Hardware recommendation on 40mbps openvpn wifi for home



  • Hello,

    i need some help, i would like a low cost pfsense for my home. I look some material but i can't decide.

    I use openvpn with encryption so first with the best cpu for speed ?

    After just need two ethernet and wifi.

    thanks for your help


  • Banned

    I recommend the Apollo lake boards for just about all low end setups. They are new, cheap, low power and passively cooled. They have the latest iteration of AES-NI so will have no trouble with your VPN needs. They have on board realtek NICs so don't use that, but for how cheap they are that doesn't matter for home users unless you need >4 ports. Just get a used Chinese i340 off of eBay, two or four ports as needed. You can get them for like $20. They are low power and will do more than you ever need.

    Install 2.4.0 BETA, buy two cheap 4GB USB 2.0 flash drives and install pfSense on them.

    If you have old laptop DDR3 you aren't using throw it in this box, if not get some cheap used DDR3L on eBay. One stick of 2GB will be fine.

    Same thing for PSU and case, reuse or buy whatever's cheap and used. For PSU you can use a pico PSU for no moving parts but they aren't generally the best PSUs and can cost more than a cheap used one so I wouldn't fixate on that.
    Basically, for light home use pfsense will exceed your expectations on a cobbled together old PC. Just about any hardware will meet your needs so keep it cheap and low power and you'll be smiling!


  • Banned

    I forgot to mention, for wifi, I'm betting you have a wifi router that you are already using? If so keep using it. Just turn off NAT, DHCP, etc and use it as an access point only. pfsense is actually not great with wifi.
    Even if you were having problems with your old router that pushed you too use pfsense, you can still probably use it as a very capable AP.

    Many SOHO wifi routers are great at providing wifi but choke on the actual routing. When you offload all of the routing to pfSense then the SOHO router's usually work great as an AP.

    If for whatever reason you don't have a router right now, just about any wifi router with a good reputation that is cheap will be perfect. Ubiquiti's wifi APs are excellent but cost a little more.
    Just don't overpay, your performance needs are very modest. If you have a large area to provide wifi to you are better off getting multiple cheap units than one high performance unit.



  • thanks,

    maybe an other recommendation with two intel nic onboard.


  • Banned

    You want integrated Intel NICs? Sorry, I'm having trouble understanding.


  • Banned

    I hope you have a good reason to buy integrated Intel NICs as opposed to PCIe NICs, because you're going to pay for it.

    Here's a good one, you can get a low end one for About $50 cheaper.

    https://www.google.com/shopping/product/17454870263670139066?lsf=seller:8438988,rt:2&prds=oid:15619456682933928196&q=X11SBA-F&hl=en&ei=Wm7CWJqoOMeWjwPNmoP4DQ&lsft=gclid:Cj0KEQiAuonGBRCaotXoycysvIMBEiQAcxV0nG5Aap3NpbwJw97caIMvRd0BZbqK-6Guz8C03a1Ux50aAogu8P8HAQ



  • Good luck on getting your device to pass 40 Mb it across a vpn.  Not sure what kind of traffic you were trying to pass but if it is SMB you may find it difficult to get over 10 MbIt.


  • Banned

    @kapara:

    Good luck on getting your device to pass 40 Mb it across a vpn.  Not sure what kind of traffic you were trying to pass but if it is SMB you may find it difficult to get over 10 MbIt.

    Getting what device to pass 40Mb of VPN? 40Mb is a pretty small order for anything with AES-NI.



  • Not true.  I have virtual pfSense with aes-ni and c2758 also with aes-ni and lucky to push 8mbit doing smb file transfer.  Iperf will saturate the link and can get much higher but just warning you about SMB will be slow!


  • Banned

    @kapara:

    Not true.  I have virtual pfSense with aes-ni and c2758 also with aes-ni and lucky to push 8mbit doing smb file transfer.  Iperf will saturate the link and can get much higher but just warning you about SMB will be slow!

