Small build… again...



  • First post, but I have been lurking here for a little while. Its all started when I tried running openvpn client on one of the consumer grade routers and realized how little performance it's actually got. Even with the fastest encryption method (BF128) I was only able to reach 30mbps. So I started searching for an alternative solution which led me here.

    My current connection is 80/20(no plans for a faster connection atm) and I would like to be able to max that out with openvpn client. All internet traffic will be routed through that. Budget is a constraint in a way that I would love like to spent as little as possible, but still achieve fully what I need.

    I started looking at j3355 boards first (surely it will do what I need and has aes-ni for the future). I could not find any with dual intel LAN (yet alone with quad which ideally I would like to have). I thought, OK, i340-t4 can be had cheaply from eBay and almost went this route when I realized I can't fit this in small cases like m350 which is another constraint that I have (it can't really be much larger than a regular router as it goes in a small cabinet underneath my fish tank :) )

    Next I looked at ready made J1800 box from Aliexpress. It has 4 Intel lan ports and is only $90 for barebone. I prefer this over J1900 due to better single core performance. I read quite a bit about performance and still not convinced it can push through 100mbps over VPN consistently but then again - I'm not sure I need 256 bit encryption and weaker ciphers can almost double the throughput of openvpn. Another reservation is obviously absense of hardware AES…

    And lastly I found 3855U solutions which are similar to J3355 in a way that they don't have dual LANs. I started thinking - may be there is a USB 3.0 to gigabit LAN adapter that is supported by pfSense.

    Any thoughts or recommendations? Or is there some other hardware that could be had cheaply that would fit into small cases?  Thank you.



  • @someuser08:

    Another reservation is obviously absense of hardware AES…

    That will be an issue for both OpenVPN performance and perhaps most critically future releases of pfSense.

    https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html

    …starting with v2.5 all CPU's must support AES-NI!



  • I know. I looked at N3150/N3160 systems but all reasonably priced ones have realtek NICs. So what is worse - not having AES-NI or not having Intel NICs?



  • @someuser08:

    I know. I looked at N3150/N3160 systems but all reasonably priced ones have realtek NICs. So what is worse - not having AES-NI or not having Intel NICs?

    Spend a few more bucks and avoid both.



  • May be I'm not looking at the right things, but at the moment "a few bucks" actually translates into 2-3 times more. As I said I can get J1800 barebone for $90 and N3150 for $100. But ideal configuration of N3150+i211 from jetway would be $300+



  • https://store.netgate.com/MBT-2220-system.aspx
    https://store.netgate.com/MBT-4220-system.aspx

    If you want good hardware you have to spend some money, especially if it needs to be small form factor with low power consumption.



  • Those are definitely not good value for money. If I was going to spend that much I would just get something by jetway or shuttle and not bother with atom based devices…



  • Lol. Good luck then.



  • @Grimson:

    @someuser08:

    I know. I looked at N3150/N3160 systems but all reasonably priced ones have realtek NICs. So what is worse - not having AES-NI or not having Intel NICs?

    Spend a few more bucks and avoid both.

    Couldn't agree more with this sentiment!

    For what its worth - I've had really good experience with Qotom devices, they're reasonably priced for what they offer and more than sufficient for your throughput requirements.  But, still more expensive than the $90 or so you've mentioned in earlier posts.



  • Yes, qotom and minisys devices look interesting and definitely cheaper than netgate ones… This exactly kind of advice I was looking for, thanks  :)



  • If you are going to stay with pFsense, largest support base, you have no choice but go with something AESNI-ready and that means dump Bay Trails. Rather than looking for a kludgy Ethernet dongle, I like the one-LAN-port solution with VLAN, (second port rides on a virtual port) assuming you already have a VLAN-capable ethernet switch. Nick's Hardware on youtube has an excellent video how to configure this, otherwise I don't really know how much cpu u need, I don't run VPN.



  • Forget the J1900. A J3355 motherboard has much better performance and still runs under $60. Then get a case with a riser to mount your quad port card horizontally above the motherboard. Done.

    A cheaper option depending on your location may be an APU2.



  • That connection definitely will do great on an APU2.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy