On Wed, Jun 8, 2016 at 6:31 AM, David White <dmwhite...@gmail.com> wrote:
> I didn't think I would have to setup a new server / port for each remote > office. I thought that, with the SSL/TLS setup, I could have a single > server and configure it so that clients can see & interact with each other. > When you configure the OpenVPN server side, you need to specify the remote IP network. How will you do that for 20 different remote sites with one server config? The IPSec config will be much cleaner, I think, and much lower overhead. With either case, make sure you have hardware crypto support (usually that means AES-NI feature in your CPU) and choose the ciphers that are supported by it, specifically AES128 (or AES256) with SHA. The clients could probably get away without the hardware acceleration, but if you are pushing lots of traffic through the hub then you will need it. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold