How about running ZeroTier on those Linux boxes and call it a day? https://www.zerotier.com/
-Mike > On Feb 10, 2022, at 10:07, David Guo via NANOG <nanog@nanog.org> wrote: > > > You may try WireGuard and use ddns > > From: NANOG <nanog-bounces+david=xtom....@nanog.org> On Behalf Of William > Herrin > Sent: Friday, February 11, 2022 2:02 AM > To: nanog@nanog.org > Subject: VPN recommendations? > > Hi folks, > > Do you have any recommendations for VPN appliances? Specifically: I need to > build a site to site VPNs at speeds between 100mpbs and 1 gbit where all but > one of the sites are behind an IPv4 NAT gateway with dynamic public IP > addresses. > > Normally I'd throw OpenVPN on a couple of Linux boxes and be happy but my > customer insists on a network appliance. Site to site VPNs using IPSec and > static IP addresses on the plaintext side are a dime a dozen but traversing > NAT and dynamic IP addresses (and automatically re-establishing when the > service goes out and comes back up with different addresses) is a hard > requirement. > > Thanks in advance, > Bill Herrin > > -- > William Herrin > b...@herrin.us > https://bill.herrin.us/
