[Soekris] Soekris 5501 and pfSense with VPN
Hi All Being brand new to the world of soekris, I'm sort of stumbling around in the dark, and I hope somebody can enlighten me :-) I'm considering 5501-70 board for use here in Lynge at our mainsite. We in the IT department would probably like to have a VPN connection to the site. So the question is, will the 5501-70 be tough enough to handle a few VPN connections, or do we need to add the vpn1411, and will the vpn1411 even work with VPN in pfSense (IPsec ( http://en.wikipedia.org/wiki/IPsec ), OpenVPN ( http://openvpn.net/ ))? Best regards Kenneth ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Soekris 5501 and pfSense with VPN
A lot depends on the bandwidth you are planning on using inside the VPN. I'm using a 4801 with pfsense, running openvpn, and a few tunnels to access some RDP sessions while I am away from home work great. Sustained network traffic of a couple of MBit/s is a bit more troublesome, in my experience. Greets, Nils On Fri, Jul 11, 2008 at 1:22 PM, Kenneth Fribert [EMAIL PROTECTED] wrote: Hi All Being brand new to the world of soekris, I'm sort of stumbling around in the dark, and I hope somebody can enlighten me :-) I'm considering 5501-70 board for use here in Lynge at our mainsite. We in the IT department would probably like to have a VPN connection to the site. So the question is, will the 5501-70 be tough enough to handle a few VPN connections, or do we need to add the vpn1411, and will the vpn1411 even work with VPN in pfSense (IPsec http://en.wikipedia.org/wiki/IPsec, OpenVPN http://openvpn.net/)? Best regards Kenneth ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech -- Simple guidelines to happiness: Work like you don't need the money, Love like your heart has never been broken and Dance like no one can see you. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Soekris 5501 and pfSense with VPN
Hi Guys Thanks for the fast and very informative feedback. We have a 10mbit fiber here which will be the one used for VPN connections. We provide services for our employees through our Citrix solution, but the IT department (specifically ME :-), and a few external consultants) could need some VPN access for debugging. And I guess the vpn1411 is out, to much trouble with that. IPSec is recommended? Is that the VPN client native for Windoze? It would be nice to not require a special client for the consultants... /Kenneth On 11. July 2008 at 13:22, in message [EMAIL PROTECTED], Kenneth Fribert [EMAIL PROTECTED] wrote: Hi All Being brand new to the world of soekris, I'm sort of stumbling around in the dark, and I hope somebody can enlighten me :-) I'm considering 5501-70 board for use here in Lynge at our mainsite. We in the IT department would probably like to have a VPN connection to the site. So the question is, will the 5501-70 be tough enough to handle a few VPN connections, or do we need to add the vpn1411, and will the vpn1411 even work with VPN in pfSense (IPsec ( http://en.wikipedia.org/wiki/IPsec ), OpenVPN ( http://openvpn.net/ ))? Best regards Kenneth ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Soekris 5501 and pfSense with VPN
* Kenneth Fribert wrote: Hi All Being brand new to the world of soekris, I'm sort of stumbling around in the dark, and I hope somebody can enlighten me :-) I'm considering 5501-70 board for use here in Lynge at our mainsite. We in the IT department would probably like to have a VPN connection to the site. So the question is, will the 5501-70 be tough enough to handle a few VPN connections, or do we need to add the vpn1411, and will the vpn1411 even work with VPN in pfSense (IPsec ( http://en.wikipedia.org/wiki/IPsec ), OpenVPN ( http://openvpn.net/ ))? With an AMD Geode LX and OpenBSD we measured an IPsec throughput of roughly 20 MBit/s. Note that the chip has an AES-128 accelerator onboard already. - Marc ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Soekris 5501 and pfSense with VPN
So the question is, will the 5501-70 be tough enough to handle a few VPN connections, or do we need to add the vpn1411, and will the vpn1411 even work with VPN in pfSense (IPsec, IPSec is the way to fly. What speed WAN? Above 1024kbps? ~BAS ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
[Soekris] net5501 Successor
Hello, Do You plan any new Soekris Board in a near future (= 6 months) ? I look forward to Your Answer, Best Regards, Guillaume FORTAINE I have root @ Google ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] net5501 Successor
