OpenVPN Througput: What to Buy? Intel Atom or Alix hardware crypto?
-
Hello there,
I've got kind of a problem with determing the way to go and hope for some suggestions. I've been running an Alix 2D3 since two years with great success. Lately I've switched to cable with 64 Mbit/sec down, 5 Mbit/sec up. Now, I'm planning to tunnel my whole traffic through a tunnel (to get a static IP) to a server I control. I've got the whole OpenVPN stuff setup and ready to go, but:
- Alix 2D3 only gets me whopping 14 Mbit/sec down, 5 Mbit/sec up when using AES-128-CBC, UDP-Tunnel, OpenBSD 4.6
- My Homeserver (Intel E2140) gets me order of magnitude more, but only with 80% CPU utilization
So what I'm now looking for is a permanent and easy to maintain router solution (hence I'm here) that can easily saturate my cable connection without adding too much latency.
I've come across two feasible (I'm a poor student!) solutions:
1.) Add a vpn1411 to the mix
I've read all I could find about OpenVPN on OpenBSD/FreeBSD and this little beast. But the comments here and on the net and the vendor specification differ. They say it can sustain 210 Mbit/sec plus, the "net" says it's more in the range of 45 Mbit/sec. So could it improve the situation to a point where it's near 64 Mbit/sec down or shouldn't I expect anything above 45 Mbit/sec?2.) Throw away the ALIX and go for an Intel Atom D510
This would be a software only solution, but I couldn't find ANY experiences with this processor and pfSense+OpenVPN throughput. Do any of you guys have experience with it?If you should have any nice hacks to push the Alix 2D3 to 64 Mbit/sec without any of the above, I'd like to hear it. I've been benchmarking around with all kinds of options from MSS/MTU to different ciphers.
btw: the server is not limiting, it's 30% utilized when running at 100Mbit/sec AES-256-CBC, UDP-Tunnel.
Thank you in advance and
Greets
-
If you put "device cryptodev;" in the OpenVPN custom options you might get a little more throughput, but it won't top 20Mbit.
I think even with a VPN1411 it still won't get much over 34Mbit.
Atom should get much higher.
-
Hello jimp,
thank you, that did shed a little light on my question.
Any suggestions for what Atom to opt?
Greets
-
For performance, go for an atom d510. There are plenty of boards out there, try to get one with Intel network cards.
-
Hello,
ssooooo, I bought the VPN1411 and it did … nothing. At least not to the OpenVPN througput, using any Engine my OpenBSD offered (cryptodev too).
I will test a little more, but I guess now it's an Atom I have to go for. What a shame.
Greets
