Menu
What's new
By:
Filters Better Search

Speed Tests with VPN and Encryptions. Help by Sharing your results :)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Rango said:
I understand and i agree 100%. For me avr joe i have no need yet for all this and for whopping $1000. You know what i mean.
Do i really need to get 85Mbps on vpn, probably not, 60mbps would do it but why shouldn't i if my comcast isp is 90/12. It bothers me i'm limited by some cpu in router and $1000 doesn't justify the upgrade just to get 20Mbps you know?

As far as hardware you know that every year or few new things come out and evolution takes place (newton law in computing) so the same hardware just like P3 is now will be equivalent to that $25 calculator. Same analogy ;)
Click to expand...

Not quite. The processors the routers are using can be greatly increased in performance. They are very low end in the absolute scheme of things.

Router hardware is matched to the os and other software features barely 'enough'. Giving a router a current processor (Intel i3 or better, an i5) with much more ram will make that router far outlive what any current router may hope for. All the while, giving more than enough performance (right to the end).

The cash doesn't care if it is spent all at once or in several steps over a given time period. But I care (I want to configure the equipment once and done). ;)
 
Rango said:
Whole pc is $55 so that's why. Again i could buy new intel xenon with AES instructions but then mobo cost and psu, memory, hd. It will run me a $1000 for mear 20mbps increase in vpn speed. I'm trying to justify cost to gain ratio here.

The way i see i have two options making virtualization work (which i'm failing here so far. Will try ESX over weekend) or $100 or less for refurb pc box like this one.
Those boxes that pfsense sells are $3o0 and i bet they will fail with CPU on vpn as they are atom 1.6 single core and they didn't take openvpn into account so even those boxes suck.

http://www.newegg.com/Product/Product.aspx?Item=9SIA7RB38R5907&RandomID=288181086122812420160310092107
Click to expand...

Hard to beat that price. But considering what it buys, I would consider spending more.

I can see the allure of getting this to work with a mere $55 investment and I hope it works out for you.

I just don't see my time as that invaluable to do it though. ;)
 
L&LD said:
Hard to beat that price. But considering what it buys, I would consider spending more.

I can see the allure of getting this to work with a mere $55 investment and I hope it works out for you.

I just don't see my time as that invaluable to do it though. ;)
Click to expand...

I'm open to suggestions L&LD as long as they are under $150 for what i'm trying to accomplish????
Just like with anything rewards vs cost. What are your suggestions even over $150 and why?
 
Rango said:
I'm open to suggestions L&LD as long as they are under $150 for what i'm trying to accomplish????
Just like with anything rewards vs cost. What are your suggestions even over $150 and why?
Click to expand...

I don't have specific suggestions besides what I've already hinted at (and, it would depend on what is available in your area), but by increasing your budget by 3 or 4 times, you have greatly increased the performance and efficiency of the system you are considering for what I assume to be an always on system.

I just feel that the bottom of the barrel option is always the one to be regretted over sooner. Buying just a little more hardware (once) is always cheaper in the end.

I would be looking at a system with at least dual GB ports (Intel if possible) and an i3 or i5 or better.

If you can't find such a system for the budget you have, then the $55 option may be considered again. But you won't know what is available if you don't try. Ask at schools, business' and anywhere else you can think of where they might have upgraded their equipment and are getting rid of the previous boxes.
 
Rango said:
I am a noob i admit but that's what the forum is for correct? I mean what's the other point of forum to chat and pat each other on the back.
Click to expand...

If a user has not done their research and asks questions that have already been answered, or asks questions that imply they are simply impatient... you may not get a warm reception.

Just for reference, I read pfSense-related texts, blogs, forums, books, and papers for over 6 months before I even had the need to ask a question on the pfSense forum. Most information is already out there, especially the boilerplate stuff.


