- Joined
- May 26, 2011
- Messages
- 654
Hey!
//Edit: Final HW + cooling post HERE
So now for the main question ... "DYI or Appliance"? I don't have any spare-parts which would have necessary power with AES-NI capabilities (Not really necessary for now but still) so i would need to buy the parts which could get quite expensive. More over the whole build would probably not fit into the existing cabinet sooo ... currently i am more for the Appliance solution.
Meaning second question is "Which device for pfSense"? I've read the pfSense HW requirements and i see they have own HW (Netgate). Aside of these i found TekLager providing quite nice hardware as well. And there are also some other brand boxes (but better to avoid most of these i guess :D)
My requirements are:
- Capability of handling ~100Mbps over OVPN (sha256)
- 3 clients with high bandwidth over WAN (up to 100Mbps but maybe more in future)
- 3-5 clients with low requirements from WAN perspective (I have 1Gbps L2 switch handling internal network)
- 4-5 VLANs (trunk port on Router side)
- Approx 100 FW and NAT rules
- In the future i might need IGMP proxy but this is optional for now
So currently i am considering one of these
- APU2D0 for sweet $228 but "only" 2GB RAM and no internal SATA port
- APU2D4 for fair price $278 with 4GB RAM and SATA slot for storage expansion
- SG-3100 price $349 seems quite high considering the fact that it has only ARM with no AES-NI :/ and the RAM/CPU is nothing extra.
- SG-5100 which seems to be nice piece of HW but the price tag is just crazy ! ( $699 ) no way i pay that much for a home router.
Thank you in advance for any comments, ideas or hints.
Note: I know there is pfSense forum but i guess our community has something to say as well :]
Thanks !
Alex
I need to have some of my devices behind VPN and instead of handling this separately on the devices i wanted to do that on my RB450G (Mikrotik) via prerouting/mangle. Technically the setup is not that hard but I've realized two major issues.
- ROS (still) does not support OVPN over UDP neither sha256 so no-go
- L2TP with IPsec catapults the CPU usage to 100% and it is not capable to handle throughput over 8Mbps. With no mangle and prerouting it hardly gets to 9Mbps. The CPU power w/o AES-NI is simply not enough.
So after a decade i am looking for new solution for my home network. I like Mikrotik/Routerboads but the absence of OVPN is just big step-back for me. And with ROSv7 not being released anytime soon i need to change the brand. SOHO/plastic crap is not going to happen (overpriced devices with limited usage). That basically limits the area significantly. As i already have UniFi AP AC i was checking the USG from Ubiquiti but the HW specs are just sh!tty for my needs. And the FW capabilities are limited as well. So the only way is the pfSense which seems to be the perfect match for me...
- ROS (still) does not support OVPN over UDP neither sha256 so no-go
- L2TP with IPsec catapults the CPU usage to 100% and it is not capable to handle throughput over 8Mbps. With no mangle and prerouting it hardly gets to 9Mbps. The CPU power w/o AES-NI is simply not enough.
So after a decade i am looking for new solution for my home network. I like Mikrotik/Routerboads but the absence of OVPN is just big step-back for me. And with ROSv7 not being released anytime soon i need to change the brand. SOHO/plastic crap is not going to happen (overpriced devices with limited usage). That basically limits the area significantly. As i already have UniFi AP AC i was checking the USG from Ubiquiti but the HW specs are just sh!tty for my needs. And the FW capabilities are limited as well. So the only way is the pfSense which seems to be the perfect match for me...
So now for the main question ... "DYI or Appliance"? I don't have any spare-parts which would have necessary power with AES-NI capabilities (Not really necessary for now but still) so i would need to buy the parts which could get quite expensive. More over the whole build would probably not fit into the existing cabinet sooo ... currently i am more for the Appliance solution.
Meaning second question is "Which device for pfSense"? I've read the pfSense HW requirements and i see they have own HW (Netgate). Aside of these i found TekLager providing quite nice hardware as well. And there are also some other brand boxes (but better to avoid most of these i guess :D)
My requirements are:
- Capability of handling ~100Mbps over OVPN (sha256)
- 3 clients with high bandwidth over WAN (up to 100Mbps but maybe more in future)
- 3-5 clients with low requirements from WAN perspective (I have 1Gbps L2 switch handling internal network)
- 4-5 VLANs (trunk port on Router side)
- Approx 100 FW and NAT rules
- In the future i might need IGMP proxy but this is optional for now
So currently i am considering one of these
- APU2D0 for sweet $228 but "only" 2GB RAM and no internal SATA port
- APU2D4 for fair price $278 with 4GB RAM and SATA slot for storage expansion
- SG-3100 price $349 seems quite high considering the fact that it has only ARM with no AES-NI :/ and the RAM/CPU is nothing extra.
- SG-5100 which seems to be nice piece of HW but the price tag is just crazy ! ( $699 ) no way i pay that much for a home router.
Thank you in advance for any comments, ideas or hints.
Note: I know there is pfSense forum but i guess our community has something to say as well :]
Thanks !
Alex
Last edited: