anonymousspiderweb 0 Posted ... I am trying to use a pfsense router without breaking the bank and getting the best possible vpn speed I can get. I can get 200Mbps on my windows and mac using airvpn client. But on my ddwrt router I get max 30Mbps. So that is getting me to think about pfsense routers. After talking to some people I got the following recommendations --- please let me know if you have any other better options: https://www.amazon.com/dp/B01M25WO36/ref=wl_it_dp_o_pC_S_ttl?_encoding=UTF8&colid=8KBFV5I6BSV1&coliid=I3FSXBLHOBC2XK http://www.shuttle.eu/products/slim/ds57u5/ I would like to keep my budget under $300 Quote Share this post Link to post
BuiltOnSelfSuccess 1 Posted ... I'm in exactly the same boat as you, Asus RT3200 router can only get me around 35-45Mbps of my 150Mbps connection speed so I am looking for a device that can achieve 150Mbps and above (to future proof) with my VPN connection.... I just don't know which would be the right device, I have looked at this too as I want something really compact.. https://www.amazon.co.uk/PICO-PC-interface-Firewall-Computer/dp/B01N2TLS3Y/ref=sr_1_3?s=computers&ie=UTF8&qid=1485168240&sr=1-3&keywords=j1900+pfsense Quote Share this post Link to post
BuiltOnSelfSuccess 1 Posted ... I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configurationhttps://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3 Will keep you posted on how I get on.... Regards Quote Share this post Link to post
zhang888 1066 Posted ... I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configurationhttps://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3 Will keep you posted on how I get on.... Regards This is over a 3 years old Celeron, which was considered low end even at the time of release.No AES-NI, so don't expect it perform any better than a standard home router in terms of OpenVPN speeds. 1 Wolf666 reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
BuiltOnSelfSuccess 1 Posted ... I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configurationhttps://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3 Will keep you posted on how I get on.... RegardsThis is over a 3 years old Celeron, which was considered low end even at the time of release.No AES-NI, so don't expect it perform any better than a standard home router in terms of OpenVPN speeds.I based the purchase from the information at the below site which looks to be able to achieve OpenVPN speeds far exceeding the speeds that my ISP will be able to offer over the next 5+ years...https://forum.pfsense.org/index.php?topic=114202.0 Quote Share this post Link to post
BuiltOnSelfSuccess 1 Posted ... I based the purchase from the information at the below site which looks to be able to achieve OpenVPN speeds far exceeding the speeds that my ISP will be able to offer over the next 5+ years...https://forum.pfsense.org/index.php?topic=114202.0 I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configurationhttps://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3 Will keep you posted on how I get on.... RegardsThis is over a 3 years old Celeron, which was considered low end even at the time of release.No AES-NI, so don't expect it perform any better than a standard home router in terms of OpenVPN speeds.So I've got it wrong! This device can reach close to gigabit speeds but not through a VPN connection! I want a pfSense device that can achieve 500/100Mbps+ through a VPN connection to future proof myself, do you know if one of the pfSense devices direct from them can do this or an alternative mini pc? Quote Share this post Link to post
zhang888 1066 Posted ... Only if you build such a device yourself with an Intel Xeon CPU. This is not too hard or expensive. 2 Blade Runner and Wolf666 reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
BuiltOnSelfSuccess 1 Posted ... Only if you build such a device yourself with an Intel Xeon CPU. This is not too hard or expensive.This is what I'm going to do, thank you! Quote Share this post Link to post
