Jump to content


Photo
- - - - -

best pfsense router

pfsense

  • Please log in to reply
15 replies to this topic

#1 anonymousspiderweb

anonymousspiderweb

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 11 January 2017 - 02:40 AM

I am trying to use a pfsense router without breaking the bank and getting the best possible vpn speed I can get. I can get 200Mbps on my windows and mac using airvpn client. But on my ddwrt router I get max 30Mbps. So that is getting me to think about pfsense routers. After talking to some people I got the following recommendations --- please let me know if you have any other better options:

 

 

https://www.amazon.com/dp/B01M25WO36/ref=wl_it_dp_o_pC_S_ttl?_encoding=UTF8&colid=8KBFV5I6BSV1&coliid=I3FSXBLHOBC2XK

 

http://www.shuttle.eu/products/slim/ds57u5/

 

 

I would like to keep my budget under $300

 



#2 BuiltOnSelfSuccess

BuiltOnSelfSuccess

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 23 January 2017 - 10:45 AM

I'm in exactly the same boat as you, Asus RT3200 router can only get me around 35-45Mbps of my 150Mbps connection speed so I am looking for a device that can achieve 150Mbps and above (to future proof) with my VPN connection....

 

I just don't know which would be the right device, I have looked at this too as I want something really compact..

 

https://www.amazon.co.uk/PICO-PC-interface-Firewall-Computer/dp/B01N2TLS3Y/ref=sr_1_3?s=computers&ie=UTF8&qid=1485168240&sr=1-3&keywords=j1900+pfsense



#3 BuiltOnSelfSuccess

BuiltOnSelfSuccess

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 24 January 2017 - 09:41 AM

I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configuration

https://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3

 

Will keep you posted on how I get on....

 

Regards



#4 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 1858 posts

Posted 24 January 2017 - 11:44 AM

I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configuration

https://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3

 

Will keep you posted on how I get on....

 

Regards

 

This is over a 3 years old Celeron, which was considered low end even at the time of release.

No AES-NI, so don't expect it perform any better than a standard home router in terms of OpenVPN speeds.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#5 BuiltOnSelfSuccess

BuiltOnSelfSuccess

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 24 January 2017 - 12:25 PM

I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configuration

https://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3

 

Will keep you posted on how I get on....

 

Regards

This is over a 3 years old Celeron, which was considered low end even at the time of release.

No AES-NI, so don't expect it perform any better than a standard home router in terms of OpenVPN speeds.

I based the purchase from the information at the below site which looks to be able to achieve OpenVPN speeds far exceeding the speeds that my ISP will be able to offer over the next 5+ years...
https://forum.pfsense.org/index.php?topic=114202.0



#6 BuiltOnSelfSuccess

BuiltOnSelfSuccess

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 24 January 2017 - 01:29 PM

I based the purchase from the information at the below site which looks to be able to achieve OpenVPN speeds far exceeding the speeds that my ISP will be able to offer over the next 5+ years...
https://forum.pfsense.org/index.php?topic=114202.0

 

I've gone ahead and bought this as my PFsense device, 8GB RAM, 32GB SSD configuration

https://www.aliexpress.com/item/NEW-4-Lan-Quad-Core-Fanless-Mini-Pc-Router-Qotom-Q190G4N-with-Intel-celeron-J1900-VGA/32770547019.html?spm=2114.13010208.99999999.265.B8lnM3

 

Will keep you posted on how I get on....

 

Regards

This is over a 3 years old Celeron, which was considered low end even at the time of release.

No AES-NI, so don't expect it perform any better than a standard home router in terms of OpenVPN speeds.

So I've got it wrong! This device can reach close to gigabit speeds but not through a VPN connection! I want a pfSense device that can achieve 500/100Mbps+ through a VPN connection to future proof myself, do you know if one of the pfSense devices direct from them can do this or an alternative mini pc?



#7 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 1858 posts

Posted 24 January 2017 - 01:33 PM

Only if you build such a device yourself with an Intel Xeon CPU. This is not too hard or expensive.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#8 BuiltOnSelfSuccess

BuiltOnSelfSuccess

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 24 January 2017 - 02:01 PM

Only if you build such a device yourself with an Intel Xeon CPU. This is not too hard or expensive.

This is what I'm going to do, thank you!



#9 Ernst89

Ernst89

    Advanced Member

  • Members
  • PipPipPip
  • 47 posts

Posted 24 January 2017 - 11:21 PM

Only if you build such a device yourself with an Intel Xeon CPU. This is not too hard or expensive.

This is what I'm going to do, thank you!

 

I would check carefully before investing.

 

When I benchmarked my CPUs for OpenVPN with AirVPN parameters I was getting from 120Mb/s for a Intel N3105 to ~350MB/s for a i5 2500.

 

A modern fast i3 Xeon or otherwise  might do 500Mb/s but I would check.

 

I don't know why a Xeon would be better than a normal desktop CPU?



#10 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 1858 posts

Posted 25 January 2017 - 12:54 AM

Only Xeon CPUs are officially certified by Intel for 24/7/365 high load work, with included lifetime warranty.

This is why you will typically find them in data center environments and various network appliances.

