[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC VPN capacity/etc
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: IPSEC VPN capacity/etc
- From: Chuck Yerkes <chuck+obsd_(_at_)_2004_(_dot_)_snew_(_dot_)_com>
- Date: Fri, 4 Jun 2004 01:50:18 -0400
Quoting Curtis H. Wilbar Jr. (bsd_(_at_)_hawkmountain_(_dot_)_net):
> At work, we are looking at configuring our OBSD box to do
> IPSEC VPN.
> Is there any rule of thumb how many VPN connections a given
> OBSD box can handle (w/o encryption accelerator cards) ?
Depends more on type of 'crypto being used and bandwidth
that needs to be encrypted.
200 users sending very occasional packets will use far less
than someone on a 5MB line regularly using your file system
> We would like to use the PII-350 (possibly upgrading it's
> CPU), but if that won't handle it, then we'll need to
> allocate something else.
Also, there are ($80) soekris accelerators that fit in PCI
Recall that BSD's VPN needs to talk to the machine, not
through a NAT box (at least it failed last I used a NAT
box, but that was a couple releases ago).