pfSense English Support > Hardware

AXIOMTEK? Hardware for OpenVPN throughput with AES-NI on pfsense 2.4 and 2.5+

(1/2) > >>

Guys i think i found good solution for openvpn throughput. Check it out and let me know if anyone tested any of those CPU. I'm targeting 300Mbps or more on openvpn. For $300 i would like to future proof it a bit as i got burned with Zotac box N3510 that can't do more then 120Mbps on openvpn. I am also attaching original 2 yr old throughput thread for reference.

The once that look interesting are CAPA500 & CAPA312 with N3350 with CAPA500 obviously slaying it. I can't find the pricing for it tho. Let me know if anyone tested some of those processors throughput.
I have attached few other sources that seem interesting. If anyone has any other hardware suggestions please post some links. Thank you.,%20CAPA318&C=3.5-inch%20Embedded%20Board,searchweb201602_3_10152_10151_10065_10344_10130_10068_10324_10547_10342_10325_10546_10343_10340_10548_10341_10545_10084_10083_10618_10307_10313_10059_10534_100031_10103_10627_10626_10624_10623_10622_10621_10620,searchweb201603_25,ppcSwitch_2&algo_expid=d2d0b89b-f7eb-4358-bcf8-506b622a23ff-1&algo_pvid=d2d0b89b-f7eb-4358-bcf8-506b622a23ff&priceBeautifyAB=0

While they are all fine, the industrial stuff is expansive and you are better off getting stuff form Netgate directly. Qotom and MiniSys work fine, but you have to make sure you get the higher end SoC like the i5 or better. Also, if you want to max out OpenVPN speed you need to go multicore, so start multiple instances and load balance the traffic overt hem.

Thanks bud for the feedback. Question. How does one establish multiple connections on vpn. I believe vpn provider will only allow one connection per username so i'm fuzzy how this could be setup. I'm sure they wouldn't like that at all. Sorry i'm still a newbie to this.

BTW yes i agree. I have decided upon i5 as celeron sucks and so does atom looking at single thread rating on cpubenchmark website.  i7 has very incremental gain over i5 but cost is $100 more for it so it's not worth it.

i3 performance is too diminished and closer to celeron so i did pass on that one as well. What i did i looked up single thread performance of all those processors on cpubenchmark as openvpn is single thread operation i chose best one for the money which turned out to be i5. I passed on AMD as well as i saw few threads with issues of AMD and AES-NI instructions. Don't wanna deal with that although i have AMD APU in my pc and i love it. Never had issue with it but for firewall i would stick with intel. My thoughts on intel was and still is a very overpriced CPU. AMD kicks ass for the money.

There is interesting CPU for for firewall i5-6200U with same performance as i7-4500U but no one makes this yet with dual nics.

However i found i5 that is slightly worst then that one but only slightly. I wish there was a way to make openvpn multi thread then performance would really shine. It seems like I should be able to get 300Mbps on open vpen with i5. My ISP internet connection is at 180Mbps so as long as i can get that that would suffice but since i'm spending again few hundred bucks i would like to future proof it a bit and would like more. In few years this box again will be obsolete as probably internet connection will double and in circles we go. LOL. I laugh at those people that say use Pentium 4 for your pfsense router and it will rock. Haha. NOT with openvpn it won't. It sounds like best option would be to build 4.0Ghz AMD APU monster. I wouldn't mind that. That would process 600Mbps over openvpn probably. Some of the AMD are low power consumption. Maybe that's another option for future proofing a bit in mini itx form. Thoughts?

There have yet to be build a box that is sufficient for pfsense over openvpn. I'm thirsty for bandwidth. lol

Value vs performance

Single Thread performance for OpenVPN performance

The i5 will cover your needs for a while, and when it no longer does the hardware will be old enough to be replaced anyway.

An APU won't really help much, neither will most of the 'gamer' stuff. Performance has never been a simple thing, aside from the cycles, Mhz/Ghz, cores, threads, NUMA etc. there is no single measurement that can tell you what is what, workloads are too specific. At best you can get a rough rating (which is what you are currently seeing on those sites), but the best way to know how this will perform is finding others with the same setup/specs/targets that you have.

There are a number of people on the forum here that are running Xeon, C-series Atom and mobile i5, a good number of them is also using OpenVPN. I'd suggest checking out the Qotom thread (I wish it wasn't locked, helps a lot of people).

Well if the SoftEther people are to be believed, then it's much faster than OpenVPN.  We should try to get that implemented in pfSense.


[0] Message Index

[#] Next page

Go to full version