Is pfSense 1.2.3RC1 + Soekris 4801 Adequate For…



  • I just ordered a Soekris 4801 (266mhz, 128mb, 3 ethernet, VPN 1401, and wireless card) and I'm beginning to doubt if it'll be adequate for my needs.

    I'm taking my large pfSense desktop box (1ghz, 512mb ram, 4 ethernet) and setting it up in my dad's basement hooked up to his Fios optical connection.  I'll be moving into a small apartment so I bought the Soekris 4801 for myself.

    I want to hook up a permanent VPN tunnel between both networks.  Behind the 4801 I'll have 2 laptops and an Xbox 360 connected.  With 1.2.3RC1 will it be adequate for the VPN tunnel, watching Hulu, playing Xbox Live and the occasional torrent?

    I'm reading posts online that it might not have the power and I should consider monowall instead, but monowall doesn't have uPNP which is required by the Xbox.



  • xbox doesn't require upnp. upnp simply saves you doing the manual forwarding of ports. Anyway, it's not even necessary to forward ports to play on xbox live, if you don't you'll just get a message warning that your NAT type is strict and that may lead to slower matchmaking.

    That said, the 4801 may or may not be enough to do what you're describing. It depends on your throughput, and especially your vpn throughput. As mentioned on the Hardware Sizing page, the encryption/decryption of vpn traffic increases CPU load, while torrents will increase state table size and therefore RAM requirements. Lots of traffic shaping rules can also increase load.
    http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49

    I wouldn't worry about it too much. If you find your CPU is close to max then you can put a pci or mini-pci encryption card in your 4801. This will take over the heavy lifting from the cpu when passing a lot of vpn traffic, which I think will be your biggest limitation.
    http://www.soekris.com/vpn1401.htm

    db



  • Thanks, I was hoping for an encouraging reply.  The Soekris 4801 is being shipped with the VPN1401 board so I'm not very worried about it now!

    About the Xbox, having an "Open NAT" status compared to anything else is a night and day difference, a must have.  I thought I tried forwarding the thousands of ports necessary and still had a "Strict NAT" status until I enabled uPNP.  I can't remember, maybe I'll look into it again.



  • @mddubs:

    About the Xbox, having an "Open NAT" status compared to anything else is a night and day difference, a must have.  I thought I tried forwarding the thousands of ports necessary and still had a "Strict NAT" status until I enabled uPNP.  I can't remember, maybe I'll look into it again.

    Interesting. I enabled uPNP for my (borrowed) 360 and it still detected strict NAT. Maybe I was doing it wrong.

    Anyway, I could be wrong, and you never know until you try, but I really think with the VPN1401 you'll be fine.

    db


Log in to reply