Hardware for home network 50mb connection
I am currently looking into building a pfsense box for my home network. I have a 50mb connection and have been looking into configurations. My main question is how powerful does my hardware need to be to achieve reasonable speeds ( above 15 - 20mb) while running a vpn. I am fairly new to the idea of using a vpn and have tried several services but am getting really slow speeds and I dont know whether or not upgrading my router will increase this. Ive read on the forum about hardware crypto cards that plug into mini-pcie interface? Would that increase my speeds.
In short what level of hardware do i need to have good speeds over a vpn for my home network.
For me, virtually any dual core Intel or AMD machine clocked around 2.5GHZ or better will do for a home firewall + VPN on a connection such as yours. For others who run as many packages as they can install on a pfsense box, most notably snort, they will recommend 4 core or more Intel with latest greatest processors and as much RAM as will fit on the board.
So, it depends on where you stand in that spectrum, what you plan to do with it and if its just you or your entire neighbourhood, extended family, and friends also riding on your connection.
P.S. Yo say you are on a 50mb connection? What is your upload speed and download speed? I assume 50 is just download.
Thats important to know because VPNs tend to use bandwidth in a synchronous manner. Your speed is usually limited to at or below the lower of the max up or down of either your connection or the site you connect to.
Example: If my plan is 50/10 connection and the client to my VPN has a 200/7 connection, my max VPN speed will be <=7 (there about)
My connection is a 50mb down and i usually get around 3mb up. Currently Im running ddwrt on a linksys e2500 and the speeds i get on a vpn ranges from 5 to 10mb/ sec down. Im not certain of the server side as I have only tried connecting to several vpn services. The only packages I think I will be running would be snort. So youre saying that there would probably be no need or benefit of running a hardware crypto card. Just a good dual core and some intel nics? I am currently looking at a socket 1155 celeron and putting 2gb of ram and a small hdd with a mini itx mobo.
Thank you for the quick response!
If you normally get "3mb up" without the VPN then, in theory, about 3 would be your maximum VPN speed, assuming you are the weak link as far as speed goes. They could be also, but if they are running a service, they really shouldn't be - one would think.
But yeah, even if you somehow magically get 5 or higher, your ISP bandwidth will be the limiting factor, not decent dual core hardware. You might need hardware crypto cards if you were trying to saturate a 50/50 connection, but honestly, probably not even then. Those cards probably have more impact on the upper limits of throughput when using IPsec on machines with weak low power CPUs across very fast connections. Much Faster than you have.
I wouldn't break the bank unless you get a much faster symmetrical connection with your ISP.
That said, I'm sure if you try you can load enough packages and set enough filters to cripple just about any hardware you buy.
Snort is a little CPU hog though. Maybe lean towards a little more CPU if you must use it to be safe. (although I suspect your specs are fine)
Small note - squid + cache is a great thing to have if you are locked into a VPN and are bandwidth limited. The less you have to pull in across the VPN the better.
Ok so I think what I'll end up doing is just building a solid setup and use squid and snort with a little headroom for upgrading in the future incase i want to add some other packages and ill just connect to my vpn service from the client I have on my computer.
Thank you for the responses!
A vpn client on your computer will do an end run around squid and you wont get the benefit of either squid or snort while using the VPN. Thats the only down side I see to VPN client on the computer vs. on the pfsense.
stephenw10 Netgate Administrator
An Atom will do approx. 50Mbps OpenVPN in one direction.
I have never thought about it too deeply but I can't see why you would be limited to your upload speed. A VPN connection may well require more bidirectional data than an unencrypted connection but you will still get more data in one direction.
If you are using the pfSense box as a VPN server, for securing a public connection for example, then you are limited by the slowest part of the connection.