Re: [pfSense] SOHO Router for VPN to pfSense
On 29-4-2013 16:01, j...@millican.us wrote: On 4/29/2013 9:35 AM, j...@millican.us wrote: Hello, Thank You, JohnM Forgot to add that I have been looking at the Buffalo WZR-300HP. Any opinions? We almost exclusively use Draytek Vigor routers with IPsec tunnels and pfSense. We use Dell PowerEdge R310 servers as the endpoint. We have about 300 tunnels, we always had the Draytek Vigor 2800VGI model, but are now moving forward with the Draytek Vigor 2850 model, it is a ADSL/VSDL combo modem, supports 3G/4G via USB stick (We use the Huawei E392) and also Ethernet WAN using port 4 of the gigabit LAN ports. It's a very versatile model. Regards, Seth ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SOHO Router for VPN to pfSense
I can’t speak to the advanced routing and traffic shaping stuff, but Alix + PFsense have been great for me. IPSec VPNs between multiple locations have been very reliable. On Apr 30, 2013, at 9:23 PM, Seth Mos wrote: On 29-4-2013 16:01, j...@millican.us wrote: On 4/29/2013 9:35 AM, j...@millican.us wrote: Hello, Thank You, JohnM Forgot to add that I have been looking at the Buffalo WZR-300HP. Any opinions? We almost exclusively use Draytek Vigor routers with IPsec tunnels and pfSense. We use Dell PowerEdge R310 servers as the endpoint. We have about 300 tunnels, we always had the Draytek Vigor 2800VGI model, but are now moving forward with the Draytek Vigor 2850 model, it is a ADSL/VSDL combo modem, supports 3G/4G via USB stick (We use the Huawei E392) and also Ethernet WAN using port 4 of the gigabit LAN ports. It's a very versatile model. Regards, Seth ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] SOHO Router for VPN to pfSense
Hello, I have a task to connect a number of small/home offices via VPN (OpenVPN is preferred but could be IPSEC) to a central location that has a pfSense box as its FW/Router. Does anyone have any recommendations based on their personal experiences as to which brands/models to look at first? I know I could get any number if open source based routers and load DD-WRT but am hoping to limit the number of steps needed as there could potential be Yes I know I am being lazy and hoping to avoid the many hours of research by asking here. I have been Google 'ing but getting mostly marketing mumbo jumbo and not a much related real world experience. Also what are the limits related to how many OpenVPN, or IPSEC, tunnels I can connect to a relatively well spec 'ed pfSense box? I.E 2.2 GHz Opteron 4122, 4GB Ram, Supermicro (intel based) Gigabyte network cards. I can easily add bandwidth as I add tunnels so that is not a limiting factor in itself. Each tunnel will be routed to a specific single server behind the firewall. Thank You, JohnM ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SOHO Router for VPN to pfSense
On 4/29/2013 9:35 AM, j...@millican.us wrote: Hello, I have a task to connect a number of small/home offices via VPN (OpenVPN is preferred but could be IPSEC) to a central location that has a pfSense box as its FW/Router. Does anyone have any recommendations based on their personal experiences as to which brands/models to look at first? I know I could get any number if open source based routers and load DD-WRT but am hoping to limit the number of steps needed as there could potential be Yes I know I am being lazy and hoping to avoid the many hours of research by asking here. I have been Google 'ing but getting mostly marketing mumbo jumbo and not a much related real world experience. Also what are the limits related to how many OpenVPN, or IPSEC, tunnels I can connect to a relatively well spec 'ed pfSense box? I.E 2.2 GHz Opteron 4122, 4GB Ram, Supermicro (intel based) Gigabyte network cards. I can easily add bandwidth as I add tunnels so that is not a limiting factor in itself. Each tunnel will be routed to a specific single server behind the firewall. Thank You, JohnM Forgot to add that I have been looking at the Buffalo WZR-300HP. Any opinions? Thanks again, JohnM ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SOHO Router for VPN to pfSense
What is the speed for the internet connect and what speed will be going over the vpn. Take a look at this http://www.pfsense.org/index.php?option=com_contenttask=viewid=52Itemid=49. That amd server should be able to handle almost any internet connect you are using. On Mon, Apr 29, 2013 at 10:01 AM, j...@millican.us j...@millican.us wrote: On 4/29/2013 9:35 AM, j...@millican.us wrote: Hello, I have a task to connect a number of small/home offices via VPN (OpenVPN is preferred but could be IPSEC) to a central location that has a pfSense box as its FW/Router. Does anyone have any recommendations based on their personal experiences as to which brands/models to look at first? I know I could get any number if open source based routers and load DD-WRT but am hoping to limit the number of steps needed as there could potential be Yes I know I am being lazy and hoping to avoid the many hours of research by asking here. I have been Google 'ing but getting mostly marketing mumbo jumbo and not a much related real world experience. Also what are the limits related to how many OpenVPN, or IPSEC, tunnels I can connect to a relatively well spec 'ed pfSense box? I.E 2.2 GHz Opteron 4122, 4GB Ram, Supermicro (intel based) Gigabyte network cards. I can easily add bandwidth as I add tunnels so that is not a limiting factor in itself. Each tunnel will be routed to a specific single server behind the firewall. Thank You, JohnM Forgot to add that I have been looking at the Buffalo WZR-300HP. Any opinions? Thanks again, JohnM __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list -- Zach Underwood (RHCE,RHCSA,RHCT) My website http://zachunderwood.me My photes http://zunder1990.openphoto.me ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SOHO Router for VPN to pfSense
