On 8/20/10 7:49 AM, Lonnie Abelbeck wrote: > On Aug 20, 2010, at 8:56 AM, Tom Chadwin wrote: > >> Hello all >> >> We are happily running 0.7.2 net5501s on our sites. They each have PSTN >> cards, but communication between them is via IAX2 over the external NICs >> connected to ADSL (the only internet connection available to us in our rural >> locations). >> >> We currently have separate machines which run our VPNs (and firewalls, DHCP, >> and web proxies) on separate ADSL lines, but these machines are >> licence-encumbered (in a manner of speaking). I am interested in >> investigating using our Astlinux boxes instead. However, given that the >> connections are ADSL (0.8Mbps uplink), I cannot share VoIP and VPN over one >> line. >> >> Is it possible to enable a second external interface in 0.7.2 - I seem to >> remember EXT2IF being mentioned in the past - using NIC1 for VoIP and NIC 2 >> for everything else, especially VPN and client PC internet access? >> >> If this were possible, how would the net5501-70s be likely to perform under >> this load? Our head office VPN box currently runs 5 IPSec tunnels to other >> offices, and 15 L2TP road warrior connections, the latter with never that >> many concurrent - perhaps around 5 max, two or three normally. > Hi Tom, > > Yes, AstLinux does support a second external interface, but given your setup > there may be issues... > > My first reaction, since you are using net5501's, would be to keep your Voice > and VPN on separate boxes as you have now. I'd be concerned that your VPN > load may increase over time and may effect your voice quality. Though your > 0.8Mb/s uplink lowers the VPN's load by quite a bit.
I ran VPN and VoIP over a 7M/1.5M circuit without any problems. > Another issue, only one interface can be PPPoE, not both. (Assuming you are > using PPPoE for your ADSL) That might be easily fixable. I think it's a matter of finding the relevant places in the scripts where they assume only one interface and patching it. > Another issue, IPsec is only supported as static IP to static IP. We really need to address that issue next. > Another issue, L2TP/IPsec server is not supported. On the other hand, > OpenVPN can be configured to handle your needs, but all your clients would > have to switch to OpenVPN. > > I wouldn't be yanking wires just yet. :-) > > Lonnie ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
