> We're using OpenVPN for our client-to-server tunnels. For these
> connections it's quite easy to set up (sorry, Joe :p). By default it
> allows for 1024 simultaneous connections so that should at least suit
> your needs.
Thanks. The numbers do worry me. The Juniper NetScreen 500 states that
it supports something like 64,000 sessions and 5000 VPN tunnels, but in
our experience I would not want to push it any harder than 250 tunnels.
That's why I am hoping to find some real-life benchmarking of Linux VPN
solutions. But just finding the solutions in the first place has
unexpectedly become the hard part!
> For server-to-server connections we tend to set up IPSEC because most
> customers we deal with have an appliance that only speaks IPSEC. My
> experience with IPSEC is that it's a horror to debug if something goes
I don't know about that. We have about 400 IPSEC tunnels in production.
Nearly everything that goes wrong with IPSEC tunnels is in the
Phase1/Phase2 negotiation and the Juniper logs are detailed enough to
tell you the exact problem. I can usually tell the guy at the other end
what he has done wrong in his configuration just by looking at the logs
at my end. The other problem is just that port 500 is blocked somewhere
or something like that. Recently we had a guy with a Cisco concentrator
who could not get connected, but using the NetScreen snoop command we
were able to see that he was trying to do IKE over TCP when the standard
calls for UDP. All in all, I've been very happy with IPSEC.
Disclaimer - August 10, 2011
This email and any files transmitted with it are confidential and intended
solely for LinuxVirtualServer.org users mailing list.. If you are not the named
addressee you should not disseminate, distribute, copy or alter this email. Any
views or opinions presented in this email are solely those of the author and
might not represent those of Physicians' Managed Care or Physician Select
Management. Warning: Although Physicians' Managed Care or Physician Select
Management has taken reasonable precautions to ensure no viruses are present in
this email, the company cannot accept responsibility for any loss or damage
arising from the use of this email or attachments.
This disclaimer was added by Policy Patrol: http://www.policypatrol.com/
Please read the documentation before posting - it's available at:
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users