Pfsense on Soekris net5501 and net4801
-
Dear All,
Actually, we are investigating in setting up Soekris routers in our Advans
branches all over Africa (currently Cameroun, DRC, Ghana…).
Mainly, the architecture is one Head Office connected to 10 to 15 remote
branches, with around 100 maximum concurrent connections to the main core
head office router.
Main core router should be a net5501, remote branches router net4801.
As you might see, concurrent connections are small, mainly dealing with our
micro-banking software.
Soekris router should be load with pfsense.
I'd like to find out if it's feasible to use the vpn1401 or vpn1411 or could
we simply use pfsense without any specific card to run the vpn ?Thanks for your help,
Regards,
Simon Nayan
email :snayan@advansghana.com -
this http://forum.pfsense.org/index.php/topic,12766.0.html should give you an idea of what to expect from alix/soekris box.
-
I like the 5501 for the head office, but an Alix box might be a better fit for the branch offices. It's close to the specs of the 5501 and cheaper than the 4801. http://www.pcengines.ch/alix.htm
There are some rough numbers in this post- http://forum.pfsense.org/index.php/topic,14581.0.html
Not scientific, but they give you an idea how the crypto cards help. The Geode boards (5501 and Alix) have a built-in crypto chip. As detailed in the referenced post, the driver got incorporated into 1.2.3 builds, but actually didn't help at all and rendered a hifn card useless to boot. I noted this in a support ticket and suggested making glxsb a module instead of in the kernel. I never heard back, and haven't tested recent snapshots. The glxsb driver may be working in the 7.2 based builds. I would suggest you do some tests before deploying. If you need higher IPSec throughput, you may want to stick with 1.2.2 and a hifn.