Ernst89 11 Posted ... Only if you build such a device yourself with an Intel Xeon CPU. This is not too hard or expensive.This is what I'm going to do, thank you! I would check carefully before investing. When I benchmarked my CPUs for OpenVPN with AirVPN parameters I was getting from 120Mb/s for a Intel N3105 to ~350MB/s for a i5 2500. A modern fast i3 Xeon or otherwise might do 500Mb/s but I would check. I don't know why a Xeon would be better than a normal desktop CPU? Quote Share this post Link to post
zhang888 1066 Posted ... Only Xeon CPUs are officially certified by Intel for 24/7/365 high load work, with included lifetime warranty.This is why you will typically find them in data center environments and various network appliances.The price difference is not so significant, especially for people who pay for ultra high speed connections already. 1 Blade Runner reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
BuiltOnSelfSuccess 1 Posted ... I've found this which I think will far exceed my requirements but good for future proofing, let me know what you think please.... http://www.ebay.co.uk/itm/182347604580 Quote Share this post Link to post
BuiltOnSelfSuccess 1 Posted ... I've found this which I think will far exceed my requirements but good for future proofing, let me know what you think please.... http://www.ebay.co.uk/itm/182347604580I actually ended up getting this:http://www.mini-itx.com/~JBC313 I can now achieve 150mbps/10mbps speed through OpenVPN! Thank you all for your help Quote Share this post Link to post
flat4 79 Posted ... Only Xeon CPUs are officially certified by Intel for 24/7/365 high load work, with included lifetime warranty.This is why you will typically find them in data center environments and various network appliances.The price difference is not so significant, especially for people who pay for ultra high speed connections already. No too long ago facebook or someone with a lot of datacenters updated and there was a flood of E2670 on ebay, grabbed a couple that is what my nas runs. my pfsense box does not have AES so it cannot process very fast but good enough for me. I am on the lookout for another xeon and board to be my new pfsense box. Quote Hide flat4's signature Hide all signatures pFsense it works Share this post Link to post
Blade Runner 4 Posted ... Future proofing is analogous to fighting water. https://redmine.pfsense.org/issues/7174 There are issues with AES-NI crypto. Suggest buying Xeon CPU with AES-NI feature and let pfSense devs make it work. Quote Hide Blade Runner's signature Hide all signatures Do not be afraid to fail. Share this post Link to post
Staff 9971 Posted ... Hello! That's very puzzling, or maybe is it peculiar to *BSD? We notice the opposite, we have significant performance increase with AES-NI (in optimized GNU/Linux systems, though). Actually we can reach performance above 700 Mbit/s ONLY with AES-NI CPUs, that's why we upgraded in the last years all the servers to servers with AES-NI supporting CPUs. Kind regards 1 Wolf666 reacted to this Quote Share this post Link to post
go558a83nk 362 Posted ... running pfsense 10.3 on a AMD A6-7400K Radeon R5 With advanced settings>miscellaneous>cryptographic hardware>amd geode LX security blockopenssl speed -evp aes-256-cbcDoing aes-256-cbc for 3s on 16 size blocks: 69228564 aes-256-cbc's in 3.00sDoing aes-256-cbc for 3s on 64 size blocks: 20139141 aes-256-cbc's in 3.00sDoing aes-256-cbc for 3s on 256 size blocks: 5465575 aes-256-cbc's in 3.00sDoing aes-256-cbc for 3s on 1024 size blocks: 1404702 aes-256-cbc's in 3.00sDoing aes-256-cbc for 3s on 8192 size blocks: 176969 aes-256-cbc's in 3.00sOpenSSL 1.0.1s-freebsd 1 Mar 2016built on: date not availableoptions:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)compiler: clangThe 'numbers' are in 1000s of bytes per second processed.type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytesaes-256-cbc 369219.01k 429635.01k 466395.73k 479471.62k 483243.35k With advanced settings>miscellaneous>cryptographic hardware>aes-ni cpu-based accelerationopenssl speed -evp aes-256-cbcDoing aes-256-cbc for 3s on 16 size blocks: 1524514 aes-256-cbc's in 0.30sDoing aes-256-cbc for 3s on 64 size blocks: 1549608 aes-256-cbc's in 0.22sDoing aes-256-cbc for 3s on 256 size blocks: 1268941 aes-256-cbc's in 0.23sDoing aes-256-cbc for 3s on 1024 size blocks: 739837 aes-256-cbc's in 0.13sDoing aes-256-cbc for 3s on 8192 