[ previous ] [ next ] [ threads ]
 From:  Chris Liljenstolpe <cdl at asgaard dot org>
 To:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 Cc:  Nicolas GORALSKI <nicolas dot goralski at fox dash services dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC and performance
 Date:  Fri, 02 Mar 2007 09:28:37 +0800
Remember that you can use something like the VPN series cards from 
Soekris to offload the crypto for IPSEC.  That removes most of the IPSEC 
load from the processor.  I don't know about 20-25 tunnels, but it 
should work (depends on the bandwidth presented over the tunnels).


Christopher M. Iarocci wrote:
> Nicolas GORALSKI wrote:
>> Hi all
>> i'm looking for information about monowall managing 20/25 remote vpn 
>> client (monowall boxes).
>> I've not found any thing about this on the net.
>> Which hardware can i use as the central point (soekris or PC desktop?)
>> for the end point i will use soekris boxes.
>> Regards
> I would use something a little more robust for the main location, but 
> the soekris boxes should do fine on the endpoints.  I currently have a 
> box running m0n0wall that has 256MB of ram, and a PIII 733 processor.  
> It has 8 tunnels going to it (4 very active).  The processor never jumps 
> over 20%.  However, 20% on a 733 processor would almost be maxing out a 
> soekris box.  For 20 to 25 clients, I'd be looking at something with a 
> 1GHZ processor.  I'm assuming you will be using IPSEC with encryption.
> Chris
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch