Cheapest solution for 250Mb OpenVPN AES-256-CBC troughput



  • Hello Everybody

    What is the "cheapest" solution you could reccomend för 200+ megabit troughput on OpenVPN in a home setting with a handful of users?

    I have been looking in quite a lot of threads here, but it is hard to find anyone writing numbers on real WAN-to-LAN troughput with High-speed VPN?



  • What is the "cheapest" solution you….

    Cheap for me or for you? What is your budget will be better to know for us first to come closer?

    could reccomend för 200+ megabit troughput on OpenVPN

    Not that we are talking then about two different things, VPN is mostly a both or two ended solution
    and on both sides, a so strong unit as things must be, likes your awaited throughput amount should
    be placed to handle then this traffic, and not only on one side or in one environment.

    in a home setting with a handful of users?

    VPN users from outside? Or users that are use one VPN connection to a VPN provider (ISP)?
    What is a handful users please? 20, 50 or >50+ users? Is this then more for mailing and surfing
    or more for playing and downloading files?

    I have been looking in quite a lot of threads here,

    But you will not even find the same situation, likes you are in and the different configuration often
    makes the real differences.

    but it is hard to find anyone writing numbers on real WAN-to-LAN troughput with High-speed VPN?

    As I would be in your situation I would more having an eye on the really given 200+ MBit/s VPN throughput
    and not on money savings, if this is the real goal or so called must be.

    Budget:
    An Intel Celeron G3260 with 2 cores @3,2GHz and 4 GB RAM
    Soekris vpn1401 or vpn1411 miniPCI or PCI card

    Small:
    An Intel Core i3 CPU with 4 cores and @3,0GHz or higher and 4 GB RAM
    AES-NI

    Medium:
    An Intel Core i5 CPU with 4 cores and @3,0GHz or higher and 8 GB RAM
    AES-NI

    Big:
    An Intel Xeon D-1540 CPU with 8 cores and @2,0GHz and 8 GB RAM
    AES-NI but no Intel QuickAssist, but it might be also powerful enough

    Professional:
    An Intel Xeon E3-12xx v3/v4 CPU with 4 cores and @3,0GHz or higher and 8 GB RAM
    AES-NI

    Enterprise:
    An Intel Xeon E5-2600 v3  CPU with 6- 10 cores and @3,0GHz or higher and 8 GB or 16 GB RAM
    AES-NI



  • Cheap for me ;) (a budget setup of a couple 100$'s)

    I intend to use the setup for anonoymization with the service https://www.ovpn.se/, wich i get 200+ megabit downstream trough with my desktop computer and OpenVPN, but now i want to protect my whole home network instead with a transparent VPN setup.

    I understand that the total troughput will be limited by the other end, but if my end cannont encrypt/decrypt fast enough, it will never go faster than that.

    Clients… <10 simultaneous clients spread over 4 persons trough the VPN tunnel to OVPN, usage is everything from web surfing to email to downloading files.

    I pay for 250/100Mbit fiber and usually get about 280/120 if just downloading a large file from fast servers.



  • Cheapest? Used/refurb Core2duo rigs can be had for $100 or less all day long.



  • BlueKobold
    Just a note. The D-1540 does have AI-NES



  • @randyruiz:

    BlueKobold
    Just a note. The D-1540 does have AI-NES

    Corrected. Thnx.



  • Also, only the Haswell and later Core i3 comes with AES-NI.



  • Lenovo TS140 or Dell T20 mini-tower SMB servers are often found on sale <=$300 with E3 v3 xeons (12x5 = haswell quads @ 3ghz+). You will need to add at least 1 NIC for ports, fortunately duals and quads are quite cheap on fleabay ($10~50), I suggest 82571 intel chipset versions or anything intel really.

    These machines are powerful enough to do pretty much anything a home firewall would want, even if you are lucky enough to have 1Gbit.

    I would keep an eye out for really good deals soon as the holiday sales start up and intel just released the E3 v5 skylake platform* so vendors will be probably be looking to unload current stock faster than usual. I intend to give them a hand ;)

    *don't let the v5 vs v3 bother you: skylake is only a tiny bit faster than haswell and didn't add anything of note for pfsense purposes, v4 broadwell release was 99% vapor, 1% obscure.


Log in to reply