3rd party appliance equivalent to SG-5100 or better



  • I live in Australia, and once you take into account currency conversion and import taxes, it makes the SG-5100 way too expensive for what it is. About $1300 once shipping, taxes, and currency conversion takes place.

    Can someone recommend an equivalent third party appliance that would perform the same (hopefully better as I'd love gigabit OpenVPN performance and the SG-5100 can only do around 200mbps).

    I really only need two NIC's too - its all about performance for me.

    Thanks in advance.


  • Netgate Administrator

    For anywhere near Gigabit OpenVPN for a single connection you need the best single thread performance you can get. So that's likely to be a fewer cores at higher frequency CPU like a recent i3.

    Steve



  • Thanks for that. What about something like these two options?

    Option 1: https://www.ebay.com.au/itm/HP-T620-Plus-Quad-Core-16GB-SSD-4GB-RAM-5-x-1GbE-pfSense-Firewall-Router/362534705073?hash=item5468c097b1

    Option 2: https://www.ebay.com.au/itm/Intel-Core-i3-4GB-Mini-PC-Firewall-Router-Network-Appliance-pfSense-Dual-NIC/223088961412?hash=item33f1236784

    Note that Option 1 is 50% of the cost of Option 2 given that Option 1 is based in Australia whereas Option 2 will come with international shipping and custom duties.



  • G'day Larrikin,

    That HP box has Realtek NICs. Wouldn't go there.

    As Steve hinted, OpenVPN is single-threaded, so you'll want something faster than either of those CPUs.

    See if you can find something above 3GHz with say two cores. A used HP desktop maybe. Even then, 1Gb over OpenVPN may not be achievable.



  • @biggsy OK thanks for your help. As it happens, I'm currently on 100mbps down, 40 mbps up, and my mate is on gigabit (he is in New York and I am in Australia). I doubt I'll be on gigabit for a while, so at the moment I use a PC that is way over spec'd. Taking latency and networking conditions into account, I get around 85mbps down and about 35mbps up on the OpenVPN.

    I think what I might do is pick up a second have SG-4860 as they can be pretty cheap on ebay from time to time. I want to move away from using my PC for a variety of reasons and get down to using an appliance.

    I imagine that will handle those speeds above fine?

    And let me ask you this.

    If I could get a SG-4860 for the same money as option 1 above, which would be a better buy? Note that Option 1 also has 4 ports that are Intel so I wouldn't need to even use the realtek NIC.



  • If your going to look at an HP Thin Client use the t730. It has a 2.8GHZ CPU which actually does pretty well with our OpenVPN tunnels. We use a few of them.

    Then pick up a server card for the ethernet ports.

    Keep your eyes open on the ebay search page. These can be had brand new for cheap. https://www.ebay.com.au/sch/i.html?_from=R40&_trksid=m570.l1313&_nkw=HP+T730+Thin+Client&_sacat=0

    Then we use these- https://www.amazon.com/gp/product/B003TLAUPC/ref=od_aui_detailpages00?ie=UTF8&psc=1

    https://www.amazon.com.au/gp/product/B003TLAUPC/ref=od_aui_detailpages00?ie=UTF8&psc=1

    If your in need a 12vdc power supply can be found for these pretty easy as well

    AMD RX-427BB with AMD Radeon(tm) R7 Graphics
    4 CPUs: 1 package(s) x 4 core(s)
    AES-NI CPU Crypto: Yes (active)



  • Thanks for that - if I go the other way, and try and do this in stages and buy something much cheaper (I reckon I can get a SG-4860 for less than AUD$300), because my gigabit requirements wouldn't be needed for sometime, would a SG-4860 do this:

    "As it happens, I'm currently on 100mbps down, 40 mbps up, and my mate is on gigabit (he is in New York and I am in Australia) and also he is the VPN server on a beefy PC. I doubt I'll be on gigabit for a while, so at the moment I use a PC that is way over spec'd. Taking latency and networking conditions into account, I get around 85mbps down and about 35mbps up on the OpenVPN."

    I obviously want the above to also handle (non VPN) the 100mbps / 40 mbps up as a normal firewall, but I understand the SG-4860 would eat that for breakfast.

    Would a SG-4860 handle those OpenVPN speeds above fine?


  • LAYER 8 Rebel Alliance

    Have you asked the Netgate Partners in Australia for the SG-5100?
    https://www.netgate.com/partners/locator.html#australia

    -Rico



  • @rico Well, the SG-5100 would be well over AUD$1k (probably around AUD$1300 when they would take into account shipping and taxes). That's the cost AUD$1300 for directly importing it. Also, those partners aren't resellers - not one of them. They are all IT consulting houses and don't do equipment only sales. They offer an entire IT offering.

    Anyway, all of that is kind of not relevant as the SG-5100 will unfortunately never be suited for my longer term purposes. I would only want to spend that kind of money on something that could handle gigabit OpenVPN, and for less money than an SG-5100, I could build a micro ATX computer which would eat the SG-5100 up in terms of performance. That's something I don't understand that Netgate don't take into consideration.

    Anyway, in the meantime, I reckon I can pick up a SG-4860 for around AUD$300 which is over a third of the price of the SG-5100 and probably handle the speeds I need for today (just not for the future) which I just want to get confirmation that it could handle the same speeds as what I've mentioned below:

    "As it happens, I'm currently on 100mbps down, 40 mbps up, and my mate is on gigabit (he is in New York and I am in Australia) and also he is the VPN server on a beefy PC. I doubt I'll be on gigabit for a while, so at the moment I use a PC that is way over spec'd and want to replace it with an appliance. Taking latency and networking conditions into account, I get around 85mbps down and about 35mbps up on the OpenVPN."


  • Netgate Administrator

    Getting close to Gigabit OpenVPN on a single link will require all the performance you can get. So not a low power mobile i3 like that one linked. As fast as possible like 4GHz+.
    You may well end up limited by the other end before that though.

    Or use a provider that can do IPSec instead.

    Steve



  • @stephenw10 yep. thanks. I’ve spec’d a micro computer with an i7 quad core 4ghz and comes to a total of aud$800 which is way cheaper than an sg-5100, and will easily outperform it. It includes a gold low power supply so little energy other than powering that cpu.

    however, as previously stated, i want to hold off spending that for future proofing, and just get something that meets my needs now.

    looks like i can get a second hand sg 4860 for aud$300 which should do my existing open vpn speeds as stated above. would that be correct?


  • Netgate Administrator

    Yes an SG-4860 will do 100Mbps OpenVPN with pretty much any settings.

    Steve



  • How about a used Dell Optiplex 9020 SFF ?

    https://www.ebay.com.au/itm/Dell-OptiPlex-9020-SFF-Core-i7-4770-3-4GHz-8GB-Ram-128GB-SSD-Win-10-P/253373075009?hash=item3afe364e41:g:1-UAAOSwlAZaT41m

    4 core i7 (up fo 3.9 GHZ) with , 8GB RAM + 120GB SSD, plus a Win10 license for 350$AU

    Add a chinese knock-off i350-T4 network card for 60$AU.

    The i5 version is available for only 270$...

    I run the i7 version with ESXi and 16GB RAM. It handles a 50/20 NBN connection withoit breaking a sweat... I have tried OVPN and could achieve 45Mbit/sec during the day.
    At night times my provider or NBN starts dropping UDP packets and VPN throughput becomes unusable at 1.5 MBit/sec. Back to 45 again after 11pm.