[ previous ] [ next ] [ threads ]
 From:  "Braden McGrath" <braden at mcmail dot homeip dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: Maximum number of interfaces
 Date:  Thu, 7 Apr 2005 11:57:03 -0400
> -----Original Message-----
> From: news [mailto:news at sea dot gmane dot org] On Behalf Of Ugo Bellavance
> Sent: Thursday, April 07, 2005 10:47 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Re: Maximum number of interfaces
> > The net4801 isn't all that fast though, so don't expect to 
> do a lot of 
> > VPN or anything with one.  Maybe one or two users, from the 
> WAN side, 
> > but if you're thinking about using VPN between "internal" 
> interfaces, 
> > it is going to bottleneck you (even with one of the BSD 4.x 
> releases).
> > 
> On the vpn side, I'm planning on having around 1-2 roaming 
> clients max. 
>   But what do you mean by 'Vpn between internal interfaces' ? 
> firewall-to-firewall vpn?

No, between two interfaces on the mono that run at higher speed...  For
instance, I want my wireless subnet to not touch my LAN interface at
all.  However, I want to be able to VPN and tunnel to the LAN for access
to fileshares and whatnot.  The m0n0 PPTP is *not* very fast for this
and bottlenecks things quite a bit.  When I use a real PC (connected to
the DMZ port) to act as VPN server, performance is much better.

Even then though, it's hard to get more than around 30Mbit/s on a
wireless client, going through VPN and on 54g, being routed through the
m0n0 (from wireless to DMZ for VPN, and then from DMZ to LAN to access
the network). I don't know if this is because of the m0n0's lack of
speed or the limitations of wireless, I haven't benchmarked it with
wired interfaces instead (yet).  I know it's not the VPN, because the
server and client have plenty of CPU beef to handle that.