The price difference is not so significant, especially for people who pay for ultra high speed connections already.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#11 BuiltOnSelfSuccess

BuiltOnSelfSuccess

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 27 January 2017 - 09:51 PM

I've found this which I think will far exceed my requirements but good for future proofing, let me know what you think please....

http://www.ebay.co.uk/itm/182347604580

#12 BuiltOnSelfSuccess

BuiltOnSelfSuccess

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 13 February 2017 - 03:58 PM

I've found this which I think will far exceed my requirements but good for future proofing, let me know what you think please....

http://www.ebay.co.uk/itm/182347604580

I actually ended up getting this:
http://www.mini-itx.com/~JBC313

 

I can now achieve 150mbps/10mbps speed through OpenVPN!

 

Thank you all for your help :)



#13 flat4

flat4

    Advanced Member

  • Members
  • PipPipPip
  • 308 posts

Posted 13 February 2017 - 04:14 PM

Only Xeon CPUs are officially certified by Intel for 24/7/365 high load work, with included lifetime warranty.

This is why you will typically find them in data center environments and various network appliances.

The price difference is not so significant, especially for people who pay for ultra high speed connections already.

 

No too long ago facebook or someone with a lot of datacenters updated and there was a flood of E2670 on ebay, grabbed a couple that is what my nas runs. my pfsense box does not  have AES so it cannot process very fast but good enough for me. I am on the lookout for another xeon and board to be my new pfsense box. 



#14 Blade Runner

Blade Runner

    Newbie

  • Members
  • Pip
  • 6 posts
  • LocationLow Earth Orbit

Posted 13 February 2017 - 07:45 PM

Future proofing is analogous to fighting water. 

 

https://redmine.pfsense.org/issues/7174

 

There are issues with AES-NI crypto. Suggest buying Xeon CPU with AES-NI feature and let pfSense devs make it work. 


Do not be afraid to fail.

#15 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 6699 posts

Posted 13 February 2017 - 07:49 PM

Hello!

 

That's very puzzling, or maybe is it peculiar to *BSD? We notice the opposite, we have significant performance increase with AES-NI (in optimized GNU/Linux systems, though). Actually we can reach performance above 700 Mbit/s ONLY with AES-NI CPUs, that's why we upgraded in the last years all the servers to servers with AES-NI supporting CPUs.

 

Kind regards



#16 go558a83nk

go558a83nk

    Advanced Member

  • Members
  • PipPipPip
  • 904 posts

Posted 13 February 2017 - 08:49 PM

running pfsense 10.3 on a AMD A6-7400K Radeon R5

 

With advanced settings>miscellaneous>cryptographic hardware>amd geode LX security block

openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 69228564 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 20139141 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 256 size blocks: 5465575 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 1024 size blocks: 1404702 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 176969 aes-256-cbc's in 3.00s
OpenSSL 1.0.1s-freebsd  1 Mar 2016
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     369219.01k   429635.01k   466395.73k   479471.62k   483243.35k
 

With advanced settings>miscellaneous>cryptographic hardware>aes-ni cpu-based acceleration

openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 1524514 aes-256-cbc's in 0.30s
Doing aes-256-cbc for 3s on 64 size blocks: 1549608 aes-256-cbc's in 0.22s
Doing aes-256-cbc for 3s on 256 size blocks: 1268941 aes-256-cbc's in 0.23s
Doing aes-256-cbc for 3s on 1024 size blocks: 739837 aes-256-cbc's in 0.13s
Doing aes-256-cbc for 3s on 8192 size blocks: 151301 aes-256-cbc's in 0.02s
OpenSSL 1.0.1s-freebsd  1 Mar 2016
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc      82163.28k   453371.03k  1386021.96k  6060744.70k 52883532.46k

 

With advanced settings>miscellaneous>cryptographic hardware>aes-ni cpu-based acceleration
openssl speed -evp aes-256-cbc -engine cryptodev
engine "cryptodev" set.
Doing aes-256-cbc for 3s on 16 size blocks: 1526421 aes-256-cbc's in 0.31s
Doing aes-256-cbc for 3s on 64 size blocks: 1522099 aes-256-cbc's in 0.27s
Doing aes-256-cbc for 3s on 256 size blocks: 1261088 aes-256-cbc's in 0.29s
Doing aes-256-cbc for 3s on 1024 size blocks: 739709 aes-256-cbc's in 0.13s
Doing aes-256-cbc for 3s on 8192 size blocks: 151291 aes-256-cbc's in 0.02s
OpenSSL 1.0.1s-freebsd  1 Mar 2016
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc      78152.76k   366736.32k  1116846.80k  5703243.41k 79320055.81k
 

With advanced settings>miscellaneous>cryptographic hardware>none

openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 72793174 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 20266245 aes-256-cbc's in 3.02s
Doing aes-256-cbc for 3s on 256 size blocks: 5436363 aes-256-cbc's in 2.98s
Doing aes-256-cbc for 3s on 1024 size blocks: 1404736 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 175041 aes-256-cbc's in 2.97s
OpenSSL 1.0.1s-freebsd  1 Mar 2016
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     388230.26k   428995.04k   467555.76k   479483.22k   483009.98k

 

 

It seems enabling for the OS AES-NI, in this test, makes smaller block sizes slower but the larger block size(s) much faster.  The question is, what block size is the best representation of internet traffic?
 







Similar Topics Collapse


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Users: 12295 - BW: 38115 Mbit/sYour IP: 54.158.100.26Guest Access.