I can pick up a cheap HP machine with this proc (AMD A4-5300B and 4GB of RAM. I'd buy a dual nic Intel board.
This proc supports AES-NI.
I have gigabit FIOS service.
What sort of speed might I get from OpenVPN using an AES cipher?
Any thoughts on the suitability of this type of machine? I'd end up using my R7800 as a wireless AP.
Thanks.
Andrew
Hard to get excited about a 65 W chip with mediocre performance.
My thought was mediocre performance with AES-NI would be better for OpenVPN than the R7800. Perhaps I'm wrong?
Andrew
When looking at always-on devices, it rarely makes sense to re-use a device originally targeted at different use cases - unless very careful consideration and focusing has gone into the original scoping for low idle power consumption. For devices running 24/7 even small'ish deltas in power consumption can make a huge difference and basically pay for a new purpose-built device in a year or less (just on electricity and/ or cooling costs saved). E.g., if a device comes with a discrete graphics card, it's basically out of the consideration (because that means at least +20 watts idle power consumption, much more for gamer graphics).
If an Intel system is pre-haswell (11-15 watts idle possible with haswell or newer), you're looking >35 watts idle for ivy-bridge or >60 watts idle for sandy-bridge - and 110-130 watts idle for anything before that. For Intel atom based systems you want at least baytrail-d (and you don't really want baytrail-d either, because of serious silicon bugs affecting ACPI and deep c-states - but at least they give you low idle power consumption (6 watts) and considerable performance).
For AMD, the situation is a bit more difficult - the old APUs are a bit long in the tooth (and not as low power as comparable Intel systems)[1], for the ryzen generation the corresponding low-power APUs haven't really arrived yet.
Unless you really need the power most of the time, you don't want (real-) octo-cores (plus HT) either, as Intel has rushed them to market in shock, because they didn't have anything to compete with ryzen on the high-end, with idle power being irrelevant during the rushed development.
--
[1] The pcengines apu2 is a bit of an outlier here, yes, it isn't a performance monster either and can just barely do 1 GBit/s routing at wirespeed under linux (not quite, but almost under FreeBSD) - and certainly not at all with SQM enabled or, beware, running a VPN, nor does it provide any kind of graphics output, but it does provide >2 (three) ethernet interface plus the ability to connect two WLAN cards in a small form factor and low idle power consumption.
It'll be fine, it's not great by any means (nor is the PC-Engine PCs but they use less power) but do some simple math comparing total costs between a router and a PC including electricity. At least in Europe in general the cost for electricity is very low in general so it'll take many years before it'll add up to a considerable amount. Given that you at least earlier you could get a WRT32*-box for around 100$ from Amazon it's probably hard to beat that but AMD64 platforms are much less PITA to use in the end even if ARM etc are much friendlier now than just a few years ago.
Also, without turning this into a holy war I would highly recommend you to consider pfsense or opnsense if you're going the AMD64 (x86-64) route as it'll most likely give you a more pleasant experience overall as it's not as heavily targeted device with very limited resources. Downside is that wifi support is not as good but most people just get a separate AP/router which ofc can run OpenWRT etc.
As far as OpenVPN performance goes (in general, I highly doubt you'll see much difference on Linux)
https://protectli.com/kb/openvpn-performance/ - FW6A should have similar single core performance, keep in mind that cipher matters greatly and 256-bit is slow. https://calomel.org/aesni_ssl_performance.html
I pay about US$0.30 per kWh.
40 W * 24 (hours/day) * 365 (days/year) / 1000 (kW/W) * $0.30 > $100 per year
If you're in a hot climate with A/C, raise that further as you've got to remove that much heat from the room as well.
It was well worth it to purchase a Intel Xeon E3-1265L V2 to replace a power-hungry CPU in one of my infrastructure servers, as well as to replace the oversized and inefficient 1U power supply.
Years ago, I went from a 1.1 GHz AMD Duron running as LAN server a bit over roughly half of the day (110 watts) to a Atom N270 based Mini-ITX device (18 watts) running 24/7, at the end of the year the electricity bill shrank by ~200 EUR (total system costs were ~230 EUR) - now I'm on a 6 watts baytrail-d system. Yes, both Atom systems have been bought with an eye on minimizing idle power consumption (DC-DC power, directly from a Notebook PSU, 2.5" HDD, CPU-graphics), but those are easy tasks when considered while buying/ assembling the device and not anything special.
OpenVPN is single threaded, so having multiple cores w/o mutiple OpenVPN instances is just wasting power. Basically, 2-core Atom with TDP of 5W might perform as well as older 4-core AMD CPU drawing 60W. Expect ~200Mbit VPN speed with 256-bit AES
I'd also say look at Wireguard instead of OpenVPN unless you need OpenVPN for other reasons. It is that much faster and easier on procs.
I'd say look at an Intel NUC type device, it can also be used for other services as time goes on, maybe as a NAS with Plex/Emby on top of a VPN server.
Just for fun, I did "real world" benchmark of my OpenVPN setup with iOS client.
Server: x86 Atom running OpenWRT
Client: iPhone 8
iPhone connected through my friends 100/100Mbit fibre (using 5GHz WiFi) and my server was also on 250Mbit fibre (albeit different ISP).
All traffic was tunnelled thru VPN. Result: 86Mbit Using DSL reports.
This is including all the overhead of iPhone -> WiFi, then Internet Exchange to change carrier, then my router, then back to Internet from my router again.
iPhones have really powerful CPU's!