This forum is one of the kinder forums I have found. pfSense... not-so-much. :)
 
L&LD said:
I don't have specific suggestions besides what I've already hinted at (and, it would depend on what is available in your area), but by increasing your budget by 3 or 4 times, you have greatly increased the performance and efficiency of the system you are considering for what I assume to be an always on system.

I just feel that the bottom of the barrel option is always the one to be regretted over sooner. Buying just a little more hardware (once) is always cheaper in the end.

I would be looking at a system with at least dual GB ports (Intel if possible) and an i3 or i5 or better.

If you can't find such a system for the budget you have, then the $55 option may be considered again. But you won't know what is available if you don't try. Ask at schools, business' and anywhere else you can think of where they might have upgraded their equipment and are getting rid of the previous boxes.
Click to expand...

Other box i found is this $150 box but it's same cpu speed yet better processor i3, but is that only marginally better? It's still dual core i3 and it still will lack AES instructions and will have SSE3 instructions. Unless i'm mistaken it will be marginally better then that Core 2 3Ghz pc i posted?
What u guys think?

http://www.newegg.com/Product/Product.aspx?Item=9SIA7RB3N28629#close

it has this cpu. This cpu has Instruction Set Extensions SSE4.1/4.2, AVX. System thoughts?

http://ark.intel.com/products/53422/Intel-Core-i3-2100-Processor-3M-Cache-3_10-GHz
 
Last edited:
Rango said:
Other box i found is this $150 box but it's same cpu speed yet better processor i3, but is that only marginally better? It's still dual core i3 and it still will lack AES instructions and will have SSE3 instructions. Unless i'm mistaken it will be marginally better then that Core 2 3Ghz pc i posted?
What u guys think?

http://www.newegg.com/Product/Product.aspx?Item=9SIA7RB3N28629#close
Click to expand...

The only "real-world" CPU measurement site I know of is http://www.cpubenchmark.net/index.php.

Like you say though, features like AES-NI can vastly change encryption speeds.

Intel's own site is great for researching a CPU's featureset.
 
System Error Message said:
nope. The pentium 3 lacks math performance for larger data points. It has SSE but the minimum you want is core2 because it has SSE3 and clock optimisations unlike the pentium 4. This means that using SSE for the encryption will yield good performance assuming for 128 bit. Some core2 xeons may have AES-NI but i am not sure if this was introduced during core2 time or iseries. You could get multi CPU core2 xeons cheaply though but the issue is finding a server motherboard you can work with for that and RAM controller was on the motherboard and not CPU so another limitation there. The core2 series are 64 bit CPUs whereas the pentiums are 32 bit so 64 bit coupled with a better SSE set would need less clocks for each 128 bit data calculation.

Sure pentiums had MMX and SSE but they were mainly use to accelerate 16 or 32 bit floating points not 128 bit data.
Click to expand...

System are those SSE4 instructions worth $100 more for i3 for encryption decryption?

http://ark.intel.com/products/53422/Intel-Core-i3-2100-Processor-3M-Cache-3_10-GHz
 
L&LD said:
http://ark.intel.com/compare/33910,53422

http://www.cpubenchmark.net/compare.php?cmp[]=955&cmp[]=749

Seems like the E8400 has no Instruction Set Extensions while the i3 is almost current (lacking AVX 2.0 compared to an i7 6700HQ processor).

Is it worth $90more? I think so.

Comes with an os, 3x bigger hdd and a 3 year newer processor.
Click to expand...

I'm browsing the intel site for desktop intel cpu that would have those intructions, maybe i can find refurb on newgg for 150$. Any ideas on top of your head.
there is so many and many are laptops so hard to pin point it
 
Rango said:
I'm browsing the intel site for desktop intel cpu that would have those intructions, maybe i can find refurb on newgg for 150$. Any ideas on top of your head.
there is so many and many are laptops so hard to pin point it
Click to expand...

To clarify, the i3 2100 has AVX (but not AVX 2.0).

The E8400 has none at all (at least according to Intel).

A quick search suggests that AVX 2.0 is available only in certain 4th generation processors and above.

http://ark.intel.com/

Fyi, a 4th generation core processor is Haswell based. I would not expect to see that on sale or refurbished for the $150 range you're interested in (almost twice as much performance again as the i3 2100 system, depending on the actual processor model you find).
 
you want AES-NI as it is actually worth it. Take the mikrotik RB1100AHx2, it does 500Mb/s of IPSEC AES per core so it would have no trouble doing openVPN using AES.
avx does processing of 256 bit data or larger much faster than SSE.

The iseries is 50% faster than core2 clock per clock and they have more execution units so hyperthreading is a big boost for them. If you need more processing the i3 would be the better choice otherwise the core2 would suffice. Neither CPU have AES instructions.

https://en.wikipedia.org/wiki/AES_instruction_set explains some CPUs that support it. Dont forget theres AMD as well and the piledriver is also a choice for routers as well. You could also assume it takes 28 cycles per byte so that should give you a hint to how much cpu frequency you need so the core2 is fast enough after giving a lot of headroom.
 
System Error Message said:
you want AES-NI as it is actually worth it. Take the mikrotik RB1100AHx2, it does 500Mb/s of IPSEC AES per core so it would have no trouble doing openVPN using AES.
avx does processing of 256 bit data or larger much faster than SSE.

The iseries is 50% faster than core2 clock per clock and they have more execution units so hyperthreading is a big boost for them. If you need more processing the i3 would be the better choice otherwise the core2 would suffice. Neither CPU have AES instructions.

https://en.wikipedia.org/wiki/AES_instruction_set explains some CPUs that support it. Dont forget theres AMD as well and the piledriver is also a choice for routers as well. You could also assume it takes 28 cycles per byte so that should give you a hint to how much cpu frequency you need so the core2 is fast enough after giving a lot of headroom.
Click to expand...

System you killing me bra. lol. I'm not good with math. 28 cycles per byte hehe. In short answer Core 2 3Ghz is enough to pull 85mbps on aes128 and aes256 or will cut it short?

That mikrotek router looks sweet but it's probably driven by Cisco ios or something which i don't know. I would then need to learn it. Too much for rookie like me. Is this web based or gui driven like pfsense?

I found something interesting. It's this vs that $55 one. If 55$ could do 85Mbps i would choose it, that's the question. Just FYI. this pc will only be used for pfsense, that's it.
I have AMD A10-7850 Kavaleri, 4.5Ghz, 16gb ram as main rig which was my main need to have pfsense virtualized. Crushed dream!!! I would have to upgrade HD to SSD as clicking in middle of the night would drive me crazy

Btw what is good AMD cpu with that file driver?

But this is not bad for $189 with free shipping. Aes yes TxT also.

http://www.newegg.com/Product/Produ...W5965&cm_re=i5-650-_-1VK-001E-003S5-_-Product

http://ark.intel.com/products/43546/Intel-Core-i5-650-Processor-4M-Cache-3_20-GHz
 
Last edited:
Rango said:
System you killing me bra. lol. I'm not good with math. 28 cycles per byte hehe. In short answer Core 2 3Ghz is enough to pull 85mbps on aes128 and aes256 or will cut it short?

That mikrotek router looks sweet but it's probably driven by Cisco ios or something which i don't know. I would then need to learn it. Too much for rookie like me. Is this web based or gui driven like pfsense?

I found something interesting. It's this vs that $55 one. If 55$ could do 85Mbps i would choose it, that's the question. Just FYI. this pc will only be used for pfsense, that's it.
I have AMD A10-7850 Kavaleri, 4.5Ghz, 16gb ram as main rig which was my main need to have pfsense virtualized. Crushed dream!!!

Btw what is good AMD cpu with that file driver?

