When is an Intel Core processor needed?
-
@riftor_77 said in When is an Intel Core processor needed?:
I have gigabit Internet and would like all VPN traffic on these 3 devices to reach close to line speed.
That is by far the toughest part of that requirement.
What sort of VPN? How will it be configured?
Steve
-
@stephenw10 The PFSense box will be a client for NordVPN through OpenVPN. I am open to using IPsec, but want to start with the set up that I already know.
My current configuration is almost the same as the PFSense baseline guide with VPN, Guest and VLAN support. Currently, turning on the VPN prevents any machines on any of the VLANs from accessing the Internet, but that's another story.
Only the computers on VLAN 20 will use the VPN. I am still deciding if I want all traffic on VLAN 20 to route through the VPN or segregate some of the traffic into the clear net. I am going to start with a connection to only one of NordVPN's servers, but may add others and further segregate traffic based on protocol.
Let me know if I answered your question.
-
OpenVPN is single threaded so for best VPN performance you want a CPU that has the best single thread speed. A dual core i3 with a high clock is a good choice for that. You're unlikely to see line rate though. And that will be less than 1Gbps anyway because of the overhead.
Running multiple OpenVPN clients and load-balancing them can improve total throughput but also increases complexity significantly.Steve
-
@stephenw10 What is the latest generation of Intel processor supported by PFSense? Also, got any recommendations for motherboards?
-
Hardware support is found here:
https://www.freebsd.org/releases/index.html
For 11.3 (pfsense 2.4.5_p1) it is:
https://www.freebsd.org/releases/11.3R/hardware.html
There is also this:
https://wiki.freebsd.org/arm64
-
Yup, that ^.
I've seen people using gen 10 stuff but the CPU itself is not really the problem it's other components, chipsets etc, that will more likely be unsupported.
Steve
-
@stephenw10 Thank you for all of the responses. I actually looked at the FreeBSD 11.3 hardware notes quite a bit, but I can't find information about supported chipsets on that page. I know that I can look for examples of working hardware on the FreeBSD hardware forum, but I would really like to find a list of supported chipsets so that I can better understand PFSense and FreeBSD. Where can I find this information?
It would also be great to have some guidance on what kind of cool that I will need.
-
A lot of stuff is generically supported so will not be listed. The best way to be sure is use a board already reported to work somewhere or use an older board that is more likely to be fully supported.
Avoid fancy hardware raid controllers, graphics chips or very new NICs.Steve
-
@riftor_77
I would look at some of the Asus server, workstation board's they have some mini-itx and
some micro-atx.Most often they list supported operating system's and if not you can send an e-mail to
support and usually they respond within a couple of day's.Any active cooling should be enough.
-
@riftor_77 I used a Kaby 7320 for several years on a H270 based motherboard without issue, until I realized it was overkill for my needs. That processor rarely hit 10%. Now I am using my old AMD AM1 4 core 2ghz 25w tdp chip setup. The 400meg down I have is overkill in my case but it was only 5 bucks more a month than 200 down. Just one person streaming videos and me running two VPNs into work on weekdays. Little AMD chip works just fine. Now if I had an office here with 20 people going at it, I would be using that Kaby instead of loading Windows on it and using it in the dining room. So you need to look at your use case honestly to answer your question. BTW if I were an online gamer paying for a fiber gig line and was looking for that low latency I would be using that Kaby for PFSense. Just re-read your post about the VPN use- yea for OpenVPN the clock speed is what you want.
Maybe finding an H270 chip motherboard to use your existing chip, would work (I am assuming the chipset was the issue in your case with your motherboard?).