Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ALIX and VPNS… VPN accelerator card?

    Scheduled Pinned Locked Moved Hardware
    3 Posts 3 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sjeffrey
      last edited by

      Hi,

      Ive used many ALIX 2D1 firewalls in the past with pfsense, and they have been rock solid.

      Now i have a client who will need about 16 VPN connections from individual machines (using pptp?) and possibly a couple of ipsec site to site VPNs.  This is all going to be running over a 20MB ADSL connection (2mb up).

      What im wondering is whether the 2D1 will handle the throughput of this or if it will struggle?  Are the vpn1411 (vpn accelerater) cards any good and are they worth it?

      or alternatively does any one know of a better similar price appliance that will do the trick?

      According to the spec of the 2D1 it has a crypto accelerator built in, is this any good?

      Also just out of interest what do people use infront of their monowall to connect to the ADSL?  Do the draytek vigor modems work well?

      Thanks in advance.

      Stuart

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The 2D1 only has a 433MHz CPU vs the 500HMz of the 2D3, but I have only run numbers on the 2D3.

        The number of connections doesn't matter quite as much as the total throughput. The built-in acceleration on the CPU does help, but only with certain ciphers, AES-128 to be specific. The VPN accelerator card you are talking about does improve the throughput quite a bit, but I haven't used one myself.

        You should be able to pass 20Mbit of VPN traffic for sure with an accelerator card, the 2D3 passes about 30-33Mbit/s with that 1411 card in it, from what I've heard.

        Some more info can be found here:
        http://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • valnarV
          valnar
          last edited by

          @sjeffrey:

          or alternatively does any one know of a better similar price appliance that will do the trick?

          Well, there is no "similar price appliance" that is faster than the ALIX.  If there was, nobody would buy the ALIX.  You'll have to spend more if you want better performance, and I would recommend so if you are going to be using a lot of VPN's.

          If small and fanless are primary concerns (ala ALIX), then you'll have to go up to an Atom board or something like this:
          http://www.netgate.com/product_info.php?cPath=60_85&products_id=659&osCsid=711837e0c197d75c5a4285a6566682c7

          If size doesn't matter, then any number of more powerful PC's would do the trick.  A Pentium III would be more than adequate.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.