guppy 10 Posted ... For some time I've had my router (rt-a66u) handle my openVPN needs, and that works fine for browsing, etc - unfortunately it seems to top out at 4Mbps/6Mbps ( yeah upload is higher for some reason ) which means that streaming can get a tad tricky. So my current idea is to offload the work to a dedicated unit, to minimize the power usage something embedded is preferred - I've been considering the Cubox-i;http://solid-run.com/freescale-imx6-family/cubox-i/cubox-i-specifications/ Though I'm not really sure how powerful it has to be to get reasonably close to being able to saturate my 100/100 connection - I know that the airvpn server may just turn out to be the bottleneck, but the hardware will also be hosting an inbound VPN connection which is really what I'm interested in saturating. Before I ordered a box I figured I ask around here if anyone has any experience with dedicated embeded hardware for openvpn - perhaps something with builtin hw acceleration? Realistically I could properly learn to live with ~25Mpbs, but obviously the faster the better The hardware will have to host 2 clients and 1 server. Share this post Link to post
Valerian 20 Posted ... I have a 100/100 connection and my AirVPN speeds are consistently around 90/90 or above, so I wouldn't worry about AirVPN being the bottleneck. Share this post Link to post
guppy 10 Posted ... No one? New favorite - the banana pi r1http://www.bananapi.com/index.php/component/content/article?layout=edit&id=59http://www.banana-pi.org/r1.html The A20 ( dual core 1Ghz ) should be enough for handling en/de-cryption in software but it seems to have hardware crypto support for AES-128/196/256 in CBC mode, How ever feel free to suggest other platforms while I dig though forums trying to figure out how badly the binary blobs perform As it turns out, the banana pi has massive issues with both the sata interface noget getting enough power and one core being completely maxed out just switching traffic between the 5 1Gbe ports - who in turn max out at 300mbps so while it might work it just has too little head room for my liking, soo.. anyone ? Share this post Link to post
go558a83nk 364 Posted ... for ease, it looks as though pfsense sells hardware that will act as gateway/firewall/openvpn client/etc. I checked it out and even the lowest end comes with an intel chip that has AES-NI if I read correctly. I'm interested in getting one myself. Share this post Link to post
rickjames 106 Posted ... Personally I would build something based on the 6 watt intel N3700 chip or the N3150. Both have aes-ni.That or pick up a used $100 1u xeon server off ebay. The banana pi's are all fairly under powered, and from what I can tell all the pfsense hardware only has intel Atom chips = They're overpriced for what you get performance wise. If you're looking to run 2 openvpn instances and saturate a 100/100 line, you're gonna need a bit more horsepower than a pi ect. Not a lot, but more than most of the inexpensive embedded setups will offer. 1 guppy reacted to this Share this post Link to post
LazyLizard14 11 Posted ... I can really recommend to look out for a decent thin client like the Igel H710C or similar. The VIA processors have built-in cryptohardware ("VIA Padlock").They often available on ebay for cheap: I got mine plus a Intel dual NIC for 70 Euro alltogether.3 concurrent OpenVPN instances are no problem. Also I recently upgraded to a 100 Mbps line 1 guppy reacted to this Share this post Link to post
guppy 10 Posted ... I can really recommend to look out for a decent thin client like the Igel H710C or similar. The VIA processors have built-in cryptohardware ("VIA Padlock").They often available on ebay for cheap: I got mine plus a Intel dual NIC for 70 Euro alltogether.3 concurrent OpenVPN instances are no problem. Also I recently upgraded to a 100 Mbps line That does look very tempting - but unfortunately the eden series (c7 specifically) only seems to support AES-128, airvpn is locked to AES-256-CBC - so you would have to do it in software? Apparently the Via C7 series does support AES-256-CBC, bit annoying that via doesn't have better documentations of their chips So this definitively looks like the way to go. What are you running on it? ( windows/Linux/ openWRT / other ) Share this post Link to post
guppy 10 Posted ... That or pick up a used $100 1u xeon server off ebay.that is an excellent idea really those tings are dirt cheap! , unfortunately I do not have anywhere to place such a noise machine, thanks for the suggestion tho Share this post Link to post
LazyLizard14 11 Posted ... What are you running on it? ( windows/Linux/ openWRT / other ) pfsense. There is also an excellent guide about how to set it up here on the forums. If possible, try to get a thin client with the VIA nano: https://en.wikipedia.org/wiki/VIA_NanoMaybe a fast C7 could serve you as well. For sure worth a try. Don't forget to pick up an Intel dual or quad NIC! A Xeon server is powerful enough for sure but consider noise, power consumption and a space to mount it. Share this post Link to post
rickjames 106 Posted ... If you keep powerd @ minimum 'in pfsense' the fan should hardly ever kick on in one of those 1u box's.The cpu will run at or around 200'ish mhz. I would still just build something. Share this post Link to post