+1 to Royce on this one. I have been running the pfSense firewall since the
original M0n0wall... and I have some in service over 10 years old, just
upgrade the OS and swap hardware when needed. Like all things, there is a
learning curve, but the web ui is simple and you will probably never need
another router again.
VPN on pfSense is more a matter of ram/cpu if you go with commodity
hardware. There used to be a limitation of 16 concurrent connections on a
pptp vpn, for instance, but at some point it was clarified by resource
requirement and not an arbitrary number.
Good luck, report back on your choice please.
_____ _____
/\___ \/\ __`\
\/__/\ \ \ \_\ \
_\ \ \ \ ,__/
/\ \_\ \ \ \/
\ \____/\ \_\
\/___/ \/_/
907-748-2200JP Technical <http://www.jptechnical.com/>helpdesk@jptechnical.com
On Sun, Feb 23, 2014 at 1:18 PM, Royce Williams <royce@tycho.org> wrote:
> Site-to-site VPN, or road-warrior/remote-access VPN?
>
> Either way, pfSense! :-) It's a phenomenal firewall, and also does
> both IPSec and OpenVPN. GUI setup for both is pretty easy.
>
> If site-to-site, how much bandwidth? My ALIX 2d13 board has and
> onboard Geode crypto accelerator such that <10Mbit VPN should be
> doable, or you can get an add-on card that will take it to 30Mbit (but
> it's ~$80 eBay). If you go ALIX 2d13, it's only has 256M RAM, which
> is cutting it close for pfSense, so I added a low-profile USB key as a
> swap partition. It turns out that it just needs a little more that
> 256M of RAM, and doesn't swap very quickly/frequently, so swapfile on
> USB has actually been quite fine.
>
> My total cost including board, case, power, CF card, shipping, and a
> 4G USB (bought later) was less than $240. Power consumption is <12W,
> which is a cost consideration as well.
>
> Or you could repurpose a 512M+ Intel or AMD box with two NICs (or add
> a NIC). Intel NICs recommended. Likely to eat more power than the
> ALIX, though.
>
> More on VPNs on pfSense:
>
> https://doc.pfsense.org/index.php/Category:VPN
>
> I actually have a spare ALIX right now that you could try out.
>
> Royce
>
> On Sun, Feb 23, 2014 at 12:59 PM, Mike <barjunk@attglobal.net> wrote:
> >
> > Folks,
> >
> > I'm looking for a recommendation on a firewall that provides vpn
> services on
> > it.
> >
> > I know it is possible to have a server or some other box behind the
> > firewall, but I'm looking to consolidate this on to one machine.
> >
> > This is for a non-profit so the commercial devices that cost more than
> $300,
> > really aren't an option for us.
> >
> > Suggestions?
> >
> > Mike B.
> > ---------
> > To unsubscribe, send email to <aklug-request@aklug.org>
> > with 'unsubscribe' in the message body.
> >
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Feb 24 09:13:46 2014
This archive was generated by hypermail 2.1.8 : Mon Feb 24 2014 - 09:13:46 AKST