As to Untangle and performance, I think their system "requirements" are a bit high. I think they make those claims to ensure that there is plenty of overhead for larger installations who want to turn all of the options on. That said, they talk about something called the "Untangle Virtual Machine" which porcesses most of the traffic. I don't know if that's just marketroid for the series of packages they run stuff through or if they really build some custom packet handling engine. They seem to be a pretty competent shop, so it wouldn't surprise me if they built something of their own[1]. I don't know how it compares performance-wise to the various other "firewall appliance" distros out there as I have not looked at them in years. If it weren't for the fact that I'm trying to avoid "Rocket Scientist Syndrome" at work, I too would have just built an Ubuntu or Debian box to do what I need. If I leave the company though, that would be leaving them somewhat high and dry. With Untangle, they have something that is in the same class of a Watchguard or Sonicwall in terms of features and management and they have commercial support available.
In my testing, an Intel LittleValley 2 Board ( $70 mini-itx board w/ 1.3 Ghz fanless celeron from Logic Supply) was able to get multiple megabit throughput over the VPN, and even when turning all the options on, I saw no noticable slowdown. I don't recall the exact number I hit, but it was high enough that I crossed the throughput problem off my list of possible shortcomings when evaluating hardware[2]. For an installation where up to 10 or so people are using it, I think something like that should be fine. If you are doing something larger, more horsepower would be good. For my "main" Untangle box I'm running a recovered P4 2.8 Ghz w/ 2GB of RAM. I'm expecting it to route and cleanse a T1's worth of traffic and terminate 10-15 VPNs. We'll see how it goes. As far as presenting at the Forum, I'd love to. It's about tme for me to go again anyway. By the time we run through the presentations we have lined up, my installation (including my mini "home gateway" machines) should have been running in production for awhile. [1] - http://wiki-beta.untangle.com/index.php/Untangle_Bypass_Rules [2] - For comparison, I installed OpenWRT on a WRT54L and was only able to push about 256K of traffic over OpenVPN. The processor just couldn't handle it. -- -Regards- -Quentin Hartman-
_______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
