Return to

Pfsense, VPN, Hardware, Proxmox, Experience

Hi there! My first thread here.

I would like to talk a little bit about pfSense and hardware support. I researched a bit on the Internet the other day, regarding the speed that you could expect when using OpenVPN with low-end hardware.

Let’s say that I would like to be able to connect to a VPN and route Gigabit speed (the “golden” Gigabit speed).
What hardware is really required? I would have like to get a short answer with something like “not below 3k points on” and it will work. I have no idea if the answer can be that easy.

It seems to be quite difficult to find a quiet and small PC that has space for a 4-port network card or at least two ports on board.

I have seen that some people are using “router on a stick”. It does not feel like it is something for me and the reason for that is my lack of knowledge about VLANs. (I would like to learn about it in the future).

Another thing that I’ve also thought a bit about, is what the user’s experience has been with USB network adapters?
Are they really as unstable as everyone says?
Does it depend on how resource-intensive the traffic is that is going through them?
Is that an acceptable compromise for that in a home environment?

Another option for me could be to virtualize pfSense in Proxmox. I would like to have a server where I host one or two GNU/Linux machines and also possibly another one for pfSense.
I have two alternatives to CPUs, check the link below.
Which of the two would be the better one to use in that type of scenario?
One of them has more cores, but worse scores overall compared to the one that has only 4 cores.

Is it possible in Proxmox to create a limit so that pfSense always has 33 % or 50 % of the CPU allocated, regardless of whether the other VMs have a high load?

Link to the two CPU alternatives

Thanks in advance!

A lot of usb network adapters have realtek nics in them, which have poor support in Linux/BSD. They work, and are fine but I’d doubt the reliability of them to get gigabit speeds.

Sounds like a bunch of old people in a retirement home secretly running a Tor datacenter in their basement.

low speed. J4105 with hardware AES-NI gets you around 350Mbps of openvpn throughput.

Perhaps you should look into building an el cheapo i3-10100 based system if you want really high speed OpenVPN. I don’t know how much it can handle, but probably a lot.

I don’t know if qotom or protectli or other small system/minipc builders sell pre-builts or passively cooled barebones with modern high clocking i3 (not the 35W edition).

OpenVPN processing is sadly very sequential, L2TP/IPsec and wireguard … less so - they should be faster.

I can try to set something up with an odroid n2+ tomorrow (I’m curious about wireguard performance on that one)

1 Like

I run opnsense on a VM on an i5, with wire guard running on the host. I never measured raw throughput capabilities but I can saturate my line

I already have a AMD FX-8350 Eight-Core and a Intel Core i7-7700K. those two are close to the Intel i3-10100 in performance. if it’s possible to pre-allocate system resources in Proxmox, I could try to virtualize Pfsense. but the question still stands. what CPU is best? the AMD FX-8350 or the Intel i7-7700K

with the VPN provider I have I can’t have a set public IP or open more than 7 ports, if I don’t use OpenVPN. therefore isn’t Wireguard an option. they are working on implementing Wireguard and public IP together.

Re: …VPN provider …

i’m skeptical about them being able to provide getting a gigabit through VPN out of them.

Re: 7700k vs 8350

7700k is a better CPU in terms of IPC for this type of thing, but I’m guessing either would be capable.

Looks like odroid n2+ might be able to pull a gigabit with wireguard (or 850 bi-directionally). I forgot I’m using a 100Mbps POE injector with it, and I’m using it with coreelec so the setup is this weird containerized thing, but I’m getting a minimum 75% idle on a core when running bi-directionally iperf3… and about 87-90% idle overall average.
This CPU also supports hardware crypto, I guess I could give OpenVPN a try as well once I fixup the POE situation.

1 Like