Will this old laptop handle a 60Mb VPN?
-
I have an old laptop I'm considering using for pfsense. It's just for home use, two users, plus a plethora of internet connected appliances, tablets, Netflix devices, etc.
I'd like it to run as a VPN client to a service like privateinternetaccess.com or PROXPN or something similar. I have a 60/30 Mbit Verizon FiOS connection.
The laptop is a Dell Latitude D520 with an Intel T5500 Core2Duo 1.66Ghz CPU and 1GB of RAM. Will it have the power to push 60 megabits of VPN?
It only has one Ethernet port. So I'd need something like this? ExpressCard 1x RJ45 Gigabit Ethernet Card
One more question:
Does the pfsense machine have to be the first thing connected to the FiOS modem? like this:Internet <--> Fios Modem <--> pfsense box <--> DD-WRT Router <--> my computers and wifi devices. et. alOr can I put it anywhere on my network after the router? like this:
Internet <--> Fios Modem <--> DD-WRT Router <--> my computers and wifi devices. et. al ^->pfsense box -
I'm not sure about the chipset of that NIC you are talking about buying.
You could just as easy buy a VLAN switch.
Is the single port you have available now gigabit?I'd think your processor should be fine. The only reason I don't use a laptop myself is because the ones I have won't auto-boot on power restore after a power outage and I need all my things to boot even if I'm not there to hold their hand after extended outages. If your laptop has settings in bios to allow this, I'd set them.
Also, FIOS can be a bit of a pain to dump the Actiontec for routing. I use FIOS and getting it into bridge mode wasn't too bad, but I don't use their TV service. If you dump actiontec, the set top boxes stop working unless you do additional configs to make them work.
If you ask me, Verizon was on crack when they came up with their system.
If you leave the actiontech in place, you can run the pfsense on top of it and then run whatever you want through pfsense / openvpn. Should be fine. Please give pfsense LAN an IP other than 192.168.1.1
-
It should. As a comparison a 1.6GHz Atom can push ~50Mbps of OpenVPN. The Core2 is quite a bit faster than that.
You can put it anywhere on the network if it's simply serving as an OpenVPN client. However how are you planning to route traffic through it? All traffic from every machine? It will probably be easier to have it between the machines using the VPN and the rest of your network.
Steve
-
If you switch the FiOS service from MoCA to Ethernet you can eliminate both the FiOS modem and DD-WRT Router.
If you use a VLAN capable switch the express card NIC can be eliminated.
My setup is:
WAN: FiOS ONT <–> (Untagged VLAN 99) Switch (Tagged VLAN 99) <--> pfSense
LAN: pfSense <--> (Untagged VLAN 1) Switch (Untagged VLAN 1) <--> Clients & WLAN WiFi AP
TV services such as guide data, VOD, PPV, widgets:
STB (HD-DVR) <--> (MoCA) Actiontec MI424WR (WAN Ethernet) <--> (Untagged VLAN 99) SwitchpfSense router machine is a DELL 5100 Inspiron, Intel(R) Pentium(R) 4 CPU 2.66GHz, 2GB, 4GB USB Flash Drive
Switch is Cisco SG200-08 -
I'm not sure about the chipset of that NIC you are talking about buying.
You could just as easy buy a VLAN switch.I don't know what a VLAN switch is.
Is the single port you have available now gigabit?
I'm pretty sure it's just 10/100.
I'd think your processor should be fine. The only reason I don't use a laptop myself is because the ones I have won't auto-boot on power restore after a power outage and I need all my things to boot even if I'm not there to hold their hand after extended outages. If your laptop has settings in bios to allow this, I'd set them.
Good advice, thanks.
Also, FIOS can be a bit of a pain to dump the Actiontec for routing. I use FIOS and getting it into bridge mode wasn't too bad, but I don't use their TV service. If you dump actiontec, the set top boxes stop working unless you do additional configs to make them work.
If you ask me, Verizon was on crack when they came up with their system.
