Re: Statefull VPN failover a fork from "Re: iptables vs pf"

Fri, 21 Oct 2005 11:44:18 -0700 

More to the point, "how to find this info".

1: Go to http://www.openbsd.org/cgi-bin/man.cgi
2: click "apropos"
3: make sure "current" is selected
4: query "sync"
5: click on "sasynchd(8)" and "sasychd.conf(5)"

http://www.openbsd.org/cgi-bin/man.cgi?query=sasyncd&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386
http://www.openbsd.org/cgi-bin/man.cgi?query=sasyncd&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386
6: Once intimately familar with the process, write some Docs and submit them for translation.
Also, someone at NYC BSDcon 05 gave a presentation and had slides. Try to find those too. 

Best of luck.

~BAS

On Thu, 20 Oct 2005, [EMAIL PROTECTED] wrote:


I have been moving a single Linux FW to a pair of OBSD machines, lured by carp 
and pfsync. This has been working well in my test environment.  This also lead 
me to vpns running with ISAKMPD, replaceing a Freeswan box, and forestalling 
purchasing proprietary products for site to site partner vpns.





THE POINT: Where will I find docs that explains how this is done "Oh, and when your 
3.8 VPNs failover   statefully, too.  :)" ?





-----Original Message-----
From: Jason Dixon [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 20, 2005 02:07 AM
To: 'Edy Purnomo'
Cc: misc@openbsd.org
Subject: Re: iptables vs pf

On Oct 19, 2005, at 6:21 PM, Edy Purnomo wrote:


i suggested to my friend to replace his linux box to openbsd.
he uses mailnly for internet gateway : pf + squid proxy
after 2 weeks later he switched it back linux and said : linux much
faster to respond the http requests (he had a same configuration on
openbsd, pf + squid proxy).

is there any program that can proof what he says ?
thanks.


Three points:

1) No way in hell is iptables faster than PF.

2) His box _may_ pass traffic faster, but this is almost certainly
due to the support level of the hardware.  Without real information,
it's hard to qualify this.

3) Who cares?  Why are you worried about what your friend uses?  If
it works for him, so be it.  Rather than trying to bring him over
"cuz PF is l33t", just make sure you mention how cool it is when your
stateful firewalls run 24x7.  Oh, and when your 3.8 VPNs failover
statefully, too.  :)

http://www.openbsd.org/goals.html


--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net





l8*
        -lava

x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8

Reply via email to