PfSense/Netgate Hardware recommendation
-
Hello -
I am new to pfsense and am looking to replace my existing router (ASUS RT-AC68U running Tomato) with something with a bit more power for home use. Currently have 300/30 cable based internet but am upgrading to 1GB symmetric fiber once AT&T finishes in my neighborhood (2-3 months) primarily for the lower latency of fiber. I use a Ubiquiti Unifi Pro AC access point for wifi.
Use scenario is: 3-5 openvpn connections - 3 on basically all the time. Mix of 6 desktop and laptops and one ESXi server with 5 VMs including a ZFS NAS serves media content both internally and to a vacation house. Everything wired for gigabit except 3 laptops and some smartphones on wifi.
Would like to be able to do content filtering for kids devices which I currently can't really do with the ASUS. ASUS also gets pretty slow with more than 1 OpenVPN connection.
If I were to go pfsense, I would purchase from the store. I am curious which of the models would best suit my needs. Would like some growing room and the ability to support MultiWAN.
I was thinking the SG-2440 was right but then wondered if the SG-4860 might better handle the openvpn traffic. Suggestions?
-
Go with the SG-2440. I'm using one on Comcast 125/25. Multiple VLANs, also maintain a full time site-to-site VPN to Microsoft Azure. The CPU doesn't budge on this thing. Been 100% stable for the year of so I've had it. Highly recommended.
Also have Ubiquiti AC Pro's.
-
Hello -
I am new to pfsense and am looking to replace my existing router (ASUS RT-AC68U running Tomato) with something with a bit more power for home use. Currently have 300/30 cable based internet but am upgrading to 1GB symmetric fiber once AT&T finishes in my neighborhood (2-3 months) primarily for the lower latency of fiber. I use a Ubiquiti Unifi Pro AC access point for wifi.
Use scenario is: 3-5 openvpn connections - 3 on basically all the time.
I was thinking the SG-2440 was right but then wondered if the SG-4860 might better handle the openvpn traffic. Suggestions?
OpenVPN is single threaded, so 3 connections (assuming these are client connections; ie your pfSense box is the client) will be best served with the 4860. The four cores + added CPU speed per core will serve you well in that regard, even with your current 300Mbps connection.
-
OpenVPN is single threaded….
Hope this improves. I'm curious how much better OpenVPN will be once it natively supports AES-NI (for AES-GCM) as well as hopefully goes multi-threaded. Then our Atoms will be able to handle gigabit Internet OpenVPN better.
-
Thanks for the advice. I think I'm going to punch the button on the SG-4860 - probably overkill for my needs but hopefully will support me well into the future, especially if the Intel Quickassist technology becomes viable. I also really like the idea of supporting the project and don't mind paying a bit of a premium to support software that works.
-
You won't regret it, especially once you hit the 1Gbps WAN mark and want to use OpenVPN tunnels. You haven't detailed your OpenVPN usage, but if you're like a lot of us and using tunnels from a provider like PIA, many of us have had good luck using multiple tunnels simultaneously aggregated into a gateway group. Even with a powerful CPU, that's the only way to really max out a big WAN connection with OpenVPN as a client. Check out this thread that I started; the good stuff starts at the bottom of the first page: https://forum.pfsense.org/index.php?topic=115992.0 And the good stuff is not my contribution, it's thanks to user M_Devil.
EDIT: I should also give props to user mauroman33, who helped me tune my single tunnel connections. That plus the multiple tunnel config really got it singing. And I'm only on a 150Mbps connection. It took the tuning + an upgrade from a dual core 1.4GHz CPU to a quad core 2GHz cpu to really get the most out of even that.
-M
-
Thanks for the advice. I think I'm going to punch the button on the SG-4860 - probably overkill for my needs but hopefully will support me well into the future, especially if the Intel Quickassist technology becomes viable. I also really like the idea of supporting the project and don't mind paying a bit of a premium to support software that works.
At first go with that SG-4860 you wont regret it anymore and anytime! For the VPN tasks, I would
give you the tip to chose the IPSec (AES-GCM) you would be able to get something around ~500 MBit/s
+/- some MBit/s more or less!!! It is based on using the AES-NI which is used by AES-GCM algorithm.