On the pfsense side there is one OpenVPN encryption setting supported. It is the difference between usable and usable encryption links. Though it is lower then the settings I would prefer for end users. Seems fine for running links across the cable companies network.
These guys carry a pretty good variety of small low power systems: http://www.hacom.net/catalog/jupiter-iv-1u-server-pfsense-appliance?gclid=CJHwy8TY5boCFQdyQgodaQYABA On Thu, Nov 14, 2013 at 5:34 PM, Keith Lofstrom <[email protected]>wrote: > On Thu, Nov 14, 2013 at 12:32:24AM -0800, Chris Schafer wrote: > > I have friend who used a lot of those boxes running pfense and had lots > or > > performance problems with any applications that required encryption or > > decryption. Also had a high failure rate. Which wouldn't have been a > > problem except they would fail in interesting ways. Several couldn't > push > > 10Mbe on one of their interfaces. Wasn't a configuration because > identical > > models running identical code was fine. Makes you look really bad when > it > > really is not the cable companies fault that you can't push a solid 3 Mbe > > link. > > I run two Alixes (Ali?) as firewalls at two sites, both running a > stripped-down version of the CentOS 5 distro, and connected to > each other, my outside servers, and road warriors with OpenVPN. > I have not seen the failures Chris talks about, though I keep a > third ALIX ready as a spare, just in case. > > I don't really know about performance. They move unencrypted > bits through the FIOS link just fine (15Mbps upload, 5Mbps > download, as advertised), and rsync backups over the VPN > from a server in California are just a little slower. > > The AMD Geode that drives these machines has an encryption engine > that OpenVPN is not currently using. Perhaps that can help with > speed, if someone tells me how to engage it. Also, in both cases > I shove all the logging bits (unencrypted) to local servers, so > I do few writes to the compact flash card I use as main storage. > If I did more local read/writes, I imagine the ALIX would be a > lot slower and less reliable. > > I am using "x133" CF cards. 8GB cards are $10 from Newegg, and > I only use about 1.2GB of that. Are faster cards worth it? > > While I do not need Yet Another Spare, it would be good to prove > the usability of these machines, so that more local users would > have them, and more people could teach me to do it right. So if > anyone can suggest some easy measurements, or do them in their > own lab, perhaps we can demonstrate the quality and speed of > these little machines, either to convince others to join us, > or to find a better alternative. Either way, we should use > what PTP uses, and leverage from their experience. > > If I upgrade from an Alix, I would like something small, X86, > solid state, low power (4 watts or less), and inexpensive. > I don't know of anything better in that class. > > Keith > > -- > Keith Lofstrom [email protected] > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
