Recommend hardware pfsense openvpn 20meg down connection



  • I've been reading through forums for the past couple days but haven't found specific answers to what I'm looking for.

    I am wanting to use a paid vpn. My main router is a linksys e2000 flashed dd-wrt. I found if I connect to the vpn through the router, which is how I'd like to so the whole household would be under the vpn, the max speeds are around 7mbit, typically 4-5. My internet speed is roughly 20mbit down 2mbit up.

    I'd also like to reduce power consumption if possible. I've also been looking at a intel d2500cc setup as I think this is close to the processing power I need and would be low power. It is a little more than I would like to spend though.

    I'm mostly looking to find out close to how much processing power I'll need for my requirements. I'm not real familiar with the added options of pfsense. I've gotten along fine with the dd-wrt firmware so far. So I don't think I'd need squid or anything else that increasing processing, I may be wrong though.

    I have several older amd systems but I doubt they would be powerful enough. Athlon xp 2500+ and Opteron 939 pin single core.

    Any help would be appreciated.



  • Any Opteron (and quite possibly the Athlon as well) will mop the floor with the Atom D2500 (obviously at the cost of higher power consumption) as far as single-thread performance goes, and it wouldn't surprise me in the least they'd outperform it in aggregate (multi-threaded) performance as well.

    EDIT:
    http://www.cpubenchmark.net/singleThread.html
    http://www.cpubenchmark.net/low_end_cpus.html



  • The opteron is a 144 1.8ghz 67watts, motherboard is a dfi lanparty ultra-d nforce4. The best socket a chip I have is the mobile xp 2500+, I have a nforce2 with igp I'd use so wouldn't have to mess with graphics. I don't have any spare power supplys that I'd trust though

    I couldn't find much on these chips but

    Hardware / Re: Budget PFsense Router
    « on: October 26, 2012, 04:40:06 pm »
    In my case I don't care about power savings and I run pfSense on an AMD Athlon™ XP 2500+ @1.83 GHz, 512 MB RAM (usually utilized at 30%), and I even use RealTek 8139 10/100BaseTX NICs. The box is able to push 100 mbit bi-directional WAN traffic/30 mbit OVPN, and is at around 300 days uptime.

    So according to this I'd be fine for now since my connection is around 20 mbit, unless I'm misunderstanding something.

    I'm having a harder time weighing the pros and cons everything and choosing the best setup. My power cost is high at 13 cents/kw so in the long run a high efficiency build may be worth it. I'd like to have a setup to test this out though. With the 2500+ all I'd need is a power supply and ram although I think I have 2x512mb. I have a few hdds, but am wondering how much a small sdd would benefit me for running openvpn pfsense.



  • Unless you're running squid or something similar that actually generates disk I/O, an SSD won't buy you anything. It's definitely not going to make any difference for routing / filtering / NAT / VPN. Assuming your board supports it, you'll be perfectly fine running everything from a USB stick, either live or as a nanobsd install.



  • This post is deleted!

  • Netgate Administrator

    Not running Squid or Snort a D2500 will push >20Mbps of VPN traffic. A D510 will push ~50Mbps: http://forum.pfsense.org/index.php/topic,27780.0.html

    Are you sure that the 7Mbps limit is not at the provider end? (or is that what you're saying?) They are often not very fast for cheaper VPN providers.

    Steve



  • Ok, I'm completely new at pfsense. Confused about being fine at 20 mbit but not getting 20 mbit performance. My purpose for trying pfsense is to be able to use openvpn while keeping as much throughput as possible, having a better router in the end is an added bonus. From what I've read the linksys e2000 is only capable of pushing around 5 or so mbit of vpn traffic due to 300 something mhz processor.

    I'm wanting to use airvpn. They guarantee 4mbps but from what I've read most people get much more. They only allow one instance running per paid account, which is why I'm wanting to connect to it from the router. I think I'll try it out on my main computer, then the e2000 and see how that goes and hopefully have a pfsense box soon.

    Which d510 should I be looking at? I tend to overbuild when I plan my personal computers, would rather have too much power than not enough.


  • Netgate Administrator

    I used the D510 as an example because there is extensive testing data in that thread I linked to. The D2500 is newer and more powerful so it will do slightly better.

    Steve



  • I now understand what suncatalyst meant about not getting 20mbit performance. I went ahead and paid for 3 months to try the vpn out. Using the speedtest before using open vpn on the desktop I got ~17mbps down ~1.6mbps up 30ish ping. Unfortunately they don't seem to have any servers in my area(east tx), all around 1000 miles away, mostly in virginia. Connecting to a lower utilized airvpn server in virginia I got ~13 mbps down ~1.3 mbps up, ~150 ping. I think this is acceptable losing around 25% but am not sure. The price is good being around $6 per month.

    The desktop has a 4770k, 16gb ram. What are the chances of a pfsense box getting close to the same throughput as running open vpn client on the desktop? Is there any chance of a pfsense box performing better than this?

    I misread about the d510 compared to d2500, saw the >20 on the d2500 then ~50.

    I found this d2500cc setup: http://www.ebay.com/itm/Barebones-Mini-ITX-pfSense-Firewall-Router-Intel-D2500CC-PicoPSU-80-2x-Gbe-LAN-/200839113376?pt=US_Firewall_VPN_Devices&hash=item2ec2f1aaa0

    From the component prices I've found I don't think I could build it for much less than the price, if any. I have a wd black 320gig 2.5" drive I'm not using.

    I'm wondering if a higher power solution will translate into higher throughput through the vpn though. Thinking about an i3 setup, mini itx or micro atx. I would assume mini itx would use less power but might limit me in the future if I decide to do anything else with the computer.


  • Netgate Administrator

    @Mark01ta:

    I'm wondering if a higher power solution will translate into higher throughput through the vpn though.

    Probably not. You could attempt to run an encryption that has greater data compression to squeeze more down your connection. That would require more cpu cycles but it would have to be supported by the other end.

    Steve


Log in to reply