On Tue, 9 Aug 2011, Robinson, Eric wrote: > This is admittedly off topic,
close enough and it's an interesting problem > but it also seems like a good place to ask the question. > We currently have a bunch of Juniper firewalls to handle > our VPN tunnels. We are pretty happy with them, but they > tend to max out at around 100-200 tunnels each because of > limitations in CPU performance. I would like to find a > good Linux alternative because I'm thinking that we should > be able to cram 500 tunnels onto a multi-core Xeon server > pretty comfortably. presumably your estimate is based on the known load for a given (smaller) number of tunnels? You'd need good nics with offload etc. > Does anyone know a good Linux-based firewall/VPN solution? > I've Googled, but mostly I just see references to OpenSWAN > and SmoothWall. That would probably be fine if I could > find some case studies where people used those tools in > high-load environments. as for this project, developers usually don't have a setup they can test at full bore and rely on users to let them know what they get. a quick search with google doesn't show anything useful for Smoothwall performance, which is not good for a product that's been out for 10-12 years. I expect someone would have flogged the box of the day (400MHz Pentium say) with increasing numbers of connections till the machine froze. Someone has tested the max throughput for one connection ;-\ I remember trying to setup OpenSWAN about 10yrs ago and giving up. It was too complex. There's another Linux VPN which also was horrific to setup, and I can't remember its name. I thought it might be OpenVPN, but on going to that webpage, it looks like a glitz soaked commercial product. No wonder Juniper has the market cornered Hope you find something. Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
