|
|
|
Hello,
I can now get FTTP @ 900 Mbps. My current opnSense server won't cope with these speeds so I'm looking at my options.
Can anyone recommend a router capable of doing the following:
1 x IPsec VPN
1 x openVPN
The ability to allocate users which VPN to use. ie. Only allow one device to use the IPsec, but set multiple devices to use the openVPN as there default gateway.
I know this can all be done using openSence, but what hardware would be needed to support 1Gbps + speeds when connecting using PPPOE ?
Thanks
|
|
|
|
Hi. Has anyone got any ideas on this?
I'm thinking a N100 mini pc with 16GB ram and 128 GB SSD running Opnsense.
I'm just trying to make sure it will run ok at 900Mbps using PPPOE.
thanks
|
|
|
|
How many VPN users? Seems a pretty reasonable spec for a small number of concurrent users.
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
Thanks for the reply.
I currently run opnsense with my 80/20 FTTC and have no issues with it.
It's configured with an IPsec VPN that routes to my office and only one device connects via this.
The openVPN ( or wire guard) is used my all our homes wireless devices routing out via a 3rd party provider.
On the mini server I currently use I've never seen CPU usage go above 15%, but I know it wont cope with PPPOE at 900Mbps, which is why I'm looking for a replacement.
I think of buying a bare bones server and buying the memory and SSD locally.
This is what I'm considering: https://www.aliexpress.com/item/1005004360072281.html
Thanks
|
|
|
|
There's a couple of well known OPNsense users on here - maybe change your OP title to attract a bit more specific attention.
|
|
|
I run OPNsense on a Qotom with an i7 processor for my Gigaclear 1Gbps service. It works fine. I have a permanent VPN connection to another site where I have an FTTC service.
Michael Chare
|
|
|
On the mini server I currently use I've never seen CPU usage go above 15%, but I know it wont cope with PPPOE at 900Mbps, which is why I'm looking for a replacement.
What's the spec of the current mini server?
Routing at 1Gbps shouldn't be a problem for anything made in the last decade, neither is PPPoE, but it's the encryption that might bite you.
Your various types of VPNs *might* be able to use hardware-accelerated encryption, either AESNI instructions in the CPU or other hardware acceleration provided by the server, but as for *exactly* what acceleration works with OPNsense you're probably best off asking on an OPNsense forum. I wouldn't want to recommend that you buy that N100 server only to find it didn't perform.
Equally though, I'd suggest you try your existing server on FTTP - you might be surprised how well it *does* perform. You can't simply scale up 15% CPU x 900/80 to get a valid estimate of performance. Maybe you don't need to buy anything at all.
|
|
|
|
Doesn't look like I can change the title of my original post.
|
|
|
|
The current server has 8GB ram and 128GB SSD with a AMD GA420CA CPU.
From what I've read, as PPPOE only uses a single this won't cope.
Thanks
|
|
|
|
What are you going to lose if you hold off buying any new kit until you've tried your existing kit to see if it does work? Best case you might save a few bob or worst case you might have a couple of days when your new connection is not running at full speed.
|
|
|
|
That is a good suggestion.
I'm also planning on getting the basic router from my ISP, so that will give me the speeds if needed. I can then test what I've got an see how it performs.
|
|
|
The current server has 8GB ram and 128GB SSD with a AMD GA420CA CPU.
From what I've read, as PPPOE only uses a single this won't cope.
Thanks: embedded CPU, 4 core/4 thread, 2.0GHz
This OPNsense forum post claims 1Gbps PPPoE on an similar Intel J5005:
https://forum.opnsense.org/index.php?topic=27049.msg...
(base CPU 1.5GHz, boost to 2.8GHz)
I think you should just try it and see. This also depends on whether you want to stick with BSD-based OS; using something Linux-based might perform a lot better for PPPoE on the same hardware.
|
|
|
The current server has 8GB ram and 128GB SSD with a AMD GA420CA CPU.
From what I've read, as PPPOE only uses a single this won't cope.
Thanks: embedded CPU, 4 core/4 thread, 2.0GHz
This OPNsense forum post claims 1Gbps PPPoE on an similar Intel J5005:
https://forum.opnsense.org/index.php?topic=27049.msg...
(base CPU 1.5GHz, boost to 2.8GHz)
I think you should just try it and see. This also depends on whether you want to stick with BSD-based OS; using something Linux-based might perform a lot better for PPPoE on the same hardware.
The problem with PPPoE is you can't really multi thread it. Those boxes running OPNsense run so much better when PPPoE isn't used.
|
|
|
As far as I'm aware I don't have the option of not using PPPOE 
|
|
|
I'm thinking a N100 mini pc with 16GB ram and 128 GB SSD running Opnsense.