size blocks: 151301 aes-256-cbc's in 0.02sOpenSSL 1.0.1s-freebsd 1 Mar 2016built on: date not availableoptions:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)compiler: clangThe 'numbers' are in 1000s of bytes per second processed.type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytesaes-256-cbc 82163.28k 453371.03k 1386021.96k 6060744.70k 52883532.46k With advanced settings>miscellaneous>cryptographic hardware>aes-ni cpu-based accelerationopenssl speed -evp aes-256-cbc -engine cryptodevengine "cryptodev" set.Doing aes-256-cbc for 3s on 16 size blocks: 1526421 aes-256-cbc's in 0.31sDoing aes-256-cbc for 3s on 64 size blocks: 1522099 aes-256-cbc's in 0.27sDoing aes-256-cbc for 3s on 256 size blocks: 1261088 aes-256-cbc's in 0.29sDoing aes-256-cbc for 3s on 1024 size blocks: 739709 aes-256-cbc's in 0.13sDoing aes-256-cbc for 3s on 8192 size blocks: 151291 aes-256-cbc's in 0.02sOpenSSL 1.0.1s-freebsd 1 Mar 2016built on: date not availableoptions:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)compiler: clangThe 'numbers' are in 1000s of bytes per second processed.type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytesaes-256-cbc 78152.76k 366736.32k 1116846.80k 5703243.41k 79320055.81k With advanced settings>miscellaneous>cryptographic hardware>noneopenssl speed -evp aes-256-cbcDoing aes-256-cbc for 3s on 16 size blocks: 72793174 aes-256-cbc's in 3.00sDoing aes-256-cbc for 3s on 64 size blocks: 20266245 aes-256-cbc's in 3.02sDoing aes-256-cbc for 3s on 256 size blocks: 5436363 aes-256-cbc's in 2.98sDoing aes-256-cbc for 3s on 1024 size blocks: 1404736 aes-256-cbc's in 3.00sDoing aes-256-cbc for 3s on 8192 size blocks: 175041 aes-256-cbc's in 2.97sOpenSSL 1.0.1s-freebsd 1 Mar 2016built on: date not availableoptions:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)compiler: clangThe 'numbers' are in 1000s of bytes per second processed.type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytesaes-256-cbc 388230.26k 428995.04k 467555.76k 479483.22k 483009.98k It seems enabling for the OS AES-NI, in this test, makes smaller block sizes slower but the larger block size(s) much faster. The question is, what block size is the best representation of internet traffic? Quote Share this post Link to post
BuiltOnSelfSuccess 1 Posted ... On 2/13/2017 at 3:58 PM, BuiltOnSelfSuccess said: I actually ended up getting this: http://www.mini-itx.com/~JBC313 I can now achieve 150mbps/10mbps speed through OpenVPN! Thank you all for your help Resurrecting this post as it's been over 5 years of mostly pain free connectivity. I've been on a 200/20mbps line which this brilliant device ran with 3 load balanced simultaneous OpenVPN connections, I could manage a 180/20mbps connection. I've now been upgraded to a 350/30mbps connection and need something that can handle the connection speeds, spotted this with a Intel N6005 and wanted to run it past you clever bunch to see if you could confirm that I would be able to achieve higher speeds through the VPN connections? Quote Share this post Link to post
go558a83nk 362 Posted ... 26 minutes ago, BuiltOnSelfSuccess said: Resurrecting this post as it's been over 5 years of mostly pain free connectivity. I've been on a 200/20mbps line which this brilliant device ran with 3 load balanced simultaneous OpenVPN connections, I could manage a 180/20mbps connection. I've now been upgraded to a 350/30mbps connection and need something that can handle the connection speeds, spotted this with a Intel N6005 and wanted to run it past you clever bunch to see if you could confirm that I would be able to achieve higher speeds through the VPN connections? Are you interested in trying wireguard? I think you could easily max your connection with wireguard instead of buying new hardware. Quote Share this post Link to post
BuiltOnSelfSuccess 1 Posted ... 4 hours ago, go558a83nk said: Are you interested in trying wireguard? I think you could easily max your connection with wireguard instead of buying new hardware. Absolutely albeit I have no knowledge of Wireguard but will get Googleing, thanks for the suggestion. Quote Share this post Link to post
Not connected, Your IP: 18.117.105.215
Online: 25437 users - 306830 Mbit/s total BW