I'm hosting a vpn endpoint for a few roadwarrior clients (our laptops and phones mostly), and I'm now at the point where I must decide.. do I place the roadwarrior endpoints on the virtualized router (right now they're on the physical router), on their own Virtual machine (CPU pinning anyone?) or on one of the VPN physical host machines ? Some of the things I've come up with to consider and could use answers to: 1) The routers will be configured for failover. can the VPN endpoint fail over with the router? 2) Does the VPN endpoint use any characteristics of the CPU such that vt-x instructions are insufficient (KVM/QEMU Virtual machines)? I don't have VT-D available. 3) placing the endpoint on the VM hosts will certainly lead to complications in the firewall and routing tables. Is the benefit of placing the endpoint on that physical machine worth the extra hassle? 4) What am I missing here? I know it's kinda obvious, but it always worries me in situations like this.
I'm using charon, ikev2, and insofar as I remember, clients are identified by a certificate file. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