I'm just trying to make sure it will run ok at 900Mbps using PPPOE.
I had an N5105 box running Proxmox and OPNSense in a VM and it handled 1000/1000 with ease. My current box is an N305 and has OPNSense on Proxmox with 2 vCPU and 4GB assigned RAM and it handles my connection while barely tickling the CPU.
Note: not using PPPoE for mine, it's DHCP. Are you sure your ISP is using this - I thought this was quite unusual for FTTP connections these days?
Edited by daern (Sun 12-Jan-25 16:57:38)
|
|
|
|
PPPoE unusual for FTTP, I don't think so. All Openreach FTTP for ISP's using the BT Wholesale network it is PPPoE so that must be a large number.
|
|
|
Sky over Openreach doesn’t use PPPoE. I suspect others.
25 years of broadband connectivity since Sep 1999 trial - Live BQM
|
|
|
|
DHCP / IPoE: Sky and TalkTalk are the biggies over Openreach. TalkTalk (Biz) however revert to PPPoE on Openreach. Obv they’re not using the BTW network.
|
|
|
The current server has 8GB ram and 128GB SSD with a AMD GA420CA CPU.
From what I've read, as PPPOE only uses a single this won't cope.
Thanks
As others have said, just “run what you brung” and check.
I suspect your current box will be just fine with PPPoE and terminating any VPN tunnels with aplomb. Run a CPU check to confirm what’s going on. The hamster inside will probably be asleep 😅
|
|
|
|
As others said, see how your existing box copes before you think about buying new hardware. My OPNsense box (Beelink EQ12) has an N100, 16GB DDR5 and dual 2.5GHz Intel NICs, and it handles gigabit FTTP with PPPoE (Aquiss) perfectly. It's only running Unbound and Netflow but barely hits 30% CPU while delivering 940/110 over speedtest. If all else fails, an N100 will do you fine.
|
|
|
Its enough for gigabit even on PPPoE.
The OS now does RSS, and on top of that you can enable load balancing for Network packets to smooth out RSS.
When you do this the WAN interface will still not be spread out much, but of course the LAN interface has to transfer data as well, the LAN side will spread out across cores.
There is further tuning you can do, there is a lot of optimisations due to new features in the drivers, but they not set by default due to the developers being very cautious, I do plan to make a guide soon on what they are.
|
|
|
As others have said, try it and see.
I'm on Zen, so my connection's on a PPPoE session. My original Qotom mini PC, bought over 7 years ago, had an i5-5200U with 8GiB RAM and was good for 900Mbps on OPNsense with Zenarmor running. It also had a number of IPSec tunnels and an OpenVPN server running just fine.
I've just replaced it with an N100 based mini PC, as I needed 2.5Gb ports, and it's easily hitting 1.6Gbps on my upgraded connection. Wireguard has replaced OpenVPN without issue. It's been a awhile since I've had to use IPSec, but I can't see that being an issue either.
Edited by Noolah (Mon 13-Jan-25 08:58:35)
|
|
|
Note: not using PPPoE for mine, it's DHCP. Are you sure your ISP is using this - I thought this was quite unusual for FTTP connections these days?
Most ISPs use the same for both FTTC and FTTP, and the vast majority use PPPoE.
The exceptions are Talktalk, Sky, and some altnets.
|
|
|
|
Thanks for the comments.
I'm ordering the FTTP this week and will see how the current box copes.
The CPU single core score is quite a lot lower than some of the other CPU's I've seen, but It won't do any harm to test it.
|
|
|
The N100/N305 boxes are so reasonable and should cope with PPPoE at 1000/1000 but possibly not at that speed for VPN.
I can get around 300mbit from an N100 using OpenVPN or 700mbit on wireguard but my OPNSense is virtualised and only using 2 cores so may go higher running baremetal.
If this is for business use then an official Deciso device would be a good option.
OPNSense on Topton N100 - SWISH Fibre 900
NextDNS (subscription) - Unifi for Wifi
My Broadband Ping |
|
|
|
Thanks.
This is for home use.
I'm happy with 300+ for the VPN's.
Thanks
|
|
|
I'm on City Fibre through Zen.
I'm getting 1Gps throughput on a Celeron J6412 with 8GB RAM on PPPoE with Opnsense. I've not tested with openvpn above 500mbs but that was fine as well.
CPU does't spike, and temps are fine.
I did have a J5005 in a Dell 5070 and that was fine with 500mbs.
Pipex
Nildram
UKFSN
Be *
Xilo / Uno
Zen
BT
Now -> Zen (Cityfibre)
|
Pages in this thread: 
Print Thread
