[Soekris] Soekris net4801-60 as OpenVPN appliance?
der Mouse
mouse at Rodents.Montreal.QC.CA
Wed Oct 18 15:37:44 UTC 2006
> I am considering buying a few net4801-60 boxes to install Linux (or
> BSD) on. My end goal is to build an OpenVPN network between two
> business sites who have no space or tolerance for the noise of
> regular PCs used as routers.
> Does anyone have similar experience with the 4801-60 as a
> VPN/Firewall setup? What packet throughput was sustainable? And, as
> an additional question, has anyone used the vpn1401 card with a 4801
> series box successfully under Linux and did it provide any
> improvements?
I once tried to use a 4801 as an OpenVPN endpoint. It worked, but had
what for our application were throughput issues - I don't remember the
numbers in detail; what vague memory I still have says that it could
fill about one-third of a 10Mbit Ethernet.
I tried a crypto accelerator - it might have been the 1401, but I think
the number had "11" in it - and it made things worse; apparently the
overhead of crossing into the kernel more than outweighed the crypto
gain. (It presumably would work better for something in-kernel like
IPsec.)
This was under NetBSD, though I would expect the user/kernel crossing
penalty to be at least roughly comparable under Linux, since it's
largely hardware stuff.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the Soekris-tech
mailing list