Re: automated site to site vpn recommendations
There is a downside to subscription pricing for the vendor: they don't get the instant cashflow they're used to. I know Cisco seems to be taking a tactic where only some product lines use subscriptions and the others are on a typical enterprise 3-5 year replacements cycle to provide Cisco with the large cash injections upon upgrade. Tim > On 30 Jun 2016, at 7:00 AM, Seth Mattinen wrote: > >> On 6/29/16 15:33, Eric Kuhnke wrote: >> My biggest issue with Meraki is the fundamentally flawed business model, >> biased in favor of vendor lock in and endlessly recurring payments to the >> equipment vendor rather than the ISP or enterprise end user. >> >> You should not have to pay a yearly subscription fee to keep your in-house >> 802.11(abgn/ac) wifi access points operating. The very idea that the >> equipment you purchased which worked flawlessly on day one will stop >> working not because it's broken, or obsolete, but because your >> *subscription* expired... > > > I'm sure most hardware makers would love to lock in a revenue stream of "keep > me working" subscriptions if they could get away with it. From the company's > perspective what's not to love about that kind of guaranteed revenue? > > I often wonder if Microsoft will someday make Office365 the only way to get > Office, which if you don't maintain a subscription your locally installed > copy of Word will cease to function. > > ~Seth
Re: automated site to site vpn recommendations
On Wed, 2016-06-29 at 16:00 -0700, Seth Mattinen wrote: > I often wonder if Microsoft will someday make Office365 the only way > to get Office, which if you don't maintain a subscription your > locally installed copy of Word will cease to function. I live for that day. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
Re: automated site to site vpn recommendations
On 6/29/16 15:33, Eric Kuhnke wrote: My biggest issue with Meraki is the fundamentally flawed business model, biased in favor of vendor lock in and endlessly recurring payments to the equipment vendor rather than the ISP or enterprise end user. You should not have to pay a yearly subscription fee to keep your in-house 802.11(abgn/ac) wifi access points operating. The very idea that the equipment you purchased which worked flawlessly on day one will stop working not because it's broken, or obsolete, but because your *subscription* expired... I'm sure most hardware makers would love to lock in a revenue stream of "keep me working" subscriptions if they could get away with it. From the company's perspective what's not to love about that kind of guaranteed revenue? I often wonder if Microsoft will someday make Office365 the only way to get Office, which if you don't maintain a subscription your locally installed copy of Word will cease to function. ~Seth
Re: automated site to site vpn recommendations
I treat Meraki like SmartNET. The subscription comes with lifetime support (TAC + Warranty), you do have support on your production network gear don't you? It's not like they trick you going into it either. I for one am a huge fan of the simplicity, it just works. Disclaimer: We use them. ~35 access points all around the world. *Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Wed, Jun 29, 2016 at 6:33 PM, Eric Kuhnke wrote: > My biggest issue with Meraki is the fundamentally flawed business model, > biased in favor of vendor lock in and endlessly recurring payments to the > equipment vendor rather than the ISP or enterprise end user. > > You should not have to pay a yearly subscription fee to keep your in-house > 802.11(abgn/ac) wifi access points operating. The very idea that the > equipment you purchased which worked flawlessly on day one will stop > working not because it's broken, or obsolete, but because your > *subscription* expired... > > If you want wifi with a centralized controller there's lots of ways to do > it at either L2 (Unifi APs and Unifi controller reachable on the same LAN > segment as the Unifis, or with its own management vlan), or with Unifi APs > programmed to find a controller by hostname/IP address (L3). > > > > On Wed, Jun 29, 2016 at 5:55 AM, Paul Nash wrote: > > > My biggest issue with Meraki is that their tech staff can run tcpdump on > > the wired or wireless interface of your Meraki box without having to > leave > > their desk. I have no reason to believe that they are malicious, or in > the > > pay of the NSA, but I am too paranoid to allow their equipment anywhere > > near me. > > > > Yes, they work well and the cloud control panel makes remote support a > > breeze; you have to decide how you feel about the insecurity. > > > > paul > > > > > On Jun 27, 2016, at 6:28 PM, Dan Stralka wrote: > > > > > > I would second Meraki for the situation you describe. I don't feel that > > > they are the most capable platform, they're expensive, and don't always > > > present you with all the information you'd need for troubleshooting. > > > However, the VPN offers great dynamic tunneling, instant-on > performance, > > > and are by far the simplest platform to offer a field person. They're > > also > > > tenacious - I've had them connect to the cloud management platform and > > > build a VPN under some trying circumstances. > > > > > > From a security standpoint, they will offer features that will impress > > for > > > the price (Sourcefire, inability to use if stolen, 802.1x, and remote > VPN > > > tunnel control), and we've found they punch above their weight and > their > > > APs perform fantastically. > > > > > > We deploy them worldwide many times per year in similar use cases, > > > sometimes with 150 users on the LAN. If your routing is simple, you can > > > define your security policies, and don't need crazy throughput on your > > VPN, > > > Meraki is the way to go. Be careful though: they have to be > continually > > > licensed to work and can get pretty expensive if you go for the higher > > end > > > gear. Thus far, we've been able to stick to the cheaper stuff and > > > accomplish our goals. > > > > > > Dan > > > > > > (end) > > > On Jun 27, 2016 6:01 PM, "Karl Auer" wrote: > > > > > >> On Mon, 2016-06-27 at 13:08 -0700, c b wrote: > > >>> In some cases... > > >> > > >> The words "in some cases" are a problem with any supposedly plug and > > >> play solution. > > >> > > >>> We really could use a simple solution that you > > >>> just flip on, it calls home, and works... > > >> > > >> ...but still requiring someone to enter credentials of some sort, > > >> right? Otherwise you have a device wandering about that provides look > > >> -mum-no-hands access to your corporate network. > > >> > > >> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, > USB > > >> for a wireless dongle or storage, and has a highly-scriptable > operating > > >> system. Not a bad platform. > > >> > > >> Regards, K. > > >> > > >> -- > > >> > ~~~ > > >> Karl Auer (ka...@biplane.com.au) > > >> http://www.biplane.com.au/kauer > > >> http://twitter.com/kauer389 > > >> > > >> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B > > >> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 > > >> > > >> > > >> > > >> > > > > >
Re: automated site to site vpn recommendations
My biggest issue with Meraki is the fundamentally flawed business model, biased in favor of vendor lock in and endlessly recurring payments to the equipment vendor rather than the ISP or enterprise end user. You should not have to pay a yearly subscription fee to keep your in-house 802.11(abgn/ac) wifi access points operating. The very idea that the equipment you purchased which worked flawlessly on day one will stop working not because it's broken, or obsolete, but because your *subscription* expired... If you want wifi with a centralized controller there's lots of ways to do it at either L2 (Unifi APs and Unifi controller reachable on the same LAN segment as the Unifis, or with its own management vlan), or with Unifi APs programmed to find a controller by hostname/IP address (L3). On Wed, Jun 29, 2016 at 5:55 AM, Paul Nash wrote: > My biggest issue with Meraki is that their tech staff can run tcpdump on > the wired or wireless interface of your Meraki box without having to leave > their desk. I have no reason to believe that they are malicious, or in the > pay of the NSA, but I am too paranoid to allow their equipment anywhere > near me. > > Yes, they work well and the cloud control panel makes remote support a > breeze; you have to decide how you feel about the insecurity. > > paul > > > On Jun 27, 2016, at 6:28 PM, Dan Stralka wrote: > > > > I would second Meraki for the situation you describe. I don't feel that > > they are the most capable platform, they're expensive, and don't always > > present you with all the information you'd need for troubleshooting. > > However, the VPN offers great dynamic tunneling, instant-on performance, > > and are by far the simplest platform to offer a field person. They're > also > > tenacious - I've had them connect