Re: [lvs-users] [OT] High Performance Linux Firewall / VPN Device?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] [OT] High Performance Linux Firewall / VPN Device?
From: "L.S. Keijser" <leon@xxxxxxxx>
Date: Wed, 10 Aug 2011 10:13:43 +0200
On Tue, 2011-08-09 at 20:27 +0000, Robinson, Eric wrote:
> This is admittedly off topic, but it also seems like a good place to ask
> the question. We currently have a bunch of Juniper firewalls to handle
> our VPN tunnels. We are pretty happy with them, but they tend to max out
> at around 100-200 tunnels each because of limitations in CPU
> performance. I would like to find a good Linux alternative because I'm
> thinking that we should be able to cram 500 tunnels onto a multi-core
> Xeon server pretty comfortably. Does anyone know a good Linux-based
> firewall/VPN solution? I've Googled, but mostly I just see references to
> OpenSWAN and SmoothWall. That would probably be fine if I could find
> some case studies where people used those tools in high-load
> environments.

We're using OpenVPN for our client-to-server tunnels. For these
connections it's quite easy to set up (sorry, Joe :p). By default it
allows for 1024 simultaneous connections so that should at least suit
your needs. 

For server-to-server connections we tend to set up IPSEC because most
customers we deal with have an appliance that only speaks IPSEC. My
experience with IPSEC is that it's a horror to debug if something goes

I've made a script to generate client configurations/certificates
( for OpenVPN that you might be
interested in.

Feel free to contact me off-list if you got any more questions.



Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to
<Prev in Thread] Current Thread [Next in Thread>