If you leave the actiontech in place, you can run the pfsense on top of it and then run whatever you want through pfsense / openvpn. Should be fine. Please give pfsense LAN an IP other than 192.168.1.1
No worries there. The Actiontec has never been a part of my network. I've been Ethernet from the ONT since day one. I use a TiVo as my STB, so there hasn't been any issue with that.
-
It should. As a comparison a 1.6GHz Atom can push ~50Mbps of OpenVPN. The Core2 is quite a bit faster than that.
Perfect.
You can put it anywhere on the network if it's simply serving as an OpenVPN client. However how are you planning to route traffic through it? All traffic from every machine? It will probably be easier to have it between the machines using the VPN and the rest of your network.
Steve
Yes, I want everything to go over the VPN.
The DD_WRT router has some advanced features, like Samba and a DLNA server, that I'd still like to use. Would that make a difference in where I should locate the pfsense box in the network?
-
You sound like you are all set to get going on this then.
Well - Where to start. VLANS - A VLAN switch lets you do this for instance.
Take a 5 port VLAN switch.
Plug one of its ports into your ONT.
Plug another of its ports into your Laptop.Use the single port on the laptop as both the WAN and the LAN.
Then Have two free port on the VLAN switch to plug in a dumb switch, to call your LAN, a Wireless AP, also on the LAN subnet and maybe a wirless AP for guests that is isolated from your private LAN.
-
If you switch the FiOS service from MoCA to Ethernet you can eliminate both the FiOS modem and DD-WRT Router.
I already have my DD-WRT router in the place of the Actiontec router from Verizon. I get Ethernet straight out of the ONT.
I like my DD-WRT router. It is a Samba and DLNA server for my home network. It also has great WiFi. I would like to keep these features.
If you use a VLAN capable switch the express card NIC can be eliminated.
My setup is:
WAN: FiOS ONT <–> (Untagged VLAN 99) Switch (Tagged VLAN 99) <--> pfSense
LAN: pfSense <--> (Untagged VLAN 1) Switch (Untagged VLAN 1) <--> Clients & WLAN WiFi AP
TV services such as guide data, VOD, PPV, widgets:
STB (HD-DVR) <--> (MoCA) Actiontec MI424WR (WAN Ethernet) <--> (Untagged VLAN 99) SwitchpfSense router machine is a DELL 5100 Inspiron, Intel(R) Pentium(R) 4 CPU 2.66GHz, 2GB, 4GB USB Flash Drive
Switch is Cisco SG200-08This is over my head. I never even heard of a VLAN switch before a few minutes ago. I need some time to digest this.
-
And - How much bandwidth up/down do you get with your FIOS service?
I'd want to put the box with the SAMBA server higher than pfsense, as far as NAT goes.
So, ONT > Switch > pfsense > DDWRT machine with SAMBA. (Thats logical order - physical order will appear to have pfsense and DDWRT parallel since they would be on same switch, but they wouldn't be logically)
-
And - How much bandwidth up/down do you get with your FIOS service?
I'd want to put the box with the SAMBA server higher than pfsense, as far as NAT goes.
So, ONT > Switch > pfsense > DDWRT machine with SAMBA. (Thats logical order - physical order will appear to have pfsense and DDWRT parallel since they would be on same switch, but they wouldn't be logically)
It's a 50/25 (down/up) megabit connection, but speedtest.net has been clocking it at closer to 60/40.
The VLAN switch allows me to make virtual LANS? So as long as I plug things into it, the switch makes them act like they're in whatever order I want. But I'm cheap, and that Cisco SG200-08 is $100. Are there less expensive VLAN switches?
And this is preferable to adding an ethernet card to the laptop because it may not be supported in OpenBSD?
-
I got a Dell 24 port VLAN gigabit managed switch on ebay for $30. So, yeah. You can find em cheap.
3COM is the actual maker…
I like mine alot.http://www.ebay.com/sch/i.html?_trksid=p2050601.m570.l1313.TR0.TRC0&_nkw=3CRBSG2893&_sacat=0&_from=R40
In the mean time, you can shop a 5 port VLAN switch - 5 is probably all you need.