to the cloud management platform and > > build a VPN under some trying circumstances. > > > > From a security standpoint, they will offer features that will impress > for > > the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN > > tunnel control), and we've found they punch above their weight and their > > APs perform fantastically. > > > > We deploy them worldwide many times per year in similar use cases, > > sometimes with 150 users on the LAN. If your routing is simple, you can > > define your security policies, and don't need crazy throughput on your > VPN, > > Meraki is the way to go. Be careful though: they have to be continually > > licensed to work and can get pretty expensive if you go for the higher > end > > gear. Thus far, we've been able to stick to the cheaper stuff and > > accomplish our goals. > > > > Dan > > > > (end) > > On Jun 27, 2016 6:01 PM, "Karl Auer" wrote: > > > >> On Mon, 2016-06-27 at 13:08 -0700, c b wrote: > >>> In some cases... > >> > >> The words "in some cases" are a problem with any supposedly plug and > >> play solution. > >> > >>> We really could use a simple solution that you > >>> just flip on, it calls home, and works... > >> > >> ...but still requiring someone to enter credentials of some sort, > >> right? Otherwise you have a device wandering about that provides look > >> -mum-no-hands access to your corporate network. > >> > >> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB > >> for a wireless dongle or storage, and has a highly-scriptable operating > >> system. Not a bad platform. > >> > >> Regards, K. > >> > >> -- > >> ~~~ > >> Karl Auer (ka...@biplane.com.au) > >> http://www.biplane.com.au/kauer > >> http://twitter.com/kauer389 > >> > >> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B > >> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 > >> > >> > >> > >> > >
Re: automated site to site vpn recommendations
Lorenzo did a MUM presentation(https://www.youtube.com/watch?v=VeZetH9uX_Y) on how road warriors can can connect with a Mikrotik to automatically configure VPN. Pretty novel idea using inexpensive hardware. It may not be as user friendly as you need, though. On Tue, Jun 28, 2016 at 11:21 AM, Richard Greasley wrote: > Another option is Checkpoint Edge devices. > We use them worldwide with little to no problems. > They're centrally managed and support central logging which is a plus when > trying to diagnose issues. > They support dynamic IP addresses as well, so just plug it in and you > should be good to go. > Not the cheapest solution, but for sure they get the job done. > > Regards, > Richard. > > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Dan Stralka > Sent: Monday, June 27, 2016 6:28 PM > To: Karl Auer > Cc: nanog@nanog.org > Subject: Re: automated site to site vpn recommendations > > I would second Meraki for the situation you describe. I don't feel that > they are the most capable platform, they're expensive, and don't always > present you with all the information you'd need for troubleshooting. > However, the VPN offers great dynamic tunneling, instant-on performance, > and are by far the simplest platform to offer a field person. They're also > tenacious - I've had them connect to the cloud management platform and > build a VPN under some trying circumstances. > > From a security standpoint, they will offer features that will impress for > the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN > tunnel control), and we've found they punch above their weight and their > APs perform fantastically. > > We deploy them worldwide many times per year in similar use cases, > sometimes with 150 users on the LAN. If your routing is simple, you can > define your security policies, and don't need crazy throughput on your VPN, > Meraki is the way to go. Be careful though: they have to be continually > licensed to work and can get pretty expensive if you go for the higher end > gear. Thus far, we've been able to stick to the cheaper stuff and > accomplish our goals. > > Dan > > (end) > On Jun 27, 2016 6:01 PM, "Karl Auer" wrote: > > > On Mon, 2016-06-27 at 13:08 -0700, c b wrote: > > > In some cases... > > > > The words "in some cases" are a problem with any supposedly plug and > > play solution. > > > > > We really could use a simple solution that you > > > just flip on, it calls home, and works... > > > > ...but still requiring someone to enter credentials of some sort, > > right? Otherwise you have a device wandering about that provides look > > -mum-no-hands access to your corporate network. > > > > MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB > > for a wireless dongle or storage, and has a highly-scriptable operating > > system. Not a bad platform. > > > > Regards, K. > > > > -- > > ~~~ > > Karl Auer (ka...@biplane.com.au) > > http://www.biplane.com.au/kauer > > http://twitter.com/kauer389 > > > > GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B > > Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 > > > > -- GregSowell.com TheBrothersWISP.com