But this is not bad for $189 with free shipping. Aes yes TxT also.

http://www.newegg.com/Product/Produ...W5965&cm_re=i5-650-_-1VK-001E-003S5-_-Product

http://ark.intel.com/products/43546/Intel-Core-i5-650-Processor-4M-Cache-3_20-GHz
Click to expand...


The passmark performance of that processor is low, imo, but it does seem to support all the necessary extensions!

For that price, I think it may be the most powerful and least expensive system you can buy for your intended use.


http://ark.intel.com/compare/43546,88967,82932,53422,33910

Features are very competitive, even if raw compute performance (in passmark) isn't the best bang for your dollar (the i3 2100 has that).
 
Rango said:
System you killing me bra. lol. I'm not good with math. 28 cycles per byte hehe. In short answer Core 2 3Ghz is enough to pull 85mbps on aes128 and aes256 or will cut it short?
Click to expand...

Indeed...

Everyone should adhere to the "tl;dr" mantra. That's my overly trendy interpretation of Einstein's paraphrased(?) quote, "If you can't explain it simply, you don't understand it well enough."
 
For AES either get a CPU that has AES-NI or get a CPU with raw compute power. Ofcourse the core2 at 3 Ghz would be sufficient but im just saying there are many choices.

For AMD the Piledriver architecture or even the bulldozer will run pfsense without an issue if you use intel NICs and not the onboard realtek. They might even have AES-NI.
Theres also core2quads as well, first gen iseries and so on. You can get a first gen iseries xeon with AES-NI for very cheap but the motherboards arent though but they do support triple channel ram so its a way you can have more ram cheaply.

Im just showing you what other choices other than the core2 that you can get for a decent price. DDR3 ram is currently the cheapest among all the DDR versions.
 
Thanks guys. I'm going to have to think about this. With virtualization solution providing i can get this up on ESX i saw lots of threads on high utilization cpu on vmware platform so i'm not sure if i want one pc be doing all that. Also when i reboot pc my firewall will reboot as well.

On other hand i will have higher electric bill and more noise from fan and psu. It's a trade off. With that $55 pc i have less to lose as if i ever revert back to router I only lost $55, no big deal but for future proofing that pc with those AES ext would be nice especially now that there is AES256-GCM. Hard choise no matter which way. That pfsense box they sell is $300 so another choise but little price for me to be toying a bit for now. Things is i'm still unsure if i will like pfsense vs router. Time will only tell. I'm happy for now that i was able to get this up. It's clear i don't know how to virtualize this. I will follow that guide it was posted earlier. If fails i'll go physical box route

Is physical box in your opinion guys better then messing around with vmware. Some of those high cpu usage were little discouraging on pfsense forum. Thoughts?
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Best way to set up vpn on router for gaming?
Replies
13
Views
1K
Benbrode
B
oleksandr.belei
Speed drop with VPN Server enabled on RT-AX82u
Replies
7
Views
363
oleksandr.belei
oleksandr.belei
B
Impossible speed tests
Replies
3
Views
500
sfx2000
sfx2000
A
Restart WireGuard client when fails
Replies
5
Views
340
ZebMcKayhan
Z
D
Solved SOLVED: Connected my ASUS router to the Internet via USB-tethered Android and having VPN issues
Replies
6
Views
770
dmikra
D
Similar threads
Thread starter Title Forum Replies Date
gdgross Setting up VPN server (router?) for offsite access VPN 13
C Instant Guard IPsec VPN Log Showing Regular Access Attempts VPN 3
A Best way to set up vpn on router for gaming? VPN 13
M VPN for a Cruise Ship VPN 11
F Router for VPN with AES-NI VPN 8
S How to start client VPN from the CLI on tomato firmware VPN 0
Diablo99 How to build a safe VPN VPN 3
F Site To Site VPN between Debian VM and AsusWRT-Merlin router, no routes exists VPN 2
P OPNsense / Adguard / DNS & VPN questions VPN 3
6 VPN problem on remote connection. VPN 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 826 (members: 29, guests: 797)
Top