Catastrophe strikes Blue Feather's 'net presence [OT Reply]
austin at ozpass.co.uk
Wed Aug 16 15:02:15 CDT 2006
On 16/8/06 20:29, "Zane H. Healy" <healyzh at aracnet.com> wrote:
>> > If anyone knows of a good, solid VPN router, in the $400-$500 (max)
>> > range, with at least the following features I would appreciate
>> > hearing about it. I'm currently looking at Zyxel (the Zywall 5) and
>> > Multitech (RouteFinder 830).
>> > --Must support 1:1 NAT mapping.
>> > --Must support at least IPSec VPN with 3DES or AES encryption, and
>> > --the VPN client must be low-cost or included.
>> > --Preferably, should also support PPTP for when IPSec is blocked at
>> > --the originating end (I've seen it happen).
>> > --Must be RACK-MOUNTED, as in it has rack ears or brackets. This is
>> > --NOT negotiable.
>> > --The manufacturer must NOT, unlike Watchguard and Juniper Networks,
>> > --nickle-and-dime its users to death for extra features.
> Have you looked into using OpenBSD? I'm not 100% sure on the VPN portions,
> but I believe it supports everything you're looking for.
The best option in your price range is to ³roll your own².
My company market a solution that ticks all your boxes, hence I know for a
cold hard fact that you can hack one together from off the shelf parts.
Ours consists of a SuperMicro case (with 200w PSU), ASRock socket AM2
motherboard, latest cheap Sempron64 CPU, 512MB DDR2 RAM, 40GB PATA HDD,
Intel PRO/100 VE NIC.
This should cost you no more than £260. Gives you a box that¹s way
over-specced for your requirements. None of our customers are particularly
large, but it happily handles 43 simultaneous VPN sessions at our largest
site. I¹d expect it to handle well over 100.
As Zane said, BSD is the way to go. We use a customised version of m0n0wall
Alternatively (and getting marginally more on topic) we¹ve used second hand
Sun Netra T100¹s for the same application in the past running various BSD
flavours. If you¹re lucky you¹ll get one with Checkpoint FW-1
pre-installed. If you¹re very lucky it¹ll have the passwords with it! ;-)
More information about the cctalk