Catastrophe strikes Blue Feather's 'net presence [OT Reply]

Wed Aug 16 15:02:15 CDT 2006

On 16/8/06 20:29, "Zane H. Healy" <healyzh at aracnet.com> wrote:

>> >  If anyone knows of a good, solid VPN router, in the $400-$500 (max)
>> >  range, with at least the following features I would appreciate
>> >  hearing about it. I'm currently looking at Zyxel (the Zywall 5) and
>> >  Multitech (RouteFinder 830).
>> > 
>> >  --Must support 1:1 NAT mapping.
>> >  --Must support at least IPSec VPN with 3DES or AES encryption, and
>> >  --the VPN client must be low-cost or included.
>> >  --Preferably, should also support PPTP for when IPSec is blocked at
>> >  --the originating end (I've seen it happen).
>> >  --Must be RACK-MOUNTED, as in it has rack ears or brackets. This is
>> >  --NOT negotiable.
>> >  --The manufacturer must NOT, unlike Watchguard and Juniper Networks,
>> >  --nickle-and-dime its users to death for extra features.
> 
> Have you looked into using OpenBSD?  I'm not 100% sure on the VPN portions,
> but I believe it supports everything you're looking for.
> 
>   Zane

The best option in your price range is to ³roll your own².

My company market a solution that ticks all your boxes, hence I know for a
cold hard fact that you can hack one together from off the shelf parts.

Ours consists of a SuperMicro case (with 200w PSU), ASRock socket AM2
motherboard, latest cheap Sempron64 CPU, 512MB DDR2 RAM, 40GB PATA HDD,
Intel PRO/100 VE NIC.

This should cost you no more than £260.  Gives you a box that¹s way
over-specced for your requirements.  None of our customers are particularly
large, but it happily handles 43 simultaneous VPN sessions at our largest
site.  I¹d expect it to handle well over 100.

As Zane said, BSD is the way to go.  We use a customised version of m0n0wall
(http://www.m0n0.ch).

Alternatively (and getting marginally more on topic) we¹ve used second hand
Sun Netra T100¹s for the same application in the past running various BSD
flavours.  If you¹re lucky you¹ll get one with Checkpoint FW-1
pre-installed.  If you¹re very lucky it¹ll have the passwords with it! ;-)

-Austin.