use boxes, but so far I have no clue if either party wants that or is looking for that ;-) Since the ARM-based hardware is already in the Netgate store, I'm not so sure they'd be willing to undercut themselves for a possibly inferior (but cheaper) product. At the same time, Qotom is trying to use the pfSense brandname/trademark/whatever-legeal-definition/copyright to sell their hardware faster, which isn't something that netgate/pfSense wants (makes sense, probably something USA law prohibits as well since you have to defend your claim to trademark/copyright in order to retain it). Normally a vendor would make a deal with the owner of the name to be an official vendor, but that isn't likely to happen in China due to cultural and legal differences.
TL;DR: for home use it likely makes no difference, for business use, you would have to do internal validation before integrating random china hardware.
-
Thank you for the detailed reply John - much appreciated.
-
I want a small off the shelf box which either comes preinstalked with pfsense or pfsense can be installed on without complication and that is fast enough to provide > 70mbps. I am aware that pfsense no longer supports pptp and hence it would have to be openvpn.
I'm using the APU2c4 in Australia and get up to 95 Mbps with OpenVPN. I note that one user recently reported some difficulties with pfSense installation - see https://forum.pfsense.org/index.php?topic=141618.msg . That said, I did a fresh installation 2-3 days ago from usb stick with pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img and all went well. My bios details:
Vendor: coreboot Version: 88a4f96 Release Date: Mon Mar 7 2016
The APU2c4 with a case (but no SSD) cost about $US 160 delivered to Australia from PCEngines in Europe in 2016.
-
The APU will probably work fine in this case. Only remaining issue is that it would be utilised 100% directly from the start; if the ISP decides to give you more speed in the future, you'd need faster hardware to use it with the VPN. If upgrades are unlikely in the coming 3-4 years, the APU is the way to go.
-
Locking this thread in order to prevent another QOTOM promotion.
-
@johnkeates:
@jwt:
I wouldn’t buy a qotom if you’re concerned about security.
Can you expand on this please?
He was probably referring to the fact that they are chineese-made. But pretty much everything else is too, so it doesn't really matter as much as people think it does.
Having the board made in China, and having China load the firmware and software present on your machine are different things.
Are most (volume) CMs based in China: Yes.
Do you have any assurance of what you purchased: No.
Qotom doesn't care about after the sale.
Moreover, the primary means of funding the continued development of pfSense is via appliance sales.