Hi all,
I’m new to the world of PFsense and looking build my own router.
I’ve got a fair idea of what I need but I’m not really sure what sort of CPU’s I need for it.
At the moment I’m looking to put one together using an old Llano A8-3850 I have laying around - though I’m not sure that this has AES NI for future builds - it will do for now!
What I want to be able to do is run a VPN on the router and achieve near line speed (150 Down and 30 Up).
What I would real like to know is, what sort of CPU would get me those sorts of speed while on a VPN?
Most of the info seems to suggest a “Modern 4 Core” but that doesn’t really narrow it down, would a Newer Athlon do it (2c4t) maybe a Celeron or do I need to look at i3s and above?
2 additions;
I think the Modern 4 core was actually for something else I have been looking at.
Also forgot to add, while I’m quoting new hardware, used is just as useful.
If the CPU has AES-NI or AMD’s equivalent, and the VPN is encrypted with AES, then at those speeds, almost any CPU will do. Also worth noting if you connect via OpenVPN, the process is single threaded (don’t know about IPsec or the upcoming implementation of Wireguard), so dual core will do just fine. I have an intel J3455, pushing 200Mbit up and down simultaneously and it barely breaks a sweat. What will eat up your CPU cycles is packet inspection for instance.
Ditto. I got the ASRock J3455M. If you can’t find this one (or the ITX version), look for the similar J3710M / ITX, J4005M / ITX, J4105M / ITX, J5005-ITX or J5040-ITX (some of them have ddr3, some ddr4, some have DIMMs, some have SO-DIMMs).
Alternatively, if you want something small and good looking, while not minding paying the premium, look for MintBox 2 or MintBox Mini 2 (with 2 Ethernet ports).
How much money you have to spend?
I bought a protectli and installed pfsense as a virtual machine and passed thru the ethernet ports into it (using proxmox). This gives you the extra room for some containers, backups, flexibility to try out different firewall solutions aside from pfsense, perhaps Plex media server etc
I went with vault 6 port and I couldn’t be happier.
Highly recommended
Passively cooled, has serial console by default.
So I was actually just looking at buying the;
Celeron G5900 and ASRock H410M-HVS,
Can pick those up for about £100 and I have a case and RAM available here.
As for things like Plex, I have an UnRaid server that houses that for me.
I should point out that I’m UK based, some of the systems mentioned above don’t seem that easily available or not much cheaper than buying the new hardware I mentioned above.
Though don’t mistake that for not being grateful for the response!
So they are!
However, they’re a bit out of my price range at the moment.
Also, I quite like the idea of building mine, gotta have something to tinker with with all this working from home!
Do you think the Celeron and ASRock board will get it done.
I feel it would based on whats already been said.
anything with a xeon class processor will work. now why would i say that.
you can get a used xeon work station for under $100.00 on ebay if you watch carefully. needs to be a min of 2.0G speed. 2 core 4 core will work fine the real speed killer is make sure you are using a PCI Express NIC stay away from the PCI buss it can only handle around 100M bandwith. The only issues i have ran into is with a DELL workstation that was not PCIE backwards compatiable with the 1.0 standard. Good luck with your project.
CPUs cores (1.5GHz Goldmont) are too slow for Gigabit OpenVPN despite AES-NI; you only get around 350Mbps bidirectional.
If you don’t care about pfsense, and would be happier with Linux and a smaller passively cooled setup, odroid n2+ is good (get a second usb-3 gigabit nic) and friendlyarm r4s (has 2 nics) are good choices.
Both are relatively modern high clocked arm cpus. 500Mbps+ on wireguard should be easy peasy for either. (They have hardware crypto if you want L2TP/IPsec for more speed)
if you’re not happy with OpenVPN performance, look into things like wireguard and tailscale(wireguard based) It blew my mind how much faster it is.