I have all of the above... my home router is a Sokris box running embedded PfSense. I haven't updated in way too long and it just runs. I have an IPSEC VPN tunnel that's up full-time to a PIX and it's rock-solid. I also use PPTP VPN for myself to get in from the outside world.
For this particular project we have a backup site with between 100-1000MB bandwidth, depending upon who's looking. Drop a baby PIX on it and look up the specs: throughput is around 60 Mbs but drop an 3DES VPN on the box and it drops to 3 Mbs. We built up a few boxes with more horsepower and are running about 300-400 Mbs. Question is how much do we suffer with an IPSEC VPN since we don't have any hardware acceleration. Not yet deployed so I was wondering if anyone else had any experience. On Jan 5, 2010, at 6:20 PM, Dustin Puryear wrote: > Ah, IPSEC tunnels. I used to play with some Linux and BSD based > firewalls, but ended up sticking with Cisco ASA's for when we need a > VPN > (like between Puryear and our colo). > > Regardless of what you pick, it's nice to be able to forget you even > have a VPN up. > > --- > Puryear IT, LLC - Baton Rouge, LA - http://www.puryear-it.com/ > Active Directory Integration : Web & Enterprise Single Sign-On > Identity and Access Management : Linux/UNIX technologies > > Download our free ebook "Best Practices for Linux and UNIX Servers" > http://www.puryear-it.com/pubs/linux-unix-best-practices/ > > -----Original Message----- > From: general-boun...@brlug.net [mailto:general-boun...@brlug.net] On > Behalf Of worms > Sent: Tuesday, January 05, 2010 4:42 PM > To: general@brlug.net > Subject: Re: [brlug-general] PfSense > > I'm running PfSense 1.2.2 at work and at home. I have several IPSec > tunnels setup between pfsense boxes and SonicWall NSA and TZ series > devices. The IPSEC tunnels have been flawless. > > Edmund Cramp wrote: >> I'm running 1.2.3-RELEASE which has been stable with no problems or > unexpected behaviors since it came out in December. I have it > installed > at work on an old 400MHz Celeron - WAN, LAN and DMZ plus the Squid > package at work. We're only on a 1.5Mbps cable connection with a > mail, > ftp and web server DMZ, plus a few users on the LAN so it's not very > busy - the PfSense graphs suggest the CPU is about 4-5% busy during > the > day. >> >> I have another copy running on an ALIX board with Wifi support at >> home > via PPPoE/DSL - I'd played with several different firewalls early last > year and PfSense has definitely been the easiest to work with so far. > There's a book about it too so the documentation is better than > average. >> >> We don't use IPSEC or VPNs but their forum is pretty active and what > I've seen suggests that your performance levels ought to be no problem > with more modern hardware. >> >> Regards, >> Edmund Cramp - e...@motion-labs.com >> Motion Lab Systems, Inc. - http://www.motion-labs.com >> 15045 Old Hammond Highway, Baton Rouge, LA 70816 USA >> Tel: 1.225.272.7364 (Central Time Zone, GMT-6) >> Fax: 1.225.272.7336 >> >> >> >> | -----Original Message----- >> | From: general-boun...@brlug.net >> | [mailto:general-boun...@brlug.net] On Behalf Of Keith Stokes >> | Sent: Monday, January 04, 2010 11:57 AM >> | To: general@brlug.net >> | Subject: Re: [brlug-general] Ping - Search for intelligent life >> | >> | I've used PfSense for years in several locations. I haven't >> | loaded up the newest version 2 yet but a friend has. >> | >> | Any idea of your performance level? Capable of keeping up >> | with 1 GB throughput, or even close? Any idea about >> | throughput on IPSEC VPNs? >> | >> | On Jan 4, 2010, at 10:29 AM, Edmund Cramp wrote: >> | >> | > It's been quiet here recently - much quieter since Dustin played >> | > whack-a-mole with some discussion a while back ... Maybe we're >> all > >> | > busy trying to make a living in the current economic climate? >> | > >> | > Update - I've been plying with the latest PfSense firewall >> | build (OK >> | > so it's more BSDish than Linuxish) and it's quite a nice >> | snappy little >> | > firewall that makes building rules almost fun ... Can that >> | be so bad? >> | > http://www.pfsense.org >> | > >> | > Regards >> | > Edmund Cramp >> | > -- >> | > There are only two industries that refer to their customers as >> | > 'users'. >> | > - Edward Tufte >> >> >> _______________________________________________ >> General mailing list >> General@brlug.net >> http://mail.brlug.net/mailman/listinfo/general_brlug.net >> > > _______________________________________________ > General mailing list > General@brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > _______________________________________________ > General mailing list > General@brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net -- Keith Stokes _______________________________________________ General mailing list General@brlug.net http://mail.brlug.net/mailman/listinfo/general_brlug.net