    What is it about SMB that taxes the CPU so much? I'm not familiar with it at all. I don't think OP mentioned it either. For normal/non-SMP(?) Open VPN traffic though, modern low end CPUs with AES-NI can push 40Mb no issues at all.

    http://www.firewallhardware.it/en/pfsense_selection_and_sizing.html

    In this performance test everything better than a 4W ALIX 500MHz AMD Geode LX800 that's coming up on a decade old gets >50Mbps OpenVPN AES-256 on pfSense.
    This includes N2930 @ 1.86 GHz without AES-NI.


  • Netgate Administrator

    SMB can be very bad across higher latency links like that. Nothing to do with the hardware or VPN. SMBv3 usually performs much better if you can use that.

    That link is giving me UK costs and they are more expensive than our SG-2220 which obviously I recommend. That should be good for ~100Mbps OpenVPN. More with OpenVPN 2.4 that can use the hardware encryption.

    Steve


  • Banned

    Thank you for the explanation!

    I was definitely not recommending the linked hardware. I only linked it for the benchmarks.

    I actually linked it to show that even old crap hardware can achieve 40Mbps on OpenVPN with pfsense.


  • Netgate Administrator

    Indeed, almost any relatively new x86 hardware should be good for 50Mbps OpenVPN throughput. The FW-7541 we used to sell with an Atom D525 for example.

    Steve


  • LAYER 8 Global Moderator

    smb over high latency is crap because of how chatty it is.. Do a sniff of a smb file transfer over your lan.. Now multiple the number of packets by your latency and you will see how it sucks!



  • thanks for all your answer.

    I need encryption with openvpn so i search an hardware with no limit the speed ( like my home computer ).

    I know speed decrease with encryption but try so;e commercial standart router and speed is very very bad ( ddwrt ans tomato firmware to test )


  • Banned

    @berju:

    thanks for all your answer.

    I need encryption with openvpn so i search an hardware with no limit the speed ( like my home computer ).

    I know speed decrease with encryption but try so;e commercial standart router and speed is very very bad ( ddwrt ans tomato firmware to test )

    Yeah, here is an example of a cheap motherboard and CPU that will meet your needs:

    https://www.newegg.com/Product/Product.aspx?Item=N82E16813157726

    Here is an example of RAM that will fit the above board (if you don't already have some used laptop DDR3 lying around):

    http://www.ebay.com/itm/Crucial-4GB-DDR3L-1866-SODIMM-/252787694227?hash=item3adb521a93:g:bkkAAOSwiONYPKwC

    Here is an example of a NIC that will meet your needs:

    http://www.ebay.com/itm/IBM-I340-T2-Dual-Port-Ethernet-Adapter-Card-49Y4232-49Y4231-/322364293417?hash=item4b0e68c129:g:zdMAAOSwXAJYWAc5

    Use the DDWRT router that you already have for wifi, just use it as an access point:

    https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense

    If you don't already have a desktop case and PSU then you can get something like this to put it in:

    http://www.ebay.com/itm/HP-DC7800-SFF-Core-2-Duo-E4600-2-4GHz-2GB-RAM-No-HD-/132122992861?hash=item1ec324e0dd:g:PR4AAOSw44BYdP3U

    If you don't already have a HDD/SSD that you can reuse, then install 2.4.0 BETA and install to a pair of thumb drives in a mirror.
    If you don't have a pair of >1GB USB 2.0 drives laying around then buy a cheap pair from someone like Sandisk.
    https://smile.amazon.com/SanDisk-Cruzer-Blade-Flash-SDCZ50/dp/B00HR36OC6/ref=pd_sbs_147_20?_encoding=UTF8&pd_rd_i=B00HR36OC6&pd_rd_r=DWXBWSY3BKAEP2R81RK8&pd_rd_w=9UayU&pd_rd_wg=3hg2H&psc=1&refRID=DWXBWSY3BKAEP2R81RK8

    If you are starting out with absolutely no used parts you can reuse and buy the linked components then you will have a setup that easily exceeds your needs with low power usage for ~$140.

    You can safely ignore the SMB discussion as you decide which components to buy.



  • thanks a lot, i will check your link.

