> Hello, list. Hello Brent
Please use a subject line to provide some information > I'm going to be setting up a Bering box to allow VPN access to our > corporate network by our travelling sales force. I have two questions: > > 1) Are the encryption-offloading features of NICs like the Intel Pro/100 > S supported yet in Linux? I don't know, but unless you have lots of bandwidth, you don't need it. There is some information about performance on the freeswan page: http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/performance.html There is also a link about crypto hardware > 2) Is it better to have one box on the border that does everything (NAT, > VPN, etc) or have two boxes that are parallel to each other in the > network topology with one that acts as the NAT/IPTables firewall and one > that acts as a VPN gateway? Depends how you define "better". Having one box is cheaper, which means better for most bean counters :-) If you want to distribute the load, I suggest putting the VPN gateway *behind* the Internet border Firewall, not beside it. Cheers Alex ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
