Jump to content


Photo

Virgin Media + OpenVPN = Fail?


  • Please log in to reply
97 replies to this topic

#81 McLoEa

McLoEa

    Advanced Member

  • Members
  • PipPipPip
  • 216 posts

Posted 06 May 2014 - 05:13 PM

What do you guys think of this?

 

http://www.ebay.co.uk/itm/pfSense-2-1-2-ROUTER-FIREWALL-1GHz-SSD-Flash-VPN-DMZ-DUAL-GIGABIT-WAN-GUI-3-port-/131179769445?pt=US_Thin_Clients&hash=item1e8aec6e65



#82 refresh

refresh

    Advanced Member

  • Members
  • PipPipPip
  • 163 posts

Posted 06 May 2014 - 10:24 PM

not that brilliant I reckon, once you factor into shipping cost etc

 

check here:

 

https://airvpn.org/topic/11422-recommended-specs-for-air-and-pfsense/

 

some specs to look over I still think look about on ebay for some desktop machines even 2nd hand ones you do sadly have to spend a good £200-300 to get a fairly good spec up (new build) and running that price factors in a 4 port intel nic or you could get a 2 port intel nic which is cheaper. I know its more money but spending £100-150 on a router that will still be slower overall is even worse.

 

As is with the above link finding a cpu with AES support and 2ghz+ helps.



#83 McLoEa

McLoEa

    Advanced Member

  • Members
  • PipPipPip
  • 216 posts

Posted 07 May 2014 - 07:55 AM

This is the thing for me,I don't have a spare £200 or £300 at the moment.



#84 McLoEa

McLoEa

    Advanced Member

  • Members
  • PipPipPip
  • 216 posts

Posted 07 May 2014 - 07:32 PM

Anyone tried building a pfsense router using a raspberry pi?



#85 refresh

refresh

    Advanced Member

  • Members
  • PipPipPip
  • 163 posts

Posted 10 May 2014 - 04:36 PM

I think I recall some tried this but sadly for openvpn you really do need a beefy and powerful cpu like 2ghz+ if you can find any intel or amd cpu 2ghz+ and with AES instructions then your in business.

 

I understand the £200-300 is costly but there are plenty of people out there that will inform you and myself included you can never put a price on your privacy and security, at least with Air your with the best VPN  provider going it just requires that extra bit and effort.

 

Oh I will add try Airs new beta Client and see if that improves your performance with your Virgin issue? worth a long shot also

 

I spotted on ebay some guys sometimes selling intel core i5 and even Core i5 or xeon E3-1220 desktops for £150-200 roughly price tags, lots of choices are arriving I noticed even AMD released these new kambini AM1 2.05ghz quad cpus for £41 (has AES instructions also which helps )and the motherboards are cheap you maybe better saving the £100-150 or sourcing cheap 2nd hand parts ie case+p/s and ram/hdd and just building it.

 

Spending £30 or £60 or £80 on a router or anything else is just a waste of time and money and I know since I did exactly the same thing few months ago on a DDRT Router waste of $100 router since it was too slow for openvpn and my speeds suffered.

 

Certainly better off looking on ebay for a 2nd hand PC with 2ghz+ see some even go for £30-50 or $60-80 all the time :)



#86 rainmakerraw

rainmakerraw

    Advanced Member

  • Members
  • PipPipPip
  • 217 posts

Posted 10 May 2014 - 05:45 PM


 

I think I recall some tried this but sadly for openvpn you really do need a beefy and powerful cpu like 2ghz+ if you can find any intel or amd cpu 2ghz+ and with AES instructions then your in business.

 

I understand the £200-300 is costly but there are plenty of people out there that will inform you and myself included you can never put a price on your privacy and security, at least with Air your with the best VPN  provider going it just requires that extra bit and effort.

 

Oh I will add try Airs new beta Client and see if that improves your performance with your Virgin issue? worth a long shot also

 

I spotted on ebay some guys sometimes selling intel core i5 and even Core i5 or xeon E3-1220 desktops for £150-200 roughly price tags, lots of choices are arriving I noticed even AMD released these new kambini AM1 2.05ghz quad cpus for £41 (has AES instructions also which helps )and the motherboards are cheap you maybe better saving the £100-150 or sourcing cheap 2nd hand parts ie case+p/s and ram/hdd and just building it.

