Nice Firewall box from IPC2u

mlabenda

I just found a nice box at IPC2U.de

http://www.ipc2u.de/catalog/M/MB/33520.html

Mobile Celeron 1,2
max 1 GB DDR Ram
4x 100Mbit or 4x 1 Gbit Intel
miniPCI Slot
PCI Slot
2,5 or 3,5 Disks are possible.

Does anybody run this box ?
would be perfekt for my homeoffices with pfsense
Just the price  :(

Perry

I've not tried it but nice to see different systems to run pfsense on, maybe you could ask them to donate one to the pfsense team.

As for a quick compare i would rather buy the fanless FX5620 http://linitx.com/product_info.php?cPath=4&products_id=909

/Perry

mlabenda

I will buy one next week and will ask them to donate on
btw this one is Fanless as well, i talked to them and the Fan is installed but not needed.

But the big question is, what is faster, the Mobil Celeron or the Via C3 ?
And the FX5620 does only support 2,5 inch drives, 3,5 ones are faster, but does that matter for Squid ?

Whatever the FX520 is nice as well.

hoba

The C3 is probably better suited for VPN encryption tasks as it supports padlock (hardware encryption unit). However, a bench between the two CPUs with pfSense would be quite interesting to see for standard tasks.

gbelanger

All C3's do not support hardware crypto. Actually, most earlier generations only provided the RNG so they we not very useful. You need a C3 processor with a Nemeniah core and a stepping of 8 or highter for the ACE (the actual hardware crypto accelerator). Here's some good info about this:

http://www.logix.cz/michal/doc/article.xp/padlock-en

I thought this was a bit underpublished since I ended up, in some cases, owning older C3's with little or no hardware acceleration.

The Via C7, however, is based on the Esther core and offers an even better ACE (Accelerated Crypto Engine).

I think it's important to note that the current stable version of pfSense does not support the hardware acceleration of the PadLock engine (since it's based on FreeBSD 6.1, which doesn't really support it either). This is also the case for most 'specialized' firewall distributions, and should be kept in mind when using the PadLock engine as a sales argument =)

hoba

We did tests with padlock earlier but didn't get it to work. However these have been done with 6.1 so things might have changed. We should probably revisit it again.

mlabenda

Great information so far guys !

I tell you what, i will buy one of this Boxs and if somebody tells me how to do Benchmarks, i will post them.
I have some testing already with different boxes and Firewall Systems.
I got two Outbund Lines in my Office
16.000/1000 ADSL dynamic IP and 2000 SDSL static IP
I have a Pentium 3 866 with 512 MB and 20 GB HDD.
This one runs great with Squid and Snort enabled and Outgoing Loadbalance.
The SDSL is pretty much used for VPN stuff, currently i have two Tunnels open.
One of the Tunnel Endpoint will be moved to pfsense on a Dell 2600 Server (check forum) if it works.

I also tested a Box with a 400 MHz Celeron ULV and a 2,5" drive in it, but this was way to slow to use all the bandwith from the ADSL Line.
Maybe i can get IPC2U to donate a box, if this box runs well i may buy 12 of them for my company so good reason for them to think about a donation.

Btw Great Forum and great pice of Software.

DanielSHaischt

you could try to use the soekris crypto card together with the minipci slot if you want HW crypto acceleration.

Cheers
Daniel S. Haischt

mlabenda

Yeah i got one of the Sekris Cards (miniPCI) and this box does have a miniPCI Slot.
Does pfsense support this card ?
I have read things about it, that maybe the PCI bus can be a bottleneck.
But on a 16Mbit line it shoud be a big deal. I hope
Anway the box has been ordered and i will keep you posted how it works

hoba

The soekris acceleraters are supported. You will see a "hifnXXXX" listed at status>system if it is detected and used.

Nick

Would these Soekris accelerators work with OpenVPN?

gbelanger

hoba:

I've been testing the padlock module with the latest snapshots, the good news if that the module doesn't need to be patched anymore.

By default, OpenSSL does not make use of the padlock engine in my tests. However, I believe FAST_IPSEC can easily be adjusted to take advantage of the padlock module through the setkey utility (see commented lines in vpn.inc).

I'm going to run some tests this week to try and benchmark ipsec with and without the module, I'll let you guys know.

fwuser07

Hi

I'm interessted in the IPC2U box.

Has anyone checked the throughput between two gigabit interfaces? I can't find any datasheet.

ZGamer

@hoba:

The soekris acceleraters are supported. You will see a "hifnXXXX" listed at status>system if it is detected and used.

Been using some older ones with IPSEC tunnels and they work great, better throughput and lower latency than without.

sai

VIA C3, pfSense snapshot 27-2-2007

command:
#openssl engine padlock

gave me ACE but no RNG (ie the crypto engine is recognised, but the random number generator is not there or is not used).

Have no benchmarks though…

covex

@Rusty64bit:

I just found a nice box at IPC2U.de

http://www.ipc2u.de/catalog/M/MB/33520.html

Mobile Celeron 1,2
max 1 GB DDR Ram
4x 100Mbit or 4x 1 Gbit Intel
miniPCI Slot
PCI Slot
2,5 or 3,5 Disks are possible.

Does anybody run this box ?
would be perfekt for my homeoffices with pfsense
Just the price  :(

so… was any testing done on this box? looks interesting...

heiko

Hi, i have bought 10 pieces but the delivery follows….
I will update the information about the box in the next future....
bye
heiko