I haven't done VPN using them, but I have extreme reliability from DIR-825 with DD-WRT. On 29 April 2013 16:35, j...@millican.us j...@millican.us wrote: Hello, I have a task to connect a number of small/home offices via VPN (OpenVPN is preferred but could be IPSEC) to a central location that has a pfSense box as its FW/Router. Does anyone have any recommendations based on their personal experiences as to which brands/models to look at first? I know I could get any number if open source based routers and load DD-WRT but am hoping to limit the number of steps needed as there could potential be Yes I know I am being lazy and hoping to avoid the many hours of research by asking here. I have been Google 'ing but getting mostly marketing mumbo jumbo and not a much related real world experience. Also what are the limits related to how many OpenVPN, or IPSEC, tunnels I can connect to a relatively well spec 'ed pfSense box? I.E 2.2 GHz Opteron 4122, 4GB Ram, Supermicro (intel based) Gigabyte network cards. I can easily add bandwidth as I add tunnels so that is not a limiting factor in itself. Each tunnel will be routed to a specific single server behind the firewall. Thank You, JohnM __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SOHO Router for VPN to pfSense
On 29/4/13 2:35 pm, j...@millican.us wrote: I have a task to connect a number of small/home offices via VPN (OpenVPN is preferred but could be IPSEC) to a central location that has a pfSense box as its FW/Router. Does anyone have any recommendations based on their personal experiences as to which brands/models to look at first? Honestly, your best best is to use pfSense to connect to another pfSense. I've spent goodness knows how many hours over the last few years trying to persuade various Netgear, Draytek, Buffalo, etc. etc. routers to talk to pfSense, and it's just not worth the hassle. Stick a litle embedded pfSense at each remote location (ALIX boards are an economical choice) and it'll Just Work (TM). Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SOHO Router for VPN to pfSense
On Mon, Apr 29, 2013 at 10:01 AM, Chris Bagnall pfse...@lists.minotaur.ccwrote: On 29/4/13 2:35 pm, j...@millican.us wrote: I have a task to connect a number of small/home offices via VPN (OpenVPN is preferred but could be IPSEC) to a central location that has a pfSense box as its FW/Router. Does anyone have any recommendations based on their personal experiences as to which brands/models to look at first? Honestly, your best best is to use pfSense to connect to another pfSense. I've spent goodness knows how many hours over the last few years trying to persuade various Netgear, Draytek, Buffalo, etc. etc. routers to talk to pfSense, and it's just not worth the hassle. Stick a litle embedded pfSense at each remote location (ALIX boards are an economical choice) and it'll Just Work (TM). It could just be my own ignorance, but I have had little success trying to connect a pair of pfsense firewalls via OpenVPN. On the other hand, I had little trouble connecting an instance of pfsense to a Tomato router, with the former acting as OpenVPN client. db ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SOHO Router for VPN to pfSense
On 4/29/2013 12:11 PM, David Burgess wrote: On Mon, Apr 29, 2013 at 10:01 AM, Chris Bagnall pfse...@lists.minotaur.cc mailto:pfse...@lists.minotaur.cc wrote: On 29/4/13 2:35 pm, j...@millican.us mailto:j...@millican.us wrote: I have a task to connect a number of small/home offices via VPN (OpenVPN is preferred but could be IPSEC) to a central location that has a pfSense box as its FW/Router. Does anyone have any recommendations based on their personal experiences as to which brands/models to look at first? Honestly, your best best is to use pfSense to connect to another pfSense. I've spent goodness knows how many hours over the last few years trying to persuade various Netgear, Draytek, Buffalo, etc. etc. routers to talk to pfSense, and it's just not worth the hassle. Stick a litle embedded pfSense at each remote location (ALIX boards are an economical choice) and it'll Just Work (TM). It could just be my own ignorance, but I have had little success trying to connect a pair of pfsense firewalls via OpenVPN. On the other hand, I had little trouble connecting an instance of pfsense to a Tomato router, with the former acting as OpenVPN client. db ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Seriously, these days it is SUPER simple to setup OpenVPN and use OSPF to route. Take a look around the wiki and forum and there are step by step directions posted. The M1n1wall's from netgate are my go-to branch office appliances. The only downside I have seen with pfSense in a setup like this is its inability to traffic shape the vpn. Say you have voice and data, the best thing I was able to accomplish was a separate openvpn tunnel for each type and then prioritizing the port that was being used for the voice tunnel. You can't get granular control like you can with a few other vendors (that cost a lot more). Jonathon ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SOHO Router for VPN to pfSense
On 29/4/13 5:11 pm, David Burgess wrote: It could just be my own ignorance, but I have had little success trying to connect a pair of pfsense firewalls via OpenVPN. Really? I must admit it's always Just Worked for me (even going across versions, e.g. 1.2 to 2.0). Far easier than trying to persuade a Netgear to talk IPSec to pfSense. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SOHO Router for VPN to pfSense
On Mon, Apr 29, 2013 at 10:35 AM, Chris Bagnall pfse...@lists.minotaur.ccwrote: On 29/4/13 5:11 pm, David Burgess wrote: It could just be my own ignorance, but I have had little success trying to connect a pair of pfsense firewalls via OpenVPN. Really? I must admit it's always Just Worked for me (even going across versions, e.g. 1.2 to 2.0). Far easier than trying to persuade a Netgear to talk IPSec to pfSense. Yeah, setting it up was easy (both were running 2.0.1 or 2.0.2 IIRC). I arranged a pair of windows on the screen with one instance on the left and the other on the right. I made all the appropriate settings to match and then saved...nothing. I didn't spend a lot of time troubleshooting, so I don't remember specifically what went wrong. Based on other comments here, I guess the problem was probably just me :P db ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
