On Tue, 9 Aug 2011, Robinson, Eric wrote:
> This is admittedly off topic,
close enough and it's an interesting problem
> but it also seems like a good place to ask the question.
> We currently have a bunch of Juniper firewalls to handle
> our VPN tunnels. We are pretty happy with them, but they
> tend to max out at around 100-200 tunnels each because of
> limitations in CPU performance. I would like to find a
> good Linux alternative because I'm thinking that we should
> be able to cram 500 tunnels onto a multi-core Xeon server
> pretty comfortably.
presumably your estimate is based on the known load for a
given (smaller) number of tunnels?
You'd need good nics with offload etc.
> Does anyone know a good Linux-based firewall/VPN solution?
> I've Googled, but mostly I just see references to OpenSWAN
> and SmoothWall. That would probably be fine if I could
> find some case studies where people used those tools in
> high-load environments.
as for this project, developers usually don't have a setup
they can test at full bore and rely on users to let them
know what they get.
a quick search with google doesn't show anything useful for
Smoothwall performance, which is not good for a product
that's been out for 10-12 years. I expect someone would have
flogged the box of the day (400MHz Pentium say) with
increasing numbers of connections till the machine froze.
Someone has tested the max throughput for one connection ;-\
I remember trying to setup OpenSWAN about 10yrs ago and
giving up. It was too complex.
There's another Linux VPN which also was horrific to setup,
and I can't remember its name. I thought it might be
OpenVPN, but on going to that webpage, it looks like a
glitz soaked commercial product.
No wonder Juniper has the market cornered
Hope you find something.
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
Please read the documentation before posting - it's available at:
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users