 

Spending £30 or £60 or £80 on a router or anything else is just a waste of time and money and I know since I did exactly the same thing few months ago on a DDRT Router waste of $100 router since it was too slow for openvpn and my speeds suffered.

 

Certainly better off looking on ebay for a 2nd hand PC with 2ghz+ see some even go for £30-50 or $60-80 all the time  :)

 

I just typed out a thorough reply to this, and then accidentally refreshed the page and lost it all. D'oh!  :no:

 

Sorry but it's too much to re-type so in summary: 

 

I agree with the above, and as said earlier in the thread I run an old re-purposed Dell Inspiron with a Core2Duo E7600 2.53GHz and 2GB DDR2 RAM. I was running IPFire on it (a Linux distro similar to pfSense, forked from IPCop), but for whatever reason my supported wifi card was only able to run at 2.4GHz as an access point. Trying to run on the 5GHz spectrum just crashed hostapd even though my card is on the hardware compatibility list for the distro. Weird. 

 

So I've switched over to pfSense 2.2 alpha in the last few days (it's the only release to support my TP-Link WN-4800 pci-e 450Mbps 3 antennae card). It's not as noob friendly as IPFire, but with years of Linux under my belt I soon got the swing of it (basics anyway) and set up my router/firewall/WAP working perfectly in 5GHz mode. I've run through pfSenseFan's AirVPN on pfSense tutorial in a virtual machine but I wouldn't trust myself to attempt to deploy it on my bare metal just yet as I'm not 100% confident I understand all the steps should anything go wrong. I like to be able to fix my messes from CLI without losing precious uptime lol

 

Contemporaneously with the switch to pfSense I also ditched OpenSUSE 13.1 x64, after a week or two of use and went back to Fedora 20. Ubuntu lost me with Unity, and Mint 16 is buggy with my multi-drive setup on my desktop. To call the latest release of Ubuntu 14.04 an enterprise ready LTS is a joke imho, with so many major bugs. Even OpenVPN's import is broken. So, Fedora it was. I like Fedora and have used it from versions Core 3 through 9; but KDE 4.13 is a little buggy still (bleeding edge for you). In the end I compromised and installed the bare bones of Fedora 20 CLI/network install, then pulled the MATE desktop and customised it from the ground up. Now it works how I like and is nice and light to boot.  :good:

 

My VM 152Mbps connection is running flawlessly through Fedora 20 > pfSense 2.2 > cable modem ((AirVPN)) >> Internet. Even with the VPN connected I'm still getting a solid 152Mbps thanks to VM giving customers the overheads on the connections. Here's a speedtest screenshot from last night as I was downloading an Ubuntu torrent to test the throughput: 

 

B7XgR.png

 

Smack bang on 152Mbps as you can see. Anyone still having issues on VM, I'd strongly suggest you try modem mode on the SuperHub (as previously discussed in the thread), but to also boot your wired desktop with a Linux live CD to rule out Windows issues. While it's a decent enough consumer OS overall (NSA issues aside), Linux and BSD will happily chew through even gigabit connections where Windows is still coughing miles behind. So booting from a good Linux CD and preferably throwing a pfSense or IPFire router into the middle will help maximise your throughput. Just make sure, as refresh says, that it's on a decent enough box to not CPU bottleneck your speeds. 



#87 refresh

refresh

    Advanced Member

  • Members
  • PipPipPip
  • 163 posts

Posted 10 May 2014 - 06:29 PM

pfSenseFan's AirVPN guide is excellent I have it running fine on basic hardware also his tutorial has linked a DNS benchmark and leak test can be done to make sure it works fine, guess one can even stop/pause openvpn client to confirm it works and nothing goes out or any real ip or dns leaks which does not I am happy to report :)

 

Core 2 duo desktops on ebay I see sometimes for £60-80 even perhaps chuck in a £20-30 dual intel nic and you got a good pfsense starter box, course spending that extra bit gets you AES supported cpus and better performance but for 50mb broadband should be fine.



