Yeah... that is probably the difference right there Royce. My
implementations are mostly less than 10 users, occasionally higher. There
is no central syslogging, just an RMM that pulls things to the cloud via
snmp. There was one that I put in where I streamed the logs and iirc it was
still running a CF card and I pre-emptively replaced it with a laptop drive
that would fit in the case. It probably would have kept going.
That might be an option if desirable. If the device can fit a full-size ssd
(not just CF card) then you can probably fit a laptop drive in there. I do
fondly miss being able to just run the whole thing from a thumb-drive. One
day I will revisit it, in my infinite spare-time ;-)
___ _______
| | |
| | _ |
| | |_| |
___| | ___|
| | |
|_______|___|
*JP (Jesse Perry)*
voice/txt: 907-748-2200
email: jp@jptechnical.com
web: http://jptechnical.com
support: helpdesk@jptechnical.com
On Tue, Oct 20, 2015 at 1:12 PM, Royce Williams <royce@tycho.org> wrote:
> JP, fair point about disk. I have six-year-old boxes doing pfSense,
> but they send syslog off-box and are light use. The APU boards use
> mSSD; IIRC, it used to be that you had to manually enable TRIM on
> FreeBSD; not sure if that's still the case.
>
> Royce
>
> On Tue, Oct 20, 2015 at 1:08 PM, JP <jp@jptechnical.com> wrote:
> > +1 for pfSense and OpenVPN. There is a howto on the forum for setting up
> > your AD for RADIUS and the pfsense will use this for authentication. This
> > works really well.
> >
> > While I agree with Royce on the fanless, as regards the CF or SSD I have
> had
> > bad experiences with them. I tend to use the full capabilities of the
> > pfSense packages, and with all the logging and bandwidth monitoring
> services
> > running I have killed every SSD device I have used. It might take a year,
> > but it dies at the most inopportune time; I admit it may be that I am
> > failing to configure something correctly. And when it does die, I have
> more
> > trouble finding a suitable ssd device whereas I can grab an hard drive
> from
> > anywhere.
> >
> > On the contrary, I rarely have to replace a spinning drive, and if I do
> then
> > if I am worried about it I set it up so SMART warns me before it just up
> and
> > dies. In the end, I opt for surplus desktops as I pretty much never have
> to
> > worry about space to locate it, or for electrical constraints. The ease
> of
> > maintaining a desktop box, when you have a couple dozen out there, is
> pretty
> > appealing.
> >
> > This is where M0n0wall had it right... CD for the OS, loads to memory
> then
> > spins down, keeps config on floppy that is read when booting and written
> > only when there is a config change. Upgrading the OS means replacing the
> CD.
> > Upgrade and feature needs outgrew this eventually. But i have warm fuzzy
> > memories of those old firewalls.
> >
> > I have used M0n0wall and pfSense for 15 years and aside from a cheap
> linksys
> > or netgear here and there it is the only firewall I will offer my
> clients.
> >
> > your mileage may vary. Just my $.02
> >
> > ___ _______
> > | | |
> > | | _ |
> > | | |_| |
> > ___| | ___|
> > | | |
> > |_______|___|
> >
> > JP (Jesse Perry)
> > voice/txt: 907-748-2200
> > email: jp@jptechnical.com
> > web: http://jptechnical.com
> > support: helpdesk@jptechnical.com
> >
> >
> > On Tue, Oct 20, 2015 at 12:42 PM, Royce Williams <royce@tycho.org>
> wrote:
> >>
> >> On Tue, Oct 20, 2015 at 11:18 AM, Christopher Howard
> >> <christopher.howard.asi@gmail.com> wrote:
> >> >
> >> > So, now I am trying to figure out if it is worth monkeying around with
> >> > this some more to get it working, or if I should look at some other
> >> > approach. Maybe just put a small Linux box on the network and run a
> FOSS VPN
> >> > server from it? (I'm imagining complications down the road trying to
> get
> >> > user authentication tied into the AD system if we eventually get
> multiple
> >> > users.) I looked on our gateway router but didn't see any kind of VPN
> >> > functionality.
> >>
> >>
> >> pfSense -- hands down. GUI, functionality, performance. The OpenVPN
> >> setup wizard is great. You can cobble together a proof of concept
> >> with any PC with two NICs and a hard drive. Give it a spin and you'll
> >> see what I mean.
> >>
> >> Since you want the box to just run 24x7, going fanless and motionless
> >> (CF or SSD) would be good.
> >>
> >> Board (Google for APU1D4):
> >>
> >> http://www.pcengines.ch/apu1d4.htm
> >>
> >> I used to only get them straight from Netgate, but they're only
> >> offering in bulk right now because they're biasing towards pfSense
> >> store boxes instead -- same people.
> >>
> >> Other sellers:
> >>
> >> http://www.pcengines.ch/order.php
> >>
> >> ... or order direct from PC Engines:
> >>
> >> http://www.pcengines.ch/order1.php?c=4
> >>
> >> For ~$250 shipped, you can be up and rolling with an enterprise-grade
> >> firewall. Buy two and you can set them up in HA. :)
> >>
> >> Also, buy an inexpensive UPS at Costco, get a new battery from Frigid
> >> every ~22 months, and hook up the modem, wireless, and firewall to it
> >> so that you have good uptime - and connectivity during local power
> >> outages.
> >>
> >> Royce
> >> ---------
> >> To unsubscribe, send email to <aklug-request@aklug.org>
> >> with 'unsubscribe' in the message body.
> >>
> >
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Oct 20 13:18:51 2015
This archive was generated by hypermail 2.1.8 : Tue Oct 20 2015 - 13:18:51 AKDT