As for the card, I can't vouch for its drivers. Hard to know. -
Yup your getting (the VLAN thing). Here's the wiki if you care.
http://en.wikipedia.org/wiki/Virtual_LANI also have one of these which last I saw Newegg had for $79:
NetGear GS108TBut I do like the Cisco SG200-08 better though.
You're going to have to spend some money either way (second NIC vs. VLAN switch).
If you can track down the nic chip set, one of the pfSense gurus could probably give a thumbs up or down on driver support. Otherwise it's a roll of the dice. When spending money it is typically advisable to go with the known.
-
Will the VPN provider guarantee 60/30 Mbit level of service?
-
A couple of the feedbacks indicate that this one works with pfSense.
http://www.newegg.com/Product/Product.aspx?Item=N82E16839158038So if you're set on going the dual NIC route this one is probably more likely to have driver support.
-
Will the VPN provider guarantee 60/30 Mbit level of service?
Here's what I'm getting now on APOVPN.com This is with the VPN client running on my deskto computer (xubuntu 12.04)
"Guarantee" is a strong word, but they can certainly support the speed.
-
A couple of the feedbacks indicate that this one works with pfSense.
http://www.newegg.com/Product/Product.aspx?Item=N82E16839158038So if you're set on going the dual NIC route this one is probably more likely to have driver support.
Great find! Another feedback says it's a Realtek RTL8111/8168B:
sudo lspci -vvv
Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)I looked through the hardware compatibility list, but didn't see that. Maybe I'm reading it wrong, because at least two Newegg reviewers are using it.
As I was falling asleep last night, I remembered that DD-WRT can do VLANs.
I need to do more homework on this, but here's my plan:
Use the DD-WRT router as the VLAN switch as mentioned above.
I'll also buy the ExpressCard Gigabit Ethernet Network Adapter Card.
If the VLAN thing on DD-WRT doesn't work out, I can make the pfsense box the gateway.
If it does work out, I'll at least have upgraded the old laptop to Gigabit speed.I'm assuming the on-board 10/100 NIC in the laptop can't really handle 60 megabits. I guess I'll find out. :)
-
I don't think DDWRT will give you VLAN tagging. I'm pretty sure it only handles creating untagged VLANS, which means it will not help you if your laptop only has 1 port.
So, you will either need that NIC card (which is looking pretty good) or a true managed VLAN switch.
(If I am wrong about the VLAN tagging, anyone feel free to correct me)
-
Well it does VLAN tagging, provided it's not broken on particular hardware. :D
http://www.dd-wrt.com/wiki/index.php/VLAN_Bridging_WAN_and_a_LAN_port#802.1q_VLAN_trunk
-
My thinking (or pehaps misunderstanding) was that the VLANS exist within DDWRT such that you can do things like making dual WANs that are isolated or created Isolated LANs but that DDWRT didn't actually tag VLANs such that you could have say VLAN 20 and VLAN 30 ride on a single port of DDWRT.
However, I'm used to being wrong, so if I am, it will be no great surprise. Happens alot.
If It will work just fine that way, I've wasted some money buying another switch. -
OK - I see the source of my confusion now… Not all DDWRT routers support tagging of trunks.
The ones that do are listed here in the 802.1q VLAN's column:
http://www.dd-wrt.com/wiki/index.php/VLAN_Support
Also, "I'm assuming the on-board 10/100 NIC in the laptop can't really handle 60 megabits." - I'd bet that it can.
-
Yes, interesting isn't it. Fundamentally almost all SOHO routers use a VLAN capable switch chip internally. To get them talking VLANs externally should be a software exercise only but it's often not that straight forward. This also has implications for their throughput. Usually at least one port is directly connected to the CPU and all the others are in fact switch ports. The best throughput can be obtained using only one switch port.
Steve
-
Actually - It was you who mentioned this to someone else earlier (much earlier) and got me to take at look at that. Before that, I was considering trying to use DDWRT for VLAN, but then decided its probably a pain and perhaps not great solution.