RE: automated site to site vpn recommendations
Guys, thanks for all the responses. Thanks to everyone's feedback, we have a number of options that were not on the original list and that is what I was hoping for. Now it's a matter of comparing cost/learning-curve/support-challenge/compatibility with tools/monitoring, etc... Thanks again. > From: r...@tehorange.com > Date: Wed, 29 Jun 2016 09:03:06 -0400 > Subject: Re: automated site to site vpn recommendations > To: p...@nashnetworks.ca > CC: nanog@nanog.org > > For several of our clients, we use Sophos UTMs coupled with their RED > units. Once registered with the UTM, the RED unit auto creates an SSL > based VPN back to the UTM. The RED unit is managed from the UTM and pulls > it's config when it boots. It's similar to the function of Meraki without > the direct cloud management portion, though the config profile does get > pushed to a section of Sophos' cloud. > > -Rich > > On Wed, Jun 29, 2016 at 8:55 AM, Paul Nash wrote: > > > My biggest issue with Meraki is that their tech staff can run tcpdump on > > the wired or wireless interface of your Meraki box without having to leave > > their desk. I have no reason to believe that they are malicious, or in the > > pay of the NSA, but I am too paranoid to allow their equipment anywhere > > near me. > > > > Yes, they work well and the cloud control panel makes remote support a > > breeze; you have to decide how you feel about the insecurity. > > > > paul > > > > > On Jun 27, 2016, at 6:28 PM, Dan Stralka wrote: > > > > > > I would second Meraki for the situation you describe. I don't feel that > > > they are the most capable platform, they're expensive, and don't always > > > present you with all the information you'd need for troubleshooting. > > > However, the VPN offers great dynamic tunneling, instant-on performance, > > > and are by far the simplest platform to offer a field person. They're > > also > > > tenacious - I've had them connect to the cloud management platform and > > > build a VPN under some trying circumstances. > > > > > > From a security standpoint, they will offer features that will impress > > for > > > the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN > > > tunnel control), and we've found they punch above their weight and their > > > APs perform fantastically. > > > > > > We deploy them worldwide many times per year in similar use cases, > > > sometimes with 150 users on the LAN. If your routing is simple, you can > > > define your security policies, and don't need crazy throughput on your > > VPN, > > > Meraki is the way to go. Be careful though: they have to be continually > > > licensed to work and can get pretty expensive if you go for the higher > > end > > > gear. Thus far, we've been able to stick to the cheaper stuff and > > > accomplish our goals. > > > > > > Dan > > > > > > (end) > > > On Jun 27, 2016 6:01 PM, "Karl Auer" wrote: > > > > > >> On Mon, 2016-06-27 at 13:08 -0700, c b wrote: > > >>> In some cases... > > >> > > >> The words "in some cases" are a problem with any supposedly plug and > > >> play solution. > > >> > > >>> We really could use a simple solution that you > > >>> just flip on, it calls home, and works... > > >> > > >> ...but still requiring someone to enter credentials of some sort, > > >> right? Otherwise you have a device wandering about that provides look > > >> -mum-no-hands access to your corporate network. > > >> > > >> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB > > >> for a wireless dongle or storage, and has a highly-scriptable operating > > >> system. Not a bad platform. > > >> > > >> Regards, K. > > >> > > >> -- > > >> ~~~ > > >> Karl Auer (ka...@biplane.com.au) > > >> http://www.biplane.com.au/kauer > > >> http://twitter.com/kauer389 > > >> > > >> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B > > >> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 > > >> > > >> > > >> > > >> > > > >
Re: automated site to site vpn recommendations
