Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hardware for 200 Mbit/s via OpenVPN

    Scheduled Pinned Locked Moved Hardware
    5 Posts 5 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      coolstorybro
      last edited by

      Hello,

      I want to build my own PFsense firewall to have a reliable connection between my home network and my VPN provider.

      What is difficult about it is, that I want to achieve around 200 Mbit/s over OpenVPN. Via the OpenVPN client I get these results which is absolutely fine, but I want that speed for my whole network over PFsense.

      I guess I need a CPU which supports AES-NI, could someone tell me a hardware setup which is able to achieve that speed?

      Regards,
      coolstorybro

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        What is difficult about it is, that I want to achieve around 200 Mbit/s over OpenVPN.

        For sure a good throughput you want to archive, but if on the other side where your provider
        is sharing to many customers over one router or vpn endpoint, you can own the best Harware ever,
        but you will not receive the half of the 200 MBit/s! So it is not really able to tell you what you should
        buy, and then on the other side the bottleneck will be created.

        I guess I need a CPU which supports AES-NI,

        Or another crypto accelerator card supported by pfSense, that is really able to serve you this VPN speed.

        What I want to explain in shorter words, if you have the best equipment on your side, is not able to
        work out the ISP side of this VPN connection if there is the bottleneck with an over booked router.

        1 Reply Last reply Reply Quote 0
        • M Offline
          M_Devil
          last edited by

          For your inspiration, my setup:

          Using OpenVPN (BF-CBC, 128-bit and no hardware crypto) VPN connection to a VPN service provider and can utilize 100% 500/500 mbit fiber connection.

          Setup:

          • Intel i3-2100 on bare metal

          • Created 2 concurrent gateways to my VPN service provider and created a new group(gateway) combining the two VPN connections. This is done because each VPN connection can deliver only up to max 300 mbit.

          When running flat out (using both OpenVPN  gateways to VPN service provider) on 500 mbit, CPU load is between 50% and 60%

          1 Reply Last reply Reply Quote 0
          • D Offline
            Darkk
            last edited by

            Not sure if anybody should be using 128 bit for encryption these days.  256 bit or higher is preferred.  I am using AES-256-CBC which is the best choice.  Also make sure LZO compression is disabled as there is a vulnerability.

            I am running a VM OpenVPN Access Server (commercial) at work with almost 100 users running 256 bit encryption and that server is hardly breaking a sweat.  I think the only concern if all of my users are uploading / downloading full bandwidth at 100Mb at the same time which is hardly ever.

            1 Reply Last reply Reply Quote 0
            • DerelictD Offline
              Derelict LAYER 8 Netgate
              last edited by

              128-bit AES/BF is fine.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.