• Hi All,

    Really quick question. I have a old computer Intel® Core™ i5-660 Processor w/8GB ram running PFSense with Private Internet Access. I'm thrilled with the performance of my setup. However, I'm thinking of getting a smaller PC - perhaps a Qotom or something that takes less power (costs less to run)… I obviously don't want to suffer from a major performance issues and lose much bandwidth. Any insights from the forum on what i should do?

    Thanks for any assistance

  • Netgate Administrator

    That is determined almost entirely by what throughput you need, if that all has to be encrypted and if you need to run packages.


  • Well that's a great question!

    Not sure what I need to do @home on my network - other than I want to protect my family - hence, PIA VPN… (perhaps there are better, but this was my start)
    I run snort...
    I run service watchdog to restart VPN if it drops.

    VPN is encrypted... so I don't know what else I'd need to encrypt.

    My bandwidth from Spectrum is 60/5 (Or about 70Mbps if not on VPN)

    Thanks for any advise or insights.

  • Netgate Administrator

    Ok, at less than 100Mbps there are a lot of options available to you. Almost anything recent will pass that even with all of it over OpenVPN.

    Adding Snort requires some additional processing power but since OpenVPN is single threaded you would usually have spare cycles on other cores available.

    I can't really recommend anything other than our own products here which are well tested and guaranteed compatible, now and in the future.

    The SG-2440 would fit your needs for example.


  • for 60/5, get a J3355B

    It costs $55 for the SoC, add an Intel NIC (preferably i340 or i350 in however many ports you require).

    You can search the forums, the J3355B has been tested up to I think 65Mbps with medium IDS/IPS rulessets and OpenVPN plus some other packages all running at the same time.

  • I found the link to that test -

    63Mbps while running OpenVPN @ AES-256 (this is pointless, run it at AES-128) + Suricata with a solid ruleset, + Pfbng + DNSBL.

    This part sounds perfect for you.