Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Imagine you had a client with 1200 users... That wants VPN and reporting!

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 6 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Cool_CoronaC
      Cool_Corona
      last edited by

      How would you roll it out??

      They want a "live map" or info to whom is visiting (traffic) and who is connected to the VPN and for how long.

      Imagine a dashboard on a big TV screen showing this.

      Easy and clickable.

      They also want VPN where nothing needs to be configured at the client side other than address, username and password.

      Give me your best shot.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Cool_Corona
        last edited by

        @cool_corona that would be one of those no bid answers - when that rfp comes in you just don't apply for it.

        So all these 1200 users are using what? Same windows, linux - phone tablet?

        Is this into