On Thu, Feb 10, 2022 at 8:51 PM David Andrzejewski <[email protected]> wrote: > > I don't know how people around here feel about Mikrotik, but they have > included Wireguard support in their latest operating system.
They've also included fq_codel and sch_cake: https://forum.mikrotik.com/viewtopic.php?t=179307 For a site to site, kernel mode vpn such as ipsec or wireguard (but not openvpn), we successfully FQ+AQM packets entering the tunnel. If that's the bottleneck link, for a mixture of, say low rate voip and high rate file transfer traffic, the results are a pretty marvellous reduction of jitter and latency through the tunnel. Before: http://www.taht.net/~d/ipsec_fq_codel/oldqos.png After: http://www.taht.net/~d/ipsec_fq_codel/newqos.png > dave > > -----Original Message----- > From: NANOG <[email protected]> On Behalf > Of William Herrin > Sent: Thursday, February 10, 2022 13:56 > Cc: [email protected] > Subject: Re: VPN recommendations? > > On Thu, Feb 10, 2022 at 10:04 AM David Guo <[email protected]> wrote: > > You may try WireGuard and use ddns > > Hi David, > > My understanding is that Wireguard is software available for general purpose > operating systems. I specifically need a set of hardware network appliances. > I don't overly care which protocol they're running as long as an initiator > stuck behind a nat box I don't control can maintain a connection with a hub > and handle speeds in the100mbps to 10gbps. > > On Thu, Feb 10, 2022 at 10:12 AM Mike Lyon <[email protected]> wrote: > > How about running ZeroTier on those Linux boxes and call it a day? > > https://www.zerotier.com/ > > I specifically cannot use general purpose Linux machines for this. I need > network appliances. > > > On Thu, Feb 10, 2022 at 10:26 AM Dave Taht <[email protected]> wrote: > > tailscale > > I specifically need an integrated network appliance, not software I add to > something. > > I love my Linux-based VPN servers but my customer very specifically said no. > I can't publicly explain why but trust me when I say it's a "hard no" and > it's not a question of persuasion or education. My customer understands and > likes Linux but he simply cannot use it this time. > > Regards, > Bill Herrin > > > -- > William Herrin > [email protected] > https://bill.herrin.us/ -- I tried to build a better future, a few times: https://wayforward.archive.org/?site=https%3A%2F%2Fwww.icei.org Dave Täht CEO, TekLibre, LLC
