[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC VPN capacity/etc



Quoting Curtis H. Wilbar Jr. (bsd_(_at_)_hawkmountain_(_dot_)_net):
> At work, we are looking at configuring our OBSD box to do
> IPSEC VPN.
...
> Is there any rule of thumb how many VPN connections a given
> OBSD box can handle (w/o encryption accelerator cards) ?

Depends more on type of 'crypto being used and bandwidth
that needs to be encrypted.

200 users sending very occasional packets will use far less
than someone on a 5MB line regularly using your file system
services.

> We would like to use the PII-350 (possibly upgrading it's
> CPU), but if that won't handle it, then we'll need to 
> allocate something else.

Also, there are ($80) soekris accelerators that fit in PCI
slots.

Recall that BSD's VPN needs to talk to the machine, not
through a NAT box (at least it failed last I used a NAT
box, but that was a couple releases ago).