[aklug] Re: OT(?): Remote Access VPN

On Tue, Oct 20, 2015 at 12:42 PM, Royce Williams <royce@tycho.org> wrote:
> On Tue, Oct 20, 2015 at 11:18 AM, Christopher Howard
> <christopher.howard.asi@gmail.com> wrote:
>>
>> So, now I am trying to figure out if it is worth monkeying around with this some more to get it working, or if I should look at some other approach. Maybe just put a small Linux box on the network and run a FOSS VPN server from it? (I'm imagining complications down the road trying to get user authentication tied into the AD system if we eventually get multiple users.) I looked on our gateway router but didn't see any kind of VPN functionality.
>
>
> pfSense -- hands down. GUI, functionality, performance. The OpenVPN
> setup wizard is great. You can cobble together a proof of concept
> with any PC with two NICs and a hard drive. Give it a spin and you'll
> see what I mean.
>
> Since you want the box to just run 24x7, going fanless and motionless
> (CF or SSD) would be good.
>
> Board (Google for APU1D4):
>
> http://www.pcengines.ch/apu1d4.htm
>
> I used to only get them straight from Netgate, but they're only
> offering in bulk right now because they're biasing towards pfSense
> store boxes instead -- same people.
>
> Other sellers:
>
> http://www.pcengines.ch/order.php
>
> ... or order direct from PC Engines:
>
> http://www.pcengines.ch/order1.php?c=4
>
> For ~$250 shipped, you can be up and rolling with an enterprise-grade
> firewall. Buy two and you can set them up in HA. :)
>
> Also, buy an inexpensive UPS at Costco, get a new battery from Frigid
> every ~22 months, and hook up the modem, wireless, and firewall to it
> so that you have good uptime - and connectivity during local power
> outages.

Also, definitely get the board with more RAM. You'll have more kernel
headroom for blacklists, and more general room for squid, etc.

Royce
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Oct 20 12:53:03 2015