Hardware Suggestions For A Gigabit Connection Through A VPN



  • Hi, I'm thinking of making a PFSense router but I don't know where to start with the hardware. I need it to be able to run a gigabit connection through a VPN without slowing down the download and upload speeds. Also would putting an NVME or 8+ GB of ram and does ECC ram make a difference? Would any of these make it faster in loading webpages for the computers on the network? Thanks!



  • I don't think you're going to find what you're looking for.  1Gbps throughput is easy, but adding VPN to that (and expecting 1Gbps throughput) makes it tough with off-the-shelf hardware.  To answer some of your specific questions, NVME is the best of the best but probably won't provide any measurable difference over a standard SSD.  With pfSense, the storage really comes into play when caching with Squid or similar.  ECC won't make any difference in performance; the only thing it provides is better uptime (think years) which is probably useless unless you intend to run your firewall without rebooting (and therefore without upgrading the software) for extended periods of time.  If you really need 1Gbps VPN throughput you're going to need to look at proprietary hardware on both sides of the connection. If you're asking about something like OpenVPN from one of the many providers out there, I don't think any hardware will do what you want.



  • Thanks, then how about 25MB/s for my home connection? What CPU should I buy to be able to push that through a VPN? Also the VPN I am planning on using is PIA





  • @ArcticWolf_11:

    Thanks, then how about 25MB/s for my home connection? What CPU should I buy to be able to push that through a VPN? Also the VPN I am planning on using is PIA

    That's a lot easier.  What kind of platform are you looking at?  Embedded?  Socketed?  Already have some parts?



  • @whosmatt:

    @ArcticWolf_11:

    Thanks, then how about 25MB/s for my home connection? What CPU should I buy to be able to push that through a VPN? Also the VPN I am planning on using is PIA

    That's a lot easier.  What kind of platform are you looking at?  Embedded?  Socketed?  Already have some parts?

    No parts yet, I was thinking about a micro atx motherboard with 2 1x slots for 2 dual port gigabit nics and a pcie 16x slot for wireless AC through my house. Also was thinking about an i7 6700k for it too as in the future I may get my home connection upgraded to gigabit. Any suggestions?



  • @ArcticWolf_11:

    No parts yet, I was thinking about a micro atx motherboard with 2 1x slots for 2 dual port gigabit nics and a pcie 16x slot for wireless AC through my house. Also was thinking about an i7 6700k for it too as in the future I may get my home connection upgraded to gigabit. Any suggestions?

    Skip the wireless.  As many have said, AC is not supported in FreeBSD or pfSense yet, and you're much better off with a dedicated AP in any scenario.  As for the rest, I have yet to see a proper NIC in a PCIe 1x slot.  Most server class NICs are in an x4 slot, which will work in the x16 on any board, as long as it actually supports that many lanes (some smaller boards I've seen have a physical x16 slot that only supports x1 electrically).  So if you only have a single x16 slot, go for a quad port x4 NIC.  They can be had pretty cheap now for older hardware, which will work fine.  Perhaps it consumes a few more watts but in a non-embedded form factor a few watts is not a bother. The 6700k is a great CPU, no doubt, but way overkill for a home router, even with a 1Gbps connection.  I'd look at an i3 Skylake at the high end or a Celeron or Pentium to start.  If you're on a Skylake motherboard and need more CPU, you can always drop in an upgrade.  2GB of ram is enough, 4GB is probably the sweet spot since the price difference is negligible.  I'd go with a small SSD (30 or 60GB or so).  Hope this helps.



  • @whosmatt:

    @ArcticWolf_11:

    No parts yet, I was thinking about a micro atx motherboard with 2 1x slots for 2 dual port gigabit nics and a pcie 16x slot for wireless AC through my house. Also was thinking about an i7 6700k for it too as in the future I may get my home connection upgraded to gigabit. Any suggestions?

    Skip the wireless.  As many have said, AC is not supported in FreeBSD or pfSense yet, and you're much better off with a dedicated AP in any scenario.  As for the rest, I have yet to see a proper NIC in a PCIe 1x slot.  Most server class NICs are in an x4 slot, which will work in the x16 on any board, as long as it actually supports that many lanes (some smaller boards I've seen have a physical x16 slot that only supports x1 electrically).  So if you only have a single x16 slot, go for a quad port x4 NIC.  They can be had pretty cheap now for older hardware, which will work fine.  Perhaps it consumes a few more watts but in a non-embedded form factor a few watts is not a bother. The 6700k is a great CPU, no doubt, but way overkill for a home router, even with a 1Gbps connection.  I'd look at an i3 Skylake at the high end or a Celeron or Pentium to start.  If you're on a Skylake motherboard and need more CPU, you can always drop in an upgrade.  2GB of ram is enough, 4GB is probably the sweet spot since the price difference is negligible.  I'd go with a small SSD (30 or 60GB or so).  Hope this helps.

