OPNsense Forum
English Forums => General Discussion => Topic started by: Gargamel on October 04, 2017, 09:47:04 am
-
Hi.
At home i have 250/250 Mbps connection.
I am currently running pfSense, and its "so so" due to config i believe.
I was thinking on to completely wipe my setup at home while i re-install servers and other computers on the lan.
Will a i7-5550U cpu with OPNsense be able to handle 1 or 2 connection of AES-256-CBC / SHA1 OpenVPN connection and give as close to max speed as possible as "vanilla wan"?
Currently i have one connection and all servers and utilities goes thru the same VPN route.
I was thinking to get another managed switch and setup vlan so certain servers goes thru "openvpn connection #1", so i can port forward to the servers that needs it, with a public ip.
And all other users gets router thru the "openvpn connection #2" where they share the ip of many other users that subscribes to the same service, and no ports open(inbound).
If i setup 2 openvpn connection, will these 2 use one core each (2 physical cores, 4 threads)
https://ark.intel.com/products/84992/Intel-Core-i7-5550U-Processor-4M-Cache-up-to-3_00-GHz (https://ark.intel.com/products/84992/Intel-Core-i7-5550U-Processor-4M-Cache-up-to-3_00-GHz)
The box i use has 8GB ram and 128 GB ssd.
I do not really plan to use snort/ids etc, but might use it to detect possible attacks of some sort from the "outside" (wan/openvpn-wan).
I will also have an openvpn server to be able to connect from anywhere in the world, to get on to the lan when i need to, here speed is not main concern, security is more the concern, but need an open hole to get "home".
I have 1 pc at home (and openvpn server from internet) that should be able to reach all servers on the lan, but most servers and other peripherals, do not need to access anything else then internet, more or less.
--
How would you setup this? Or am i over-complicating this?
-
Hi!
I can say that you are NOT over complicating this, as much as I understand your exposure these are your needs, that's it! :)
You can be as chill as possible regarding HW you have and config you thought about (including VLANs and 2 VPN concurrent sessions), it will do the job just fine. You didn't mention the NICs you have though, brand and model... Just be careful to be supported by reliable drivers for FreeBSD and you'll be fine.
Just proceed, and follow the documentation to achieve maximum throughput for everything you need.
Good luck!
-
If i do dual openvpn connection to internet, will each client use one core each automagically?
This is the cpu info and network cards
Intel(R) Core(TM) i7-5550U CPU @ 2.00GHz (1995.43-MHz K8-class CPU)
em0@pci0:2:0:0: class=0x020000 card=0x6c401462 chip=0x10d38086 rev=0x00 hdr=0x00
vendor = 'Intel Corporation'
device = '82574L Gigabit Network Connection'
class = network
subclass = ethernet
em1@pci0:3:0:0: class=0x020000 card=0x6c401462 chip=0x10d38086 rev=0x00 hdr=0x00
vendor = 'Intel Corporation'
device = '82574L Gigabit Network Connection'
class = network
subclass = ethernet
I bought this item with i7 / 8 GB ram 128GB ssd
https://www.aliexpress.com/item/Eglobal-Fanless-Industrial-Mini-PC-Windows-10-Linux-Intel-Core-i3-4010U-2-Lan-6-RS232/32588970023.html
-
For every OpenVPN server or client you have, when that server or client is connected to it's peer (site-2-site), you might observe (eg. in Dashboard, or in Services -> Diagnostics) that there is a dedicated service created. So, my conclusion is, since there are separate services started, that each session is independently allocated to system HW resources.
I am not sure if and how many services are created for "road warriors" OpenVPN connections, I don't use OpenVPN for roaming clients, but you might test it and see if it is acting like site-2-site does.