|
||||||||
> -----Original Message----- > From: news [mailto:news at sea dot gmane dot org] On Behalf Of Ugo Bellavance > Sent: Thursday, April 07, 2005 10:47 AM > To: m0n0wall at lists dot m0n0 dot ch > Subject: [m0n0wall] Re: Maximum number of interfaces > > > The net4801 isn't all that fast though, so don't expect to > do a lot of > > VPN or anything with one. Maybe one or two users, from the > WAN side, > > but if you're thinking about using VPN between "internal" > interfaces, > > it is going to bottleneck you (even with one of the BSD 4.x > releases). > > > > On the vpn side, I'm planning on having around 1-2 roaming > clients max. > But what do you mean by 'Vpn between internal interfaces' ? > firewall-to-firewall vpn? No, between two interfaces on the mono that run at higher speed... For instance, I want my wireless subnet to not touch my LAN interface at all. However, I want to be able to VPN and tunnel to the LAN for access to fileshares and whatnot. The m0n0 PPTP is *not* very fast for this and bottlenecks things quite a bit. When I use a real PC (connected to the DMZ port) to act as VPN server, performance is much better. Even then though, it's hard to get more than around 30Mbit/s on a wireless client, going through VPN and on 54g, being routed through the m0n0 (from wireless to DMZ for VPN, and then from DMZ to LAN to access the network). I don't know if this is because of the m0n0's lack of speed or the limitations of wireless, I haven't benchmarked it with wired interfaces instead (yet). I know it's not the VPN, because the server and client have plenty of CPU beef to handle that. --Braden |