> -----Original Message-----
> From: news [mailto:news at sea dot gmane dot org] On Behalf Of Ugo Bellavance
> Sent: Thursday, April 07, 2005 10:47 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Re: Maximum number of interfaces
> > The net4801 isn't all that fast though, so don't expect to
> do a lot of
> > VPN or anything with one. Maybe one or two users, from the
> WAN side,
> > but if you're thinking about using VPN between "internal"
> > it is going to bottleneck you (even with one of the BSD 4.x
> On the vpn side, I'm planning on having around 1-2 roaming
> clients max.
> But what do you mean by 'Vpn between internal interfaces' ?
> firewall-to-firewall vpn?
No, between two interfaces on the mono that run at higher speed... For
instance, I want my wireless subnet to not touch my LAN interface at
all. However, I want to be able to VPN and tunnel to the LAN for access
to fileshares and whatnot. The m0n0 PPTP is *not* very fast for this
and bottlenecks things quite a bit. When I use a real PC (connected to
the DMZ port) to act as VPN server, performance is much better.
Even then though, it's hard to get more than around 30Mbit/s on a
wireless client, going through VPN and on 54g, being routed through the
m0n0 (from wireless to DMZ for VPN, and then from DMZ to LAN to access
the network). I don't know if this is because of the m0n0's lack of
speed or the limitations of wireless, I haven't benchmarked it with
wired interfaces instead (yet). I know it's not the VPN, because the
server and client have plenty of CPU beef to handle that.