I have a need to deploy a number of router/firewalls to remote sites
where having an "appliance" with no moving parts is desirable, so I
was thinking about using Soekris boxes for the purpose.
The planned configuration is not uncommon:
net5501-70
OpenBSD installed on a CF card, with read-only filesystems
an internal modem for dialup ppp (probably the USR Performance Pro)
an external modem for dial-in console access (separate phone line)
dynamic IP on the upstream side
static IPs on the internal network
IPSec between each remote site and a central data center (but not
between remote sites)
_maybe_ a caching DNS server for the internal network
_maybe_ a DHCP server for the internal network
Network traffic over the IPSec tunnels is expected to be very light.
Question: Does anyone have a feel for whether or not I'm going to
need a crypto card for doing IPSec in this configuration?
I have in the past run the following without problems:
- moderately busy non-IPSec OpenBSD firewalls on low end hardware
- busy IPSec OpenBSD firewalls on higher end hardware
However I've never run a lightly used IPSec OpenBSD firewall on
low end hardware, and so I don't have a good feel for if it's going
to push the envelope. I'd like to keep the unit cost down for the
remote sites, if possible.
Thanks in advance.
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech
