John Arnold wrote:
Hi all,
I'm looking for any advice on what hardware would be suitable to achieve a
gigabit capable point to point ipsec vpn (using aes/3des & sha1/md5).
Has anybody done this?
I did some tests (my 'vpn shootout') between two older 2.4GHz Xeon 1U
dells with a point-to-point cable between the em(4)s and tested three
alternatives:
ipsec
openvpn
ssh-vpn_over_tun-stuff
They all did 60+ MB/s, meaning I got at least 60% out of the gig links,
without resorting to jumbo frames, creative recv/sendspace sysctls or
anything, and also I did generate and sink the traffic on the end nodes,
so that also "adds" to the load for them.
Given that they costed something like $1000-1500 or so when we bought
them, I'd say chances are high you can make more vpns than most of your
clients will be able to generate traffic for, if you just buy
whatever-doesnt-suck today and have decent gig cards.
