[Soekris] IPSec without a crypto card?
Christian Laursen
xi at borderworlds.dk
Fri Nov 2 18:10:25 UTC 2007
Devin Reade <gdr at gno.org> writes:
> I have a need to deploy a number of router/firewalls to remote sites
> where having an "appliance" with no moving parts is desirable, so I
> was thinking about using Soekris boxes for the purpose.
>
> The planned configuration is not uncommon:
> net5501-70
> OpenBSD installed on a CF card, with read-only filesystems
> an internal modem for dialup ppp (probably the USR Performance Pro)
> an external modem for dial-in console access (separate phone line)
> dynamic IP on the upstream side
> static IPs on the internal network
> IPSec between each remote site and a central data center (but not
> between remote sites)
> _maybe_ a caching DNS server for the internal network
> _maybe_ a DHCP server for the internal network
>
> Network traffic over the IPSec tunnels is expected to be very light.
>
> Question: Does anyone have a feel for whether or not I'm going to
> need a crypto card for doing IPSec in this configuration?
I am running IPSec on the net4801 without crypto hardware and it
handles a little over 1Mbps on a 2Mbps ADSL using FreeBSD 6.2.
--
Christian Laursen
More information about the Soekris-tech
mailing list