Netgate SG-1000 microFirewall

Author Topic: Off the shelf box < $300  (Read 1368 times)

0 Members and 1 Guest are viewing this topic.

Offline Marrduk24

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Off the shelf box < $300
« on: January 13, 2018, 05:23:01 pm »
All
I currently use VPN client on my windows PC with PPTP protocol as my ISP otherwise throttles Usenet. I am aware that PPTP is not fully secure but it is fine for my purpose. I get 100 mbps  download speed with my windows PC based encryption. I would like to move to a router based solution but if I use my Asus RT68u as PPTP client, speed drops to 20mbps. So I am planning to buy a pfsense box.

While in the past I have built PCs I couldn’t be bothered any longer.

What’s the best recommendation for a small, fanless box with AES-NI support. Ideally it is thoroughly user tested, either comes pre-installed with pts ends or installation doesn’t have any quirks.

I am guessing the setup would be cable modem > wan port of pfsense router | lan port of pfsense router > my wireless router, which will be used as an access point only
« Last Edit: January 13, 2018, 05:30:51 pm by Marrduk24 »

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 837
  • Karma: +59/-1
    • View Profile
Re: Off the shelf box < $300
« Reply #1 on: January 13, 2018, 08:08:52 pm »
PPTP is no longer supported. You can't have it. Also, below 300 the SG-1000 works. As do cheap Qotom and MiniSys systems and the APU2.
Stop using PPTP, the sooner it's dead, the better. pfSense no longer includes server or client components and they will (hopefully) never return :)

Depending on your provider, you might have IPSec or OpenVPN options.

If you want true supported and preinstalled hardware, Netgate is your only option. https://store.netgate.com/pfSense/systems.aspx

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15168
  • Karma: +1413/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Off the shelf box < $300
« Reply #2 on: January 14, 2018, 05:28:14 am »
"I am aware that PPTP is not fully secure but it is fine for my purpose"

This is what is wrong... This mentality... You understand its not secure but continue to use it.. Move to something better vs holding on to old no longer secure protocols... Same goes for ftp - why will it not just die already... It should have been killed off 10 years ago as well..

That so called "vpn" providers still provide it - WTF??  Just utter nonsense.. There are plenty of easy to use and setup secure options - supporting dead tech doesn't do anyone any favors...  You will have to lookup the different vpn benchmarks for say the sg-1000, from what I recall it won't do anything close to 100mbps currently with openvpn.. But that might change with updated drivers, etc.. But its ipsec performance might be good enough?  If not go with its bigger brothers.. The sg-3100 might be a good fit for you, its a touch over your $300 mark but it does include gold, and has 4 switch ports, etc.  And biggest thing is you would be supporting the cause vs some china box ;)
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 837
  • Karma: +59/-1
    • View Profile
Re: Off the shelf box < $300
« Reply #3 on: January 14, 2018, 08:08:13 am »
By the way, what ISP is this, and what connection type are we talking about? If it's PPPoE it might require additional power since it's still single-threaded and quite heavy compared to other connection types.

Offline someuser08

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Off the shelf box < $300
« Reply #4 on: January 14, 2018, 09:16:09 am »
I can sympathize with OP's challenge. Why do people think that everything needs to be 100% secure when I recon majority of VPN users only actually need a bit of obfuscation or proxy...

As for solution - I have been advised to try something different - wireguard (which pfsense unfortunately doesn't support yet). Your router supports LEDE, so you can try wireguard client on that ( if you can find a server). it's supposedly 4-5 times more perfomant than openvpn...

Offline Marrduk24

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Off the shelf box < $300
« Reply #5 on: January 14, 2018, 02:18:07 pm »
ISP: Telstra in Australia. I don’t believe it is PPPoE because my understanding is PPPoE requires you to enter user name and password and I didn’t have to do that. Modem/ Router was provided by Telstra and is Netgear C6300BD. As I mentioned previously I am planning to use this purely as a modem. Anyway for their cable internet connections Telstra doesn’t permit third party modems.

I find a couple of responses here quite funny - instead of helping me find the best solution to my problem, people think I should just redefine the problem.

All I said was I want a small off the shelf box which either comes preinstalked with pfsense or pfsense can be installed on without complication and that is fast enough to provide > 70mbps. I am aware that pfsense no longer supports pptp and hence it would have to be openvpn.

Offline GruensFroeschli

  • Little Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5447
  • Karma: +87/-3
  • No i will not fix your computer!
    • View Profile
Re: Off the shelf box < $300
« Reply #6 on: January 14, 2018, 02:21:35 pm »
I can sympathize with OP's challenge. Why do people think that everything needs to be 100% secure when I recon majority of VPN users only actually need a bit of obfuscation or proxy...