#88 rainmakerraw

rainmakerraw

    Advanced Member

  • Members
  • PipPipPip
  • 217 posts

Posted 10 May 2014 - 06:32 PM

pfSenseFan's AirVPN guide is excellent I have it running fine on basic hardware also his tutorial has linked a DNS benchmark and leak test can be done to make sure it works fine, guess one can even stop/pause openvpn client to confirm it works and nothing goes out or any real ip or dns leaks which does not I am happy to report :)

 

Core 2 duo desktops on ebay I see sometimes for £60-80 even perhaps chuck in a £20-30 dual intel nic and you got a good pfsense starter box, course spending that extra bit gets you AES supported cpus and better performance but for 50mb broadband should be fine.

 

Exactly the reason (power use aside) that I'm upgrading ASAP . With a better chip - even the £25+ Kabini chips - you get full AES support which the E7600 lacks. As my screenshot above shows, though, it still runs 152Mbps perfectly with barely 1% CPU usage. I'd also highly recommend people grab proper Intel Pro NICs if they're not buying Rangeley or similar Intel motherboards. When I moved my pfSense box to Intel Pro 1000PT (dual WAN card) and my desktop to an Intel Pro 1000MT NIC my throughput was much more consistent. Realtek NICs are widespread in consumer boxes but they're not the best ime.



#89 McLoEa

McLoEa

    Advanced Member

  • Members
  • PipPipPip
  • 216 posts

Posted 11 May 2014 - 06:04 PM

I found a cracking thread about building a pfsense router but it looks like I've lost that tab now.

 

Apparently Intel Atom is a good platform for low power usage for such a system.



#90 refresh

refresh

    Advanced Member

  • Members
  • PipPipPip
  • 163 posts

Posted 12 May 2014 - 05:56 PM

Those intel atoms are nice however the older ones did not support AES.

 

The newer ones aimed more at servers and workstations and business class do have AES although worth googling the cpu and specs to make 100% sure.

 

We have the new baytrail cpus also but the ones being launched from what I can tell do not support aes.

 

When you look at these nice small and tiny systems they look good but as suggested its nicer and better if you can get a cpu with AES and also use Intel network cards. So it falls back to slightly bigger ATX desktops sadly, you can also get 4 port Intel nics with lower profile brackets for about £50 off ebay so you could install that in a smaller mini atx or mico atx system.



#91 McLoEa

McLoEa

    Advanced Member

  • Members
  • PipPipPip
  • 216 posts

Posted 13 May 2014 - 06:21 AM

Why not just add the networking capability to an existing PC?

 

Is there a defined list of reasons why it's better to use a stand alone unit?



#92 refresh

refresh

    Advanced Member

  • Members
  • PipPipPip
  • 163 posts

Posted 13 May 2014 - 12:19 PM

That is what most folk have done if you got a 2ghz+ system you could easily add a 2 or 4 port intel nic.

 

AES cpus are just a nice touch but certainly not required they basicly reduce the overhead of work done so lets say your CPU maybe working at 30% usage, on an AES cpu it maybe 15-20% usage or even less.

 

Many guys have actually just done pfsense on an intel P4 desktop or old computer and its still fine. As a stepping stone its perhaps just an idea to start small especially if funds are lacking right now, once your pfsense is installed and set up you just have that added happy feeling knowing your IP and DNS are not leaking and you can still hit your 50meg or 100meg speeds..... even off a 2ghz+ old desktop you got from ebay for a few bucks or quids :)

 

I would if i was you try that new air client beta and see if it improves your performance, newer builds will contain leak protection.... for the casual net user I guess its ok but as I suggest you can never put a price on your privacy!



#93 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 14 May 2014 - 04:44 AM


Why not just add the networking capability to an existing PC?

 

Is there a defined list of reasons why it's better to use a stand alone unit?

