[aklug] Re: VPN on the edge firewall

From: Scott A. Johnson <scott.a.johnson@gmail.com>
Date: Thu Feb 27 2014 - 22:05:47 AKST

+1 for pfSense. Been using it for several years. Rock solid. Many VPN
options.

Scott

On Sun, Feb 23, 2014 at 1:18 PM, Royce Williams <royce@tycho.org> wrote:

> Site-to-site VPN, or road-warrior/remote-access VPN?
>
> Either way, pfSense! :-) It's a phenomenal firewall, and also does
> both IPSec and OpenVPN. GUI setup for both is pretty easy.
>
> If site-to-site, how much bandwidth? My ALIX 2d13 board has and
> onboard Geode crypto accelerator such that <10Mbit VPN should be
> doable, or you can get an add-on card that will take it to 30Mbit (but
> it's ~$80 eBay). If you go ALIX 2d13, it's only has 256M RAM, which
> is cutting it close for pfSense, so I added a low-profile USB key as a
> swap partition. It turns out that it just needs a little more that
> 256M of RAM, and doesn't swap very quickly/frequently, so swapfile on
> USB has actually been quite fine.
>
> My total cost including board, case, power, CF card, shipping, and a
> 4G USB (bought later) was less than $240. Power consumption is <12W,
> which is a cost consideration as well.
>
> Or you could repurpose a 512M+ Intel or AMD box with two NICs (or add
> a NIC). Intel NICs recommended. Likely to eat more power than the
> ALIX, though.
>
> More on VPNs on pfSense:
>
> https://doc.pfsense.org/index.php/Category:VPN
>
> I actually have a spare ALIX right now that you could try out.
>
> Royce
>
> On Sun, Feb 23, 2014 at 12:59 PM, Mike <barjunk@attglobal.net> wrote:
> >
> > Folks,
> >
> > I'm looking for a recommendation on a firewall that provides vpn
> services on
> > it.
> >
> > I know it is possible to have a server or some other box behind the
> > firewall, but I'm looking to consolidate this on to one machine.
> >
> > This is for a non-profit so the commercial devices that cost more than
> $300,
> > really aren't an option for us.
> >
> > Suggestions?
> >
> > Mike B.
> > ---------
> > To unsubscribe, send email to <aklug-request@aklug.org>
> > with 'unsubscribe' in the message body.
> >
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
> 

-- 
Scott A. Johnson
scott.a.johnson@gmail.com
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Feb 27 22:07:16 2014

This archive was generated by hypermail 2.1.8 : Thu Feb 27 2014 - 22:07:17 AKST