Hardware for small office, 5-8 Mbps internet with VPN, LightSquid
we are in a rural area served by a WISP. As a result, our internet speeds aren't great. We only have 5-8 Mbps. We run a small business from our property and may have as many as 20 users connected at any given time.
We've been using a Ubiquiti radio for our DHCP and NAT, but I want more power and control.
We are also becoming increasingly security conscious and want to route some of our traffic through a VPN - we've been using PIA on a per user basis, but it makes more sense to route it all using something like pfSense. (Side note: ideally users will be able to opt for having their traffic routed through the VPN - it sounds like you can define routing rules based on IP address - but that's another problem to solve.)
Since we only have a small pipe I also want to use lightsense to track internet usage on a per user basis.
The question (at this point) deals with hardware. What's the cheapest hardware that can do all that, but that would leave us some head room in case we ever get more internet?
I've been looking at Thin Clients - they sound like they would offer enough horsepower, and I like the low cost and low energy usage.
I'm not a guru, but I used IPCop for about 8 years and Zeroshell for another couple and spent several years repairing and building PCs.
I am currently using a netgear r7000 with ddwrt for a similar setup, but a faster connectionminus the squid.
A Celeron J or Athlon 5350 box should work for you.
So you don't mind using sencond hand equipment?
Do you mean lightsquid?
No, I don't mind using second hand gear.
I'm thinking I'll order a used motherboard of ebay - one with an Atom CPU. Then I'll just cobble together a solution with a use PSU, 2x RJ45 NIC, etc.
Many of the used MBs have a PCI slot, so that would work nicely.
Or am I missing something?
Something like on of these:
Nope. At 5-8Mbps you should be fine with almost any hardware. I would probably opt for the D525 though if you have the choice, it is significantly more capable.
Do you want to encrypt all traffic, the full available bandwidth? Again since that's only 8Mbps you should have no problem. The D525 can push ~50Mbps of encrypted data (~500Mbps unencrypted).