 

There are countless reasons why its better. One that hit home for me was last year when the TOR browser was compromised. If you were behind openvpn on pfsense, even if it exposed your "IP address" it sent home the 10.4.0.X ip address assigned by the VPN and not your ISP. If you used a consumer router... exposed. TOR + OpenVPN on WIndows? Would have been exposed. That's just one reason. There are many security reasons, is it isn't compromised by other software on the system. There are performance reasons, if you care about that too.

 

That's not even mentioning that it is a REAL firewall, not a false sense of security consumer routers are.

 

It really comes down to whether one cares about taking all precautions in security and privacy. If you intend to take it seriously there is no questions, you are leaps and bounds better off with a dedicated appliance.

 

But if one is going to go that route, it needs to be taken seriously. You need good equipment to use it proper. Fast memory, good (Intel) NICs, and a 2+ ghz processor with AES and in that order of importance. I don't care what you read elsewhere, I can take screenshots of how much resources it actually takes to utilize the features you need to be secure and private. I'm using 9 gigs of memory using Snort and pfblocker. If I set up snort for another VPN connection I might be up to 13 gigs of memory.

 

Now if you have an old pc around and all parts required to get started, sure why not use it and learn. I just will never recomend buying second hand unless it is currrent generation equipment at a deal.

 

Just my 2 cents.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#94 McLoEa

McLoEa

    Advanced Member

  • Members
  • PipPipPip
  • 216 posts

Posted 14 May 2014 - 08:07 AM

Thank you guys,I'm just trying to get a sense and feel of the job before I jump in and your inputs are valued.

 

I would be interested in seeing the screenshots of the resources being used of course.

 

:)



#95 McLoEa

McLoEa

    Advanced Member

  • Members
  • PipPipPip
  • 216 posts

Posted 14 May 2014 - 08:14 AM

I was looking at micro and mini atx cases last night but of course I need to factor in the number of expansion slots I may need in the future if I want to create a piece of equipment that I can update and future proof a little.

 

Any suggestions trom you guys?

 

Or,if you were making a shopping list to build the ideal system what would you get?



#96 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 15 May 2014 - 02:46 AM

Thank you guys,I'm just trying to get a sense and feel of the job before I jump in and your inputs are valued.
 
I would be interested in seeing the screenshots of the resources being used of course.
 
:)

At the time of this screenshot it was using just shy of 8 gigs of RAM. A far cry from what you read around the net. I wasted money on a previous build because of such info. Some people define anything that turns on as "working". It's a far cry from working well though.

0858f43d7848aff82967128fd25db73c.jpg

Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#97 pfSense_fan

pfSense_fan

    Advanced Member

  • Members
  • PipPipPip
  • 247 posts

Posted 15 May 2014 - 03:07 AM

I was looking at micro and mini atx cases last night but of course I need to factor in the number of expansion slots I may need in the future if I want to create a piece of equipment that I can update and future proof a little.
 
Any suggestions trom you guys?
 
Or,if you were making a shopping list to build the ideal system what would you get?

Ideal is in the eye of the beholder. DO you use VOIP, Gaming, do heavy downloading? How willing are you to learn about serious security? Do you want to be as secure as possible?

If you read any post where this comes up, the first thing i say is get a rangely board. Preferably the octo core, but the quad core will suffice for most users. Those boards have top of the line intel NICs, AES, low power and a feature called quickassist which things like Snort will use in the near future. They simply are the ideal build right now. If you wanted some more single thread horsepower, you could use a Haswell Xeon for about $100 more. It's really up to what you want to be ale to do with it.

My choice came down to I didn't want to find out I couldn't do something.

Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!


#98 McLoEa

McLoEa

    Advanced Member

  • Members
  • PipPipPip
  • 216 posts

Posted 15 May 2014 - 06:42 AM

I've been looking at old Dell Optiplex 755 PC's and I think that may be the way in for me,they look like a reasonable platform to enter into the world of pfsense and start to learn about configurations and all the other possibilities.







Similar Topics Collapse

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 13662 - BW: 49600 Mbit/sYour IP: 34.228.143.13Guest Access.