Pfsense on Soekris net5501 and net4801

  • Dear All,
    Actually, we are investigating in setting up Soekris routers in our Advans
    branches all over Africa (currently Cameroun, DRC, Ghana…). 
    Mainly, the architecture is one Head Office connected to 10 to 15 remote
    branches, with around 100 maximum concurrent connections to the main core
    head office router.
    Main core router should be a net5501, remote branches router net4801.
    As you might see, concurrent connections are small, mainly dealing with our
    micro-banking software.
    Soekris router should be load with pfsense.
    I'd like to find out if it's feasible to use the vpn1401 or vpn1411 or could
    we simply use pfsense without any specific card to run the vpn ?

    Thanks for your help,

    Simon Nayan

  • this,12766.0.html should give you an idea of what to expect from alix/soekris box.

  • I like the 5501 for the head office, but an Alix box might be a better fit for the branch offices. It's close to the specs of the 5501 and cheaper than the 4801.
    There are some rough numbers in this post-,14581.0.html
    Not scientific, but they give you an idea how the crypto cards help. The Geode boards (5501 and Alix) have a built-in crypto chip. As detailed in the referenced post, the driver got incorporated into 1.2.3 builds, but actually didn't help at all and rendered a hifn card useless to boot. I noted this in a support ticket and suggested making glxsb a module instead of in the kernel. I never heard back, and haven't tested recent snapshots. The glxsb driver may be working in the 7.2 based builds. I would suggest you do some tests before deploying. If you need higher IPSec throughput, you may want to stick with 1.2.2 and a hifn.