Ok
I may have gone overboard with the configuration.
Here is my network configuration:
Site 1)
Internet Speed: 100/100
OpenVPN with 2-3 users
IPSec connecting to Site 2
Zones:Red-Green-Blue
About 10 computers connected to the Green and about 5 to Blue
Site 2)
Internet Speed: 25/5 (but could go up to 50/50 in the near future)
OpenVPN with 2-3 users
IPSec connecting to Site 1
Zones:Red-Green-Blue
About 6 computers connected to the Green and about 5 to Blue
Both sites are using an HP 6200 Pro with i5-2500 CPU @ 3.30GHz and 16Gig of RAM 128G SSD drive.
Now, I have 2 desktops (which were used to run IPCop) collecting dust.
Both are using an Intel DQ45CB motherboard with Pentium 4 3.4GHZ/2M and 4Gig RAM. IPCop in both cases was deployed on a IDE 16 GB 266x CompactFlash Memory Card.
Here is my question:
If I were to migrate my 2 systems (I5) over to the old HW, what should I expect to lose in terms of performance (if any)? I don't believe that the Intel P4 supports AES-NI.
Also, would you suggest using the IDE CF Card?
Thanks
Renato
Also,
I may have oversized my ipfire systems!
Re: I may have oversized my ipfire systems!
If you not use snort or clamav also the P4 systems are oversized. But in comparison the P4s may need more electrical power...
I would suggest to not use the cf cards if possible, a small/cheap sata ssd (e.g. kingston 128G / 25EUR) is much more reliable (better wear leveling) and faster.
AES-NI is not a must have if the cpu is fast enough. But even a 1.2Ghz arm7 (Allwinner H2+) can handle 40Mbit via IPSec with AES256.
I would suggest to not use the cf cards if possible, a small/cheap sata ssd (e.g. kingston 128G / 25EUR) is much more reliable (better wear leveling) and faster.
AES-NI is not a must have if the cpu is fast enough. But even a 1.2Ghz arm7 (Allwinner H2+) can handle 40Mbit via IPSec with AES256.
Arne
Support the project on the donation!
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.
Support the project on the donation!
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.
-
renatohtpc
- Posts: 13
- Joined: August 16th, 2018, 9:17 pm
Re: I may have oversized my ipfire systems!
Arne
Thanks for the reply.
Few more follow up questions.
Can I use a backup from the I5 and restore it on the P4? I am trying to avoid have to re-enter the DHCP Server and the Blue Access lists.
Is it possible to perhaps just restore those 2 lists?
Lastly, will this IPSec configuration still work on a P4?
Thanks
Renato
Thanks for the reply.
Few more follow up questions.
Can I use a backup from the I5 and restore it on the P4? I am trying to avoid have to re-enter the DHCP Server and the Blue Access lists.
Is it possible to perhaps just restore those 2 lists?
Lastly, will this IPSec configuration still work on a P4?
Renato
Re: I may have oversized my ipfire systems!
The backups of the settings are compatible but some databases like rrds for the graphs are arch depending so if you switch from x86_64 to i586 you need to clean some files after restore.
https://wiki.ipfire.org/installation/hardware-change
IPSec is compatible. It only need take some more CPU load.
https://wiki.ipfire.org/installation/hardware-change
IPSec is compatible. It only need take some more CPU load.
Arne
Support the project on the donation!
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.
Support the project on the donation!
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.
-
renatohtpc
- Posts: 13
- Joined: August 16th, 2018, 9:17 pm
Re: I may have oversized my ipfire systems!
Arne
just wanted to report back.
I have successfully migrated one of the 2 systems to the DQ45CB motherboard with Pentium 4 3.4GHZ/2M and 4Gig RAM.
I followed your advice and installed a 128GB SSD card.
I am also running Snort and Guardian.
I also added a TrueRNG V3 - USB Hardware Random Number Generator.
This is giving me a consistent AVG Entropy of 3368!
Here is the output of top:
top - 09:56:44 up 22:27, 1 user, load average: 0.04, 0.06, 0.01
Tasks: 98 total, 1 running, 58 sleeping, 0 stopped, 0 zombie
Cpu0 : 1.0%us, 1.0%sy, 0.0%ni, 95.3%id, 0.0%wa, 1.7%hi, 1.0%si, 0.0%st
Cpu1 : 1.0%us, 1.0%sy, 0.0%ni, 97.7%id, 0.0%wa, 0.3%hi, 0.0%si, 0.0%st
Mem: 3318652k total, 647816k used, 2670836k free, 113516k buffers
Swap: 829664k total, 0k used, 829664k free, 219928k cached
Thanks again for your support.
Renato
just wanted to report back.
I have successfully migrated one of the 2 systems to the DQ45CB motherboard with Pentium 4 3.4GHZ/2M and 4Gig RAM.
I followed your advice and installed a 128GB SSD card.
I am also running Snort and Guardian.
I also added a TrueRNG V3 - USB Hardware Random Number Generator.
This is giving me a consistent AVG Entropy of 3368!
Here is the output of top:
top - 09:56:44 up 22:27, 1 user, load average: 0.04, 0.06, 0.01
Tasks: 98 total, 1 running, 58 sleeping, 0 stopped, 0 zombie
Cpu0 : 1.0%us, 1.0%sy, 0.0%ni, 95.3%id, 0.0%wa, 1.7%hi, 1.0%si, 0.0%st
Cpu1 : 1.0%us, 1.0%sy, 0.0%ni, 97.7%id, 0.0%wa, 0.3%hi, 0.0%si, 0.0%st
Mem: 3318652k total, 647816k used, 2670836k free, 113516k buffers
Swap: 829664k total, 0k used, 829664k free, 219928k cached
Thanks again for your support.
Renato