|
On Tue, 2011-08-09 at 20:27 +0000, Robinson, Eric wrote:
> This is admittedly off topic, but it also seems like a good place to ask
> the question. We currently have a bunch of Juniper firewalls to handle
> our VPN tunnels. We are pretty happy with them, but they tend to max out
> at around 100-200 tunnels each because of limitations in CPU
> performance. I would like to find a good Linux alternative because I'm
> thinking that we should be able to cram 500 tunnels onto a multi-core
> Xeon server pretty comfortably. Does anyone know a good Linux-based
> firewall/VPN solution? I've Googled, but mostly I just see references to
> OpenSWAN and SmoothWall. That would probably be fine if I could find
> some case studies where people used those tools in high-load
> environments.
We're using OpenVPN for our client-to-server tunnels. For these
connections it's quite easy to set up (sorry, Joe :p). By default it
allows for 1024 simultaneous connections so that should at least suit
your needs.
For server-to-server connections we tend to set up IPSEC because most
customers we deal with have an appliance that only speaks IPSEC. My
experience with IPSEC is that it's a horror to debug if something goes
wrong.
I've made a script to generate client configurations/certificates
(http://github.com/lkeijser/stonevpn) for OpenVPN that you might be
interested in.
Feel free to contact me off-list if you got any more questions.
regards,
Léon
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
