VPNClient Network Distributor PC

[Aelita Sophie]

So this is actually for a friend of mine. As he is a pretty big deal on Youtube in The Netherlands. Due his popularity, there are of course also a few haters. That is all fine and dandy, until they start DDOSing him everytime he tries to livestream. (Between 2000 and 6000 live-viewers respectively. 700k and 166k subs)

He has a "business" internet connection which allows him to switch between a set of 5 IPv4 adresses, though that is an hassle for him, as he doesn't know how to actually change it and I live at the other side of the country. So he tried using proxy servers, but they always lack speed and aren't always use able in every situation. And still, somehow his IP-Address still get leaked. (Someone might connect to Skype by WiFi without proxy settings etc)

As he will be moving in a few weeks I came up with a plausible solution. A VPN connection that delivers for the entire network with redundancy. As most datacenters these days have a decent "DDOS Protection" that can take on most small to medium sized attacks without a hiccup. I tested it out for him, to see if its doable and so far with a DHCP server + Routing server that Routes all trafic through the VPN it seems to work quite decently. Now for in practice I need a machine that is capable to encrypt the data on the go towards the VPN and back. The network is filled with a few "high-end" desktops for his production needs. As far I am aware OpenVPN is highly a single threaded piece of software that gets most of its performance out of single core performance. This need to work out on both sides.

Datacenter part is covered, as we will setup several Cloud and baremetal servers that are ready for action in a redundant setup.

The main thing is the rig that is going to control this from his end. Budget isn't an issue, but every single cents needs to make sense. So things like a dedicated GPU is out of the question.

He doesn't need top reliability so Xeon processors seem unnecessary if you ask me, but if you think differently, by all means, enlighten me. A small footprint will be nice. The system will ONLY be used for routing the network, handle DHCP and being a client of a VPN server.

 

This is the rig I've got listed so far.

 

• Intel Core i3-7350K (Will probably be overclocked if more single core performance is needed)
• ASRock Z270M-ITX/ac (WiFi will be disabled for security reasons. Dual 1GBe NIC is a neccesity, ITX for footprint)
• Cooltek Coolcube (Small footprint, decent quality, nothing fancy)
• Noctua NH-L9i (Quiet operation and some headroom for possible overclocking needs)
• Corsair Vengeance LPX CMK8GX4M2A2133C13 8GB DDR4-2133Mhz Dual Channel. (4GB would've been enough, but I kinda lean towards Dual-Channel being a must-have)
• Sharkoon WPM400 Bronze (Only be needing the CPU Pins and the 24 Pins)
• Mushkin Atlas Vital M.2 120GB (No cables, cheapest M.2 SSD on the Dutch market as far as I can find. Don't need solid IOPS afaik. Just a decent boottime)

 

I would like any suggestions for the build or even things I might have overlooked for the whole setup in general. Opinions are highly valued and appreciated.

[Electronics Wizardy]

Ya really don't need that fast of a system for a vpn. A atom will be more than enough. your not putting much bandwidth on it anyways.

 

Also, id run pfsense on it if you wernt going to already

 

for storage a usb drive will work fine

 

you

[Aelita Sophie]

3 minutes ago, Electronics Wizardy said:

Ya really don't need that fast of a system for a vpn. A atom will be more than enough. your not putting much bandwidth on it anyways.

 

Also, id run pfsense on it if you wernt going to already

 

for storage a usb drive will work fine

 

you

First, thanks for your reply!

I've tested it in a virtual environment. Where I allocated 2 cores of my i7 4770k to the "VPNClient+DHCP+Routing" machine with a cap of 25% to simulate a low-performance CPU and 2 Cores to a standard Windows 10 VM to simulate network usage. When just doing a simple speedtest, I did run into a bottle neck of a maximum of 40mbit down. (Got a 300mbit connection, the VPN server in this situation has a Gbit Up/Down link). And I saw the CPU usage spiking to 95%. I assumed a CPU bottleneck in this case. Granted it was running on Microsoft Hyper-V, with Windows Server 2016 installed on the VM. The person for who this is intended to has a 500mbit connection, and seem to use it quite extensively. His "edit" monkeys also allocate bandwidth.