As for solution - I have been advised to try something different - wireguard (which pfsense unfortunately doesn't support yet). Your router supports LEDE, so you can try wireguard client on that ( if you can find a server). it's supposedly 4-5 times more perfomant than openvpn...
If you don't need security, then don't use a VPN.
If all you need is a normal tunnel, then use one.
We do what we must, because we can.

Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 837
  • Karma: +59/-1
    • View Profile
Re: Off the shelf box < $300
« Reply #7 on: January 14, 2018, 03:23:25 pm »
Since you know you can't have PPTP anymore, let's ditch that discussion. Depending on who/what you are connecting to, you might need beefier hardware than you'd expect since OpenVPN is still single-threaded. You might have some luck trying the OpenVPN client version of whatever service you are using with PPTP at the moment, if the OpenVPN speed is ok and we know your PC specs, we can give you some better suggestions. If it turns out you need i5-level hardware, you'll probably end up with a used office PC or a china box.

Offline andrewjoy

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Off the shelf box < $300
« Reply #8 on: January 16, 2018, 11:29:44 am »
"I am aware that PPTP is not fully secure but it is fine for my purpose"

This is what is wrong... This mentality... You understand its not secure but continue to use it.. Move to something better vs holding on to old no longer secure protocols... Same goes for ftp - why will it not just die already... It should have been killed off 10 years ago as well..

That so called "vpn" providers still provide it - WTF??  Just utter nonsense.. There are plenty of easy to use and setup secure options - supporting dead tech doesn't do anyone any favors...

whist i totally agree with you, the option should be there to turn on or install manually

sometimes you may have to work with some old ancient piece of kit or long for this world server that you need to pull legacy data off


Offline johnkeates

  • Hero Member
  • *****
  • Posts: 837
  • Karma: +59/-1
    • View Profile
Re: Off the shelf box < $300
« Reply #9 on: January 16, 2018, 11:32:20 am »
"I am aware that PPTP is not fully secure but it is fine for my purpose"

This is what is wrong... This mentality... You understand its not secure but continue to use it.. Move to something better vs holding on to old no longer secure protocols... Same goes for ftp - why will it not just die already... It should have been killed off 10 years ago as well..

That so called "vpn" providers still provide it - WTF??  Just utter nonsense.. There are plenty of easy to use and setup secure options - supporting dead tech doesn't do anyone any favors...

whist i totally agree with you, the option should be there to turn on or install manually

sometimes you may have to work with some old ancient piece of kit or long for this world server that you need to pull legacy data off

I'm not sure PPTP has anything to do with that :p

Offline Marrduk24

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Off the shelf box < $300
« Reply #10 on: January 17, 2018, 03:21:54 pm »
Since you know you can't have PPTP anymore, let's ditch that discussion. Depending on who/what you are connecting to, you might need beefier hardware than you'd expect since OpenVPN is still single-threaded. You might have some luck trying the OpenVPN client version of whatever service you are using with PPTP at the moment, if the OpenVPN speed is ok and we know your PC specs, we can give you some better suggestions. If it turns out you need i5-level hardware, you'll probably end up with a used office PC or a china box.

So I tried using openvpn on my PC, which has Q8200 processor. I was getting about 60 mbps, which is about the same I get using pptp. My cpu usage was about 25%.

So thoughts on what router/ hardware can I use to get the same speed

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 837
  • Karma: +59/-1
    • View Profile
Re: Off the shelf box < $300
« Reply #11 on: January 17, 2018, 06:13:06 pm »
In that case an APU might do, but an i3-based Qotom or MiniSys will definitely work.

Offline Marrduk24

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Off the shelf box < $300
« Reply #12 on: January 17, 2018, 06:53:33 pm »
Thanks John. I am leaning towards QOTOM with i3 4005u and 4gb ram/32gb ssd

Offline jwt

  • Administrator
  • Sr. Member
  • *****
  • Posts: 369
  • Karma: +104/-34
    • View Profile
Re: Off the shelf box < $300
« Reply #13 on: January 17, 2018, 08:27:26 pm »
I wouldn’t buy a qotom if you’re concerned about security.

We’ll look at adding wireguard after it runs on FreeBSD.

Offline jusjay

  • Newbie
  • *
  • Posts: 16
  • Karma: +3/-0
    • View Profile
Re: Off the shelf box < $300
« Reply #14 on: January 17, 2018, 09:25:11 pm »
I wouldn’t buy a qotom if you’re concerned about security.

Can you expand on this please?