CPU-upgrade + can I do this?



  • G'morning fellow lovers of the finest firewall in the world  ;D

    I am getting creepy about all this privacy stuff too, so I want to start using a VPN-provider. What I would want to do is this:

    1. Normal @ home: LAN-PC -> PFsense (PFS) -> VPN-provider -> the internet.
    2. Wife when out with her smart phone: somewhere out there: connects with her smartphone to my PFS (I believe this is the OpenVPN-client setup in PFS), and then PFS 'converts' her transfer so that it goes out to my VPN-provider, and from there on she connects to the internet. What I mean is this: when she is in a shopping mall and gets free Wifi, she uses that to connect (using OpenVPN) to our home, and from there on she is routed to, say, my VPN-provider in the USA. Thus, even 'though she is in a shopping mall in Brussels, via my PFS in Amsterdam, she browses using the US VPN-provider.

    From another post from Stephenw10 I learned my current CPU, the Intel Celeron G1610, probably isn't strong enough to do OpenVPN. So I was thinking of replacing it with either a Intel Xeon E3-1265L V2, or with a Intel I5. Would this be a smart idea?

    Thank you in advance for any help  ;D

    Bye :P



  • I'm doing more or less the same.
    When I'm abroad and want to look Dutch television or want to have an IPv6 connection I use openVPN on my laptop or iPad to connect to my PFS box.
    Create a IPv4 (specific nets) / IPv6 (default GW) vpn.
    Only difference here is that you want to go out to the internet through IPsec VPN.

    PFS box is based on intel Atom D525 and it does 60Mbps VPN without problems while running an IPsec vpn to a different site.



  • @avink:

    I'm doing more or less the same.
    When I'm abroad and want to look Dutch television or want to have an IPv6 connection I use openVPN on my laptop or iPad to connect to my PFS box.
    Create a IPv4 (specific nets) / IPv6 (default GW) vpn.
    Only difference here is that you want to go out to the internet through IPsec VPN.

    PFS box is based on intel Atom D525 and it does 60Mbps VPN without problems while running an IPsec vpn to a different site.

    A fellow Dutch man  ;D

    Thank you for your reply; appreciated. I have to admit, right up to where it got interesting, my limited brain failed to understand what you are writing. For that my brain is to blame, not you  :P

    Create a IPv4 (specific nets) / IPv6 (default GW) vpn.
    Only difference here is that you want to go out to the internet through IPsec VPN

    So I need to have IPv4 for specific nets (which specific nets would I want to have?), and IPv6 for another vpn? (But I don't think I have IPv6 at all right now? I think we're still on Ipv4 over here?).

    And IPSEC VPN for outgoing? But my VPN-provider will have OpenVPN because I thought that was more secure(?)

    Yes, I know I am dumb, sorry  :-[

    ( ;D Thank you  ;D)

    PS So a Xeon would be completely overkill? I thought about upgrading to it since my current G1610 CPU (which is still 2,5 times 'faster' than your Atom according to cpubenchmark.net) doesn't have the AES co-processor, which would be a bottleneck(?)



  • Unless you instruct OpenVPN to push a default gateway, only the network you specify when you setup the tunnel will be accessible through the VPN.

    Since I'm with XS4all I have WebTV and native IPv6.
    So I'm pushing routes to the webtv network in addition to the local network. All other traffic remains outside the tunnel.
    Since you want to send all traffic through the tunnel you have to push a IPv4 default gsteway. You can do this in the tunnel setup.

    To have IPv6 everywhere I push a IPv6 default gateway always. But as you do not have IPv6, don't worry about it.

    The only thing you have to do on the PFS box is to make sure that all traffic is forwarded through the other OpenVPN tunnel.
    In my ignorence I assumed it was an IPsec tunnel.

    As said, with an Atom processor without HW encryption I get 60Mbps.