I was asking myself how a ryzen system would perform in case of using as a router. My second question is does ryzen support AES acceleration? If not is there a cheap alternative e.g. add-on card?
Ryzen chips support aes instructions - should work fine. A more interesting choice would be your network card, and whether you’ll be running your pfsense virtualized or on bare metal.
I’m running pfSense on a Ryzen 1200 system with a dual Intel NIC. AES is good to go.
Performance is good. I run several plugins including many PfBlocker advertiser and malware lists, and OpenVPN server. No complaints about any of that so far. CPU usage is always very low.
Out of curiosity, what do you do for graphics output?
Did you have a gpu in for the initial installation and config, and then remove it to run headless?
I just have a lowly GT710 in there. I didn’t bother to try to remove it or anything but the system runs headless. I set up a raspberry pi as a dumb terminal through a serial connection to get a local console access since PFSense doesn’t like the resolution of my KVM monitor for some reason and according to forums, there’s no plans to support it.
How much bandwith is your internet connection? And then I am most interested in the upload speed with openvpn. I am now running a old dell server with a pentium D in it and the openvpn speeds are no good at all.
That’s what I did. I’m planning to put a PCIe x1 card in just for a VGA out. Since I literally stack all my other stuff on top of it, I can’t access it easily so …
Overall it is totally a viable option. The board might complain on boot about no video output but otherwise it’s fine.
I’ve got a 500/50 connection. I haven’t fully benchmarked VPN but performance has been fine for what I use it for, even enough to watch HD video if I want. Just testing using my Cell phone at the moment so mileage may vary. I get 40Mbs down without VPN and 30Mbs down with VPN (single file test for both). Upload, I only get about 1.5-2Mbs for both but that is a limitation of the cellular network i’m on.
VPN download speeds will be limited by home upload speed and usually my VPN upload speeds are limited by my local upload speed so its hard to really see the true cost of the overhead of VPN so far.
If I get the chance to try it from a faster, more stable land line connection I’ll try to update this then but it may be some time before I will be able to. I’ve got a buddy with the same internet speeds and provider that would be a good test but his house is being gutted and remodeled so I don’t know when I’ll next get the chance.
Many thanks for your anwsers. Do you runn udimm ECC memory? And how is this headless config. Could I use a cpu without a igpu or pci-e gpu? How to run headless how to configure the motherboard to passthrough serial
I don’t run ECC memory. I’m not worried about data corruption too much since I keep backups of my pfSense config files. I didn’t think it worth the added cost but perhaps there’s a benefit I’m not aware of.
For serial, you may need something like this which will add a 9 pin serial port to your pc and it plugs into your serial header on your motherboard (if your motherboard has one). You will possibly need to also enable the serial port in your BIOS. Check your MB manual.
Update: I just ran a test at my friends place. Looks like I’m getting ~45Mbps down and 31Mbps upload on average over my VPN. We are both on the same ISP with the same 500/50 network speed and mtr shows we are in the same neighborhood, not touching the internet between us before the connection goes out my end so best case scenario.
Just for comparisons sake, doing a speed test without VPN on his network we get 550/36. I show 420/48 on mine. I’m not sure exactly the cause of the difference but it isn’t outside of what I’ve seen before. Since the network speed over VPN is limited by the upload speed at both ends, this makes sense based on the results I see and there doesn’t appear to be much in the way of overhead at all.