Jump to content
Not connected, Your IP: 3.22.42.189

Recommended Posts

I am trying to use a pfsense router without breaking the bank and getting the best possible vpn speed I can get. I can get 200Mbps on my windows and mac using airvpn client. But on my ddwrt router I get max 30Mbps. So that is getting me to think about pfsense routers. After talking to some people I got the following recommendations --- please let me know if you have any other better options:

 

 

https://www.amazon.com/dp/B01M25WO36/ref=wl_it_dp_o_pC_S_ttl?_encoding=UTF8&colid=8KBFV5I6BSV1&coliid=I3FSXBLHOBC2XK

 

http://www.shuttle.eu/products/slim/ds57u5/

 

 

I would like to keep my budget under $300

 

Share this post


Link to post

I'm in exactly the same boat as you, Asus RT3200 router can only get me around 35-45Mbps of my 150Mbps connection speed so I am looking for a device that can achieve 150Mbps and above (to future proof) with my VPN connection....

 

I just don't know which would be the right device, I have looked at this too as I want something really compact..

 

https://www.amazon.co.uk/PICO-PC-interface-Firewall-Computer/dp/B01N2TLS3Y/ref=sr_1_3?s=computers&ie=UTF8&qid=1485168240&sr=1-3&keywords=j1900+pfsense

Share this post


Link to post

I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configuration

https://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3

 

Will keep you posted on how I get on....

 

Regards

 

This is over a 3 years old Celeron, which was considered low end even at the time of release.

No AES-NI, so don't expect it perform any better than a standard home router in terms of OpenVPN speeds.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

 

I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configuration

https://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3

 

Will keep you posted on how I get on....

 

Regards

This is over a 3 years old Celeron, which was considered low end even at the time of release.

No AES-NI, so don't expect it perform any better than a standard home router in terms of OpenVPN speeds.

I based the purchase from the information at the below site which looks to be able to achieve OpenVPN speeds far exceeding the speeds that my ISP will be able to offer over the next 5+ years...

https://forum.pfsense.org/index.php?topic=114202.0

Share this post


Link to post

I based the purchase from the information at the below site which looks to be able to achieve OpenVPN speeds far exceeding the speeds that my ISP will be able to offer over the next 5+ years...

https://forum.pfsense.org/index.php?topic=114202.0

 

I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configuration

https://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3

 

Will keep you posted on how I get on....

 

Regards

This is over a 3 years old Celeron, which was considered low end even at the time of release.

No AES-NI, so don't expect it perform any better than a standard home router in terms of OpenVPN speeds.

So I've got it wrong! This device can reach close to gigabit speeds but not through a VPN connection! I want a pfSense device that can achieve 500/100Mbps+ through a VPN connection to future proof myself, do you know if one of the pfSense devices direct from them can do this or an alternative mini pc?

Share this post


Link to post

 

Only if you build such a device yourself with an Intel Xeon CPU. This is not too hard or expensive.

This is what I'm going to do, thank you!

 

I would check carefully before investing.

 

When I benchmarked my CPUs for OpenVPN with AirVPN parameters I was getting from 120Mb/s for a Intel N3105 to ~350MB/s for a i5 2500.

 

A modern fast i3 Xeon or otherwise  might do 500Mb/s but I would check.

 

I don't know why a Xeon would be better than a normal desktop CPU?

Share this post


Link to post

Only Xeon CPUs are officially certified by Intel for 24/7/365 high load work, with included lifetime warranty.

This is why you will typically find them in data center environments and various network appliances.

The price difference is not so significant, especially for people who pay for ultra high speed connections already.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Only Xeon CPUs are officially certified by Intel for 24/7/365 high load work, with included lifetime warranty.

This is why you will typically find them in data center environments and various network appliances.

The price difference is not so significant, especially for people who pay for ultra high speed connections already.

 

No too long ago facebook or someone with a lot of datacenters updated and there was a flood of E2670 on ebay, grabbed a couple that is what my nas runs. my pfsense box does not  have AES so it cannot process very fast but good enough for me. I am on the lookout for another xeon and board to be my new pfsense box. 

Share this post


Link to post

Hello!

 

That's very puzzling, or maybe is it peculiar to *BSD? We notice the opposite, we have significant performance increase with AES-NI (in optimized GNU/Linux systems, though). Actually we can reach performance above 700 Mbit/s ONLY with AES-NI CPUs, that's why we upgraded in the last years all the servers to servers with AES-NI supporting CPUs.