For several of our clients, we use Sophos UTMs coupled with their RED units. Once registered with the UTM, the RED unit auto creates an SSL based VPN back to the UTM. The RED unit is managed from the UTM and pulls it's config when it boots. It's similar to the function of Meraki without the direct cloud management portion, though the config profile does get pushed to a section of Sophos' cloud. -Rich On Wed, Jun 29, 2016 at 8:55 AM, Paul Nash wrote: > My biggest issue with Meraki is that their tech staff can run tcpdump on > the wired or wireless interface of your Meraki box without having to leave > their desk. I have no reason to believe that they are malicious, or in the > pay of the NSA, but I am too paranoid to allow their equipment anywhere > near me. > > Yes, they work well and the cloud control panel makes remote support a > breeze; you have to decide how you feel about the insecurity. > > paul > > > On Jun 27, 2016, at 6:28 PM, Dan Stralka wrote: > > > > I would second Meraki for the situation you describe. I don't feel that > > they are the most capable platform, they're expensive, and don't always > > present you with all the information you'd need for troubleshooting. > > However, the VPN offers great dynamic tunneling, instant-on performance, > > and are by far the simplest platform to offer a field person. They're > also > > tenacious - I've had them connect to the cloud management platform and > > build a VPN under some trying circumstances. > > > > From a security standpoint, they will offer features that will impress > for > > the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN > > tunnel control), and we've found they punch above their weight and their > > APs perform fantastically. > > > > We deploy them worldwide many times per year in similar use cases, > > sometimes with 150 users on the LAN. If your routing is simple, you can > > define your security policies, and don't need crazy throughput on your > VPN, > > Meraki is the way to go. Be careful though: they have to be continually > > licensed to work and can get pretty expensive if you go for the higher > end > > gear. Thus far, we've been able to stick to the cheaper stuff and > > accomplish our goals. > > > > Dan > > > > (end) > > On Jun 27, 2016 6:01 PM, "Karl Auer" wrote: > > > >> On Mon, 2016-06-27 at 13:08 -0700, c b wrote: > >>> In some cases... > >> > >> The words "in some cases" are a problem with any supposedly plug and > >> play solution. > >> > >>> We really could use a simple solution that you > >>> just flip on, it calls home, and works... > >> > >> ...but still requiring someone to enter credentials of some sort, > >> right? Otherwise you have a device wandering about that provides look > >> -mum-no-hands access to your corporate network. > >> > >> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB > >> for a wireless dongle or storage, and has a highly-scriptable operating > >> system. Not a bad platform. > >> > >> Regards, K. > >> > >> -- > >> ~~~ > >> Karl Auer (ka...@biplane.com.au) > >> http://www.biplane.com.au/kauer > >> http://twitter.com/kauer389 > >> > >> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B > >> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 > >> > >> > >> > >> > >
Re: automated site to site vpn recommendations
I believe they fixed this -- when I've spoken to tech support recently, I had to give them a tech support key so that they could access the devices I had questions about. -Original Message- From: "Paul Nash" Sent: Wednesday, June 29, 2016 8:55am To: "Untitled 3" Subject: Re: automated site to site vpn recommendations My biggest issue with Meraki is that their tech staff can run tcpdump on the wired or wireless interface of your Meraki box without having to leave their desk. I have no reason to believe that they are malicious, or in the pay of the NSA, but I am too paranoid to allow their equipment anywhere near me. Yes, they work well and the cloud control panel makes remote support a breeze; you have to decide how you feel about the insecurity. paul > On Jun 27, 2016, at 6:28 PM, Dan Stralka wrote: > > I would second Meraki for the situation you describe. I don't feel that > they are the most capable platform, they're expensive, and don't always > present you with all the information you'd need for troubleshooting. > However, the VPN offers great dynamic tunneling, instant-on performance, > and are by far the simplest platform to offer a field person. They're also > tenacious - I've