Guillaume FORTAINE wrote: Hello, Do You plan any new Soekris Board in a near future (= 6 months) ? I look forward to Your Answer, Best Regards, Guillaume FORTAINE I have root @ Google ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech Why are you looking for a successor to the 5501? Any particular features you are looking for? -- +1.925.202.9485 Sargun Dhillon deCarta [EMAIL PROTECTED] www.decarta.com ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
[Soekris] combios
where is combios 1.33c The requested URL /software/b5501_133c.bin was not found on this server. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] net5501 Successor
Sargun Dhillon wrote: Guillaume FORTAINE wrote: Hello, Do You plan any new Soekris Board in a near future (= 6 months) ? I look forward to Your Answer, Best Regards, Guillaume FORTAINE I have root @ Google ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech Why are you looking for a successor to the 5501? Any particular features you are looking for? According to this post [1] : With an AMD Geode LX and OpenBSD we measured an IPsec throughput of roughly 20 MBit/s. It means that : 1) we are not able to enjoy the full speed of an ADSL2+ Line [2]. ADSL2+ 24,576/3584 kbit/s 3072/448 kB/s 2) If we want to enjoy it, we will need an additional vpn1411 Board [3] and thus won't be able to provide Wifi (1 Mini-PCI port on the Soekris 5501). Conclusion : If we want to enjoy 1) Secure Wifi that is done in Software in OpenBSD, To quote : Added a kernel implementation of the 4-way handshake and group-key handshake protocols of 802.11i, and a software implementation of TKIP and CCMP, making WPA/WPA2-PSK usable in both station and hostap modes for bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4). 2) And Full-Speed VPN, at least a faster processor would be needed (LX 900). According to the net5501 Web Page, a 600 Mhz model is planned. Maybe a net5501-80 ? I look forward to Your Answer, Best Regards [1] http://lists.soekris.com/pipermail/soekris-tech/2008-July/014641.html [2] http://en.wikipedia.org/wiki/List_of_device_bandwidths#Modems.2FHome_user_connections [3] http://www.soekris.com/vpn1401.htm [4] http://www.openbsd.org/plus.html [5] http://www.soekris.com/net5501.htm Guillaume FORTAINE I have root @ Google ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Soekris 5501 and pfSense with VPN
Kenneth, I use it either with OpenBSD+IPSec or OpenBSD+OpenVPN with no issues. My experiences are similar to the ones described by others in this thread. I would just like to add that with OpenVPN you can setup load balancing of connections in order to try to spread those connections through several boxes. The decision about which server to connect to is made on OpenVPN's client side though, from what I recall. With authentication in LDAP works like a charm. The only inconvenience is syncing user certificates and configs (when needed) and defining/maintaining a method to supply configs/installs to users. My 2 cents... Joao Kenneth Fribert wrote: Hi Guys Thanks for the fast and very informative feedback. We have a 10mbit fiber here which will be the one used for VPN connections. We provide services for our employees through our Citrix solution, but the IT department (specifically ME :-), and a few external consultants) could need some VPN access for debugging. And I guess the vpn1411 is out, to much trouble with that. IPSec is recommended? Is that the VPN client native for Windoze? It would be nice to not require a special client for the consultants... /Kenneth On 11. July 2008 at 13:22, in message [EMAIL PROTECTED], Kenneth Fribert [EMAIL PROTECTED] wrote: Hi All Being brand new to the world of soekris, I'm sort of stumbling around in the dark, and I hope somebody can enlighten me :-) I'm considering 5501-70 board for use here in Lynge at our mainsite. We in the IT department would probably like to have a VPN connection to the site. So the question is, will the 5501-70 be tough enough to handle a few VPN connections, or do we need to add the vpn1411, and will the vpn1411 even work with VPN in pfSense (IPsec http://en.wikipedia.org/wiki/IPsec, OpenVPN http://openvpn.net/)? Best regards Kenneth ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Latest net5501 bios
* James Turner [EMAIL PROTECTED] [2008-07-11 02:39]: I noticed version 1.33c was recently posted. Since the changelog hasn't been updated since 1.33, I was wondering what changed in 1.33b and 1.33c? Thanks. See http://www.soekris.com/Issue0007-8.htm -- Regards, Wolfram Schlich [EMAIL PROTECTED] Gentoo Linux * http://dev.gentoo.org/~wschlich/ ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