 

I've read into PFSense a bit, a while back. But wasn't really planning on using it, as I have very little experience with it. Do you recommend using it in a short-term solution? As I need to have this system running in the first week of march. So Trial and Error is something I rather avoid for this situation. Unless you say it's fairly easy to setup and to accomplish what I want, then I would give it a shot.

 

As for storage, in pricing I don't think I could get the same boot times as with an M.2 SATA SSD. The person in question is .. impatient.

[Electronics Wizardy]

1 hour ago, Aelita Sophie said:

Do you recommend using it in a short-term solution?

You seem to want a router, this will act as a router and a vpn client.

 

For speed, that seems to user more than i though. You would probably be fine with a pentium.

 

1 hour ago, Aelita Sophie said:

As for storage, in pricing I don't think I could get the same boot times as with an M.2 SATA SSD. The person in question is .. impatient.

Why turn it off? Id just leave the router running all the time.

 

[Aelita Sophie]

Just now, Electronics Wizardy said:

You seem to want a router, this will act as a router and a vpn client.

 

For speed, that seems to user more than i though. You would probably be fine with a pentium.

 

Why turn it off? Id just leave the router running all the time.

 

I'll tinker around with PFSense the next few days then. If I'm not mistaken it has a build-in vpn-client right?

 

What pentium would you suggest?

 

This is more for maintenance or for any reason things crash or just acts weird. I don't expect it to be rebooted frequently, but the downtime needs to be as short as possible. As he tends to keep plugging in and out the power continuously if it doesn't boot fast enough.

[Electronics Wizardy]

Just now, Aelita Sophie said:

I'll tinker around with PFSense the next few days then. If I'm not mistaken it has a build-in vpn-client right?

open vpn is built in. Should work fine.

 

Just now, Aelita Sophie said:

What pentium would you suggest?

Id go g4560. Its kaby lake at 3.5 with hyperthreading for 65 bucks. Should be more than enough cpu power, and fiarly cheap.

 

 

2 minutes ago, Aelita Sophie said:

As he tends to keep plugging in and out the power continuously if it doesn't boot fast enough.

Umm....

 

Should still boot under a minute on usb. And pfsense is designed to run off a usb.

[Aelita Sophie]

Just now, Electronics Wizardy said:

open vpn is built in. Should work fine.

 

Id go g4560. Its kaby lake at 3.5 with hyperthreading for 65 bucks. Should be more than enough cpu power, and fiarly cheap.

 

 

Umm....

 

Should still boot under a minute on usb. And pfsense is designed to run off a usb.

Alright, ill discuss the CPU with the person. So in this case I wouldn't be needing a Z270 motherboard then. Do you've got any suggestions for a motherboard that has 2 GBe NICs in ITX format?

[Electronics Wizardy]

Just now, Aelita Sophie said:

Alright, ill discuss the CPU with the person. So in this case I wouldn't be needing a Z270 motherboard then. Do you've got any suggestions for a motherboard that has 2 GBe NICs in ITX format?

For nics, you can do it with one, but id probably just get a intel i350 nice and put it in the pcie slot. Most onboard nice are cheap realtec ones and suck.

 

http://www.ebay.com/itm/Intel-I350-T2-Ethernet-Adapter-DP-I350T2BLK-dual-port-gigabit-network-adapter-/391691791593?hash=item5b32a66ce9:g:OloAAOSwNnRYkK5X

 

Then get whatever board is cheap and works. http://pcpartpicker.com/product/4p4NnQ/msi-b250i-pro-mini-itx-lga1151-motherboard-b250i-pro

[Aelita Sophie]

4 minutes ago, Electronics Wizardy said:

For nics, you can do it with one, but id probably just get a intel i350 nice and put it in the pcie slot. Most onboard nice are cheap realtec ones and suck.

 

http://www.ebay.com/itm/Intel-I350-T2-Ethernet-Adapter-DP-I350T2BLK-dual-port-gigabit-network-adapter-/391691791593?hash=item5b32a66ce9:g:OloAAOSwNnRYkK5X

 

Then get whatever board is cheap and works. http://pcpartpicker.com/product/4p4NnQ/msi-b250i-pro-mini-itx-lga1151-motherboard-b250i-pro

Alright, thanks for your insights! I'll take it in consideration.