had them connect to the cloud management platform and > build a VPN under some trying circumstances. > > From a security standpoint, they will offer features that will impress for > the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN > tunnel control), and we've found they punch above their weight and their > APs perform fantastically. > > We deploy them worldwide many times per year in similar use cases, > sometimes with 150 users on the LAN. If your routing is simple, you can > define your security policies, and don't need crazy throughput on your VPN, > Meraki is the way to go. Be careful though: they have to be continually > licensed to work and can get pretty expensive if you go for the higher end > gear. Thus far, we've been able to stick to the cheaper stuff and > accomplish our goals. > > Dan > > (end) > On Jun 27, 2016 6:01 PM, "Karl Auer" wrote: > >> On Mon, 2016-06-27 at 13:08 -0700, c b wrote: >>> In some cases... >> >> The words "in some cases" are a problem with any supposedly plug and >> play solution. >> >>> We really could use a simple solution that you >>> just flip on, it calls home, and works... >> >> ...but still requiring someone to enter credentials of some sort, >> right? Otherwise you have a device wandering about that provides look >> -mum-no-hands access to your corporate network. >> >> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB >> for a wireless dongle or storage, and has a highly-scriptable operating >> system. Not a bad platform. >> >> Regards, K. >> >> -- >> ~~~ >> Karl Auer (ka...@biplane.com.au) >> http://www.biplane.com.au/kauer >> http://twitter.com/kauer389 >> >> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B >> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 >> >> >> >>
Re: automated site to site vpn recommendations
My biggest issue with Meraki is that their tech staff can run tcpdump on the wired or wireless interface of your Meraki box without having to leave their desk. I have no reason to believe that they are malicious, or in the pay of the NSA, but I am too paranoid to allow their equipment anywhere near me. Yes, they work well and the cloud control panel makes remote support a breeze; you have to decide how you feel about the insecurity. paul > On Jun 27, 2016, at 6:28 PM, Dan Stralka wrote: > > I would second Meraki for the situation you describe. I don't feel that > they are the most capable platform, they're expensive, and don't always > present you with all the information you'd need for troubleshooting. > However, the VPN offers great dynamic tunneling, instant-on performance, > and are by far the simplest platform to offer a field person. They're also > tenacious - I've had them connect to the cloud management platform and > build a VPN under some trying circumstances. > > From a security standpoint, they will offer features that will impress for > the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN > tunnel control), and we've found they punch above their weight and their > APs perform fantastically. > > We deploy them worldwide many times per year in similar use cases, > sometimes with 150 users on the LAN. If your routing is simple, you can > define your security policies, and don't need crazy throughput on your VPN, > Meraki is the way to go. Be careful though: they have to be continually > licensed to work and can get pretty expensive if you go for the higher end > gear. Thus far, we've been able to stick to the cheaper stuff and > accomplish our goals. > > Dan > > (end) > On Jun 27, 2016 6:01 PM, "Karl Auer" wrote: > >> On Mon, 2016-06-27 at 13:08 -0700, c b wrote: >>> In some cases... >> >> The words "in some cases" are a problem with any supposedly plug and >> play solution. >> >>> We really could use a simple solution that you >>> just flip on, it calls home, and works... >> >> ...but still requiring someone to enter credentials of some sort, >> right? Otherwise you have a device wandering about that provides look >> -mum-no-hands access to your corporate network. >> >> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB >> for a wireless dongle or storage, and has a highly-scriptable operating >> system. Not a bad platform. >> >> Regards, K. >> >> -- >> ~~~ >> Karl Auer (ka...@biplane.com.au) >> http://www.biplane.com.au/kauer >> http://twitter.com/kauer389 >> >> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B >> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 >> >> >> >> smime.p7s Description: S/MIME cryptographic signature