On Tue, 2011-08-09 at 20:27 +0000, Robinson, Eric wrote: > This is admittedly off topic, but it also seems like a good place to ask > the question. We currently have a bunch of Juniper firewalls to handle > our VPN tunnels. We are pretty happy with them, but they tend to max out > at around 100-200 tunnels each because of limitations in CPU > performance. I would like to find a good Linux alternative because I'm > thinking that we should be able to cram 500 tunnels onto a multi-core > Xeon server pretty comfortably. Does anyone know a good Linux-based > firewall/VPN solution? I've Googled, but mostly I just see references to > OpenSWAN and SmoothWall. That would probably be fine if I could find > some case studies where people used those tools in high-load > environments.
We're using OpenVPN for our client-to-server tunnels. For these connections it's quite easy to set up (sorry, Joe :p). By default it allows for 1024 simultaneous connections so that should at least suit your needs. For server-to-server connections we tend to set up IPSEC because most customers we deal with have an appliance that only speaks IPSEC. My experience with IPSEC is that it's a horror to debug if something goes wrong. I've made a script to generate client configurations/certificates (http://github.com/lkeijser/stonevpn) for OpenVPN that you might be interested in. Feel free to contact me off-list if you got any more questions. regards, Léon _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