    Thanks again



  • pfSense SG-2220 & WiFi card & console cable would match really this numbers.

    maybe an other recommendation with two intel nic onboard.

    APU2C4
    mSATA with 16/32/64 GB
    Compex WLNX200 or UBNT SR71-E WiFi card
    Nullmodem cable and FTDI based USB to Serial adapter

    I need encryption with openvpn so i search an hardware with no limit the speed ( like my home computer ).

    Then go for a ASUS Q87T or Jetway NF952-Q170 board and 8 GB RAM and an Intel Core i7 or Intel Xeon E3 :-)



  • @BlueKobold:

    I need encryption with openvpn so i search an hardware with no limit the speed ( like my home computer ).

    Then go for a ASUS Q87T or Jetway NF952-Q170 board and 8 GB RAM and an Intel Core i7 or Intel Xeon E3 :-)

    With no limit on the vpn speed of a 40Mbps link. The APU2 is fine for that.



  • Hello,

    just test with lte 4g connection :

    without vpn 200 mbp/s

    with express vpn software on my i7-4790k juste 50 mbp/s !! aes-256 encryption

    I don't know why.

    Express vpn ? My computer ?

    Have you and idea ??


  • Netgate Administrator

    Probably a limitation at express VPN. 50Mbps doesn't seem that bad for a service like that unless they are guaranteeing more.

    Steve


  • Banned

    @berju:

    Hello,

    just test with lte 4g connection :

    without vpn 200 mbp/s

    with express vpn software on my i7-4790k juste 50 mbp/s !! aes-256 encryption

    I don't know why.

    Express vpn ? My computer ?

    Have you and idea ??

    Try PIA, you should max your WAN easily. It's like $4/mo.



  • thanks,

    i try later.

    My brother with this setup :

    linksys wrt3200acm ddwrt and acevpn :

    without vpn 100 mbp/s ( lte 4g )
    with vpn 50 mbp/s processor run at 3%.

    Acevpn or linksys wrt3200acm ?

    Thanks



  • Well for me Personally.

    1U Case from Ebay AMD A4-5000 APU on an ITX Asrock Motherboard 4GB of RAM Low Wattage 1U PSU 40GB SATA HDD Dual Port NIC from HP
    Total Cost was closer to 200, but thats due to the Case Choice to be fair as i wanted a 1U for a Slim Form Factor (Irony being 1U?)
    But this is used for close to 100 down and 10 up.
    And this also runs a OpenVPN Trunk and full bore and only uses about 20% CPU.
    Due to the AES Support, this helps reduce the bottle neck.

    Hope this helps you :)

    VPN Recommendations: AirVPN



  • @berju:

    I need encryption with openvpn so i search an hardware with no limit the speed ( like my home computer ).

    I know speed decrease with encryption but try so;e commercial standart router and speed is very very bad ( ddwrt ans tomato firmware to test )

    ciao, you could also take a look here

    https://forum.pfsense.org/index.php?topic=115673.0

    I set my old router (Asus RT-AC56U) as AP with no problem connecting to WiFi at maximum OpenVPN speed allowed from my current pfSense router (Celeron N3150).



  • @pfBasic:

    @berju:

    Hello,

    just test with lte 4g connection :

    without vpn 200 mbp/s

    with express vpn software on my i7-4790k juste 50 mbp/s !! aes-256 encryption

    I don't know why.

    Express vpn ? My computer ?

    Have you and idea ??

    Try PIA, you should max your WAN easily. It's like $4/mo.

    hum try PIA and acevpn and not good. Less than expressvpn setup

    And other vpn service can other max speed ?


  • Banned

    Sounds like a co figuration issue. That hardware and those services can easily do 200mbps



  • I contact expressvpn but no solution from hotline  :'(


  • Banned

    I think it's a configuration issue on your end, not theirs. I've seen people report speeds in excess of 600Mbps on PIA VPN. an i7-4790K can certainly exceed 200Mbps on a single thread.



  • Hi,

    what do you think about qotom q370g4 i7 4500u ?

    It's good ?

    Thanks


Log in to reply