 

Kind regards

Share this post


Link to post

running pfsense 10.3 on a AMD A6-7400K Radeon R5

 

With advanced settings>miscellaneous>cryptographic hardware>amd geode LX security block

openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 69228564 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 20139141 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 256 size blocks: 5465575 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 1024 size blocks: 1404702 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 176969 aes-256-cbc's in 3.00s
OpenSSL 1.0.1s-freebsd  1 Mar 2016
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     369219.01k   429635.01k   466395.73k   479471.62k   483243.35k
 

With advanced settings>miscellaneous>cryptographic hardware>aes-ni cpu-based acceleration

openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 1524514 aes-256-cbc's in 0.30s
Doing aes-256-cbc for 3s on 64 size blocks: 1549608 aes-256-cbc's in 0.22s
Doing aes-256-cbc for 3s on 256 size blocks: 1268941 aes-256-cbc's in 0.23s
Doing aes-256-cbc for 3s on 1024 size blocks: 739837 aes-256-cbc's in 0.13s
Doing aes-256-cbc for 3s on 8192 size blocks: 151301 aes-256-cbc's in 0.02s
OpenSSL 1.0.1s-freebsd  1 Mar 2016
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc      82163.28k   453371.03k  1386021.96k  6060744.70k 52883532.46k

 

With advanced settings>miscellaneous>cryptographic hardware>aes-ni cpu-based acceleration
openssl speed -evp aes-256-cbc -engine cryptodev
engine "cryptodev" set.
Doing aes-256-cbc for 3s on 16 size blocks: 1526421 aes-256-cbc's in 0.31s
Doing aes-256-cbc for 3s on 64 size blocks: 1522099 aes-256-cbc's in 0.27s
Doing aes-256-cbc for 3s on 256 size blocks: 1261088 aes-256-cbc's in 0.29s
Doing aes-256-cbc for 3s on 1024 size blocks: 739709 aes-256-cbc's in 0.13s
Doing aes-256-cbc for 3s on 8192 size blocks: 151291 aes-256-cbc's in 0.02s
OpenSSL 1.0.1s-freebsd  1 Mar 2016
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc      78152.76k   366736.32k  1116846.80k  5703243.41k 79320055.81k
 

With advanced settings>miscellaneous>cryptographic hardware>none

openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 72793174 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 20266245 aes-256-cbc's in 3.02s
Doing aes-256-cbc for 3s on 256 size blocks: 5436363 aes-256-cbc's in 2.98s
Doing aes-256-cbc for 3s on 1024 size blocks: 1404736 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 175041 aes-256-cbc's in 2.97s
OpenSSL 1.0.1s-freebsd  1 Mar 2016
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     388230.26k   428995.04k   467555.76k   479483.22k   483009.98k

 

 

It seems enabling for the OS AES-NI, in this test, makes smaller block sizes slower but the larger block size(s) much faster.  The question is, what block size is the best representation of internet traffic?
 

Share this post


Link to post
On 2/13/2017 at 3:58 PM, BuiltOnSelfSuccess said:

I actually ended up getting this:

http://www.mini-itx.com/~JBC313

 

I can now achieve 150mbps/10mbps speed through OpenVPN!

 

Thank you all for your help

Resurrecting this post as it's been over 5 years of mostly pain free connectivity. I've been on a 200/20mbps line which this brilliant device ran with 3 load balanced simultaneous OpenVPN connections, I could manage a 180/20mbps connection. I've now been upgraded to a 350/30mbps connection and need something that can handle the connection speeds, spotted this with a Intel N6005 and wanted to run it past you clever bunch to see if you could confirm that I would be able to achieve higher speeds through the VPN connections?
 

Share this post


Link to post
26 minutes ago, BuiltOnSelfSuccess said:
Resurrecting this post as it's been over 5 years of mostly pain free connectivity. I've been on a 200/20mbps line which this brilliant device ran with 3 load balanced simultaneous OpenVPN connections, I could manage a 180/20mbps connection. I've now been upgraded to a 350/30mbps connection and need something that can handle the connection speeds, spotted this with a Intel N6005 and wanted to run it past you clever bunch to see if you could confirm that I would be able to achieve higher speeds through the VPN connections?
 

Are you interested in trying wireguard?  I think you could easily max your connection with wireguard instead of buying new hardware.

 

Share this post


Link to post
4 hours ago, go558a83nk said:

Are you interested in trying wireguard?  I think you could easily max your connection with wireguard instead of buying new hardware.

 
Absolutely albeit I have no knowledge of Wireguard but will get Googleing, thanks for the suggestion.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...