    Thanks! Do you know any 4x NICs that are cheap on amazon? The ones i'v found were $125+ which is why I thought 2 1x dual NICs at $35 would be better. Will an i3 6320 be able to push 175-200 Mbps through a VPN and a few modules like PFblocker and firewall?



  • @ArcticWolf_11:

    Thanks! Do you know any 4x NICs that are cheap on amazon? The ones i'v found were $125+ which is why I thought 2 1x dual NICs at $35 would be better. Will an i3 6320 be able to push 175-200 Mbps through a VPN and a few modules like PFblocker and firewall?

    Check out the HP NC364T.  4 ports, Intel 82571EB chipset.  I have the 2 port version of the same card and it's great for pfSense.  Looks like around $40 on Amazon.  Not sure about the VPN throughput of the i3 6320 but looking at the specs I expect it will do really well; it has a high clock frequency and supports AES-NI, both of which are what you want for OpenVPN (assuming we're talking about OpenVPN).



  • Thanks, since it can't use wireless AC. Could I plug my PF sense box into the modem and then plug my netgear R7800 into the PF sense box? Like [7800] -> [PFSense] -> [Modem], if I did that would the traffic from the R7800 go through the PF sense box and go through the firewall and the other modules or would it just ignore them?



  • @ArcticWolf_11:

    Thanks, since it can't use wireless AC. Could I plug my PF sense box into the modem and then plug my netgear R7800 into the PF sense box? Like [7800] -> [PFSense] -> [Modem], if I did that would the traffic from the R7800 go through the PF sense box and go through the firewall and the other modules or would it just ignore them?

    If you want to use your R7800 as an access point (and switch) you can just connect the LAN port on pfSense to one of the LAN ports on the R7800.  Just make sure you turn off DHCP server, etc, on the R7800 since presumably you'll want pfSense handling that for you.



  • @whosmatt:

    @ArcticWolf_11:

    Thanks, since it can't use wireless AC. Could I plug my PF sense box into the modem and then plug my netgear R7800 into the PF sense box? Like [7800] -> [PFSense] -> [Modem], if I did that would the traffic from the R7800 go through the PF sense box and go through the firewall and the other modules or would it just ignore them?

    If you want to use your R7800 as an access point (and switch) you can just connect the LAN port on pfSense to one of the LAN ports on the R7800.  Just make sure you turn off DHCP server, etc, on the R7800 since presumably you'll want pfSense handling that for you.

    Ah, will do that once I get the hardware. Thanks for all the help! :D



  • i5 nor i7 setup with 8gb ram+ and intel gigabit network cards. closest you can get without breaking the bank.

    for wifi, use a netgear r7000 with ddwrt



  • About OpenVPN performance: Have a look at
    This thread: https://forum.pfsense.org/index.php?topic=115992.0
    And this post specific: https://forum.pfsense.org/index.php?topic=115992.msg647068#msg647068.



  • @ArcticWolf_11:

    Thanks, then how about 25MB/s for my home connection? What CPU should I buy to be able to push that through a VPN? Also the VPN I am planning on using is PIA

    I misread this post originally.  If you really do mean 25MB/s rather than 25Mbps, then you'll probably want multiple PIA clients and a gateway group to combine them into a single logical gateway.  I'm doing this myself and it works great.  But you'll also want a CPU with more than 2 cores IMO. I know the i3 6320 has dual cores with hyperthreading, so four logical processors available to pfSense, but I'm not sure about how multiple OpenVPN clients will run with hyperthreading vs physical cores.  And if you really are trying for 1Gbps throughput over OpenVPN, it's probably possible with three or four clients combined.  But you'll need the cores to handle it.  Other than the CPU, I stand by my original recommendations for the rest of the hardware.  And for a sub 1Gbps connection, the i3 will probably handle it no sweat.



  • www,serverthehome.com is a good source for hardware

    used 6 core dell westmere systems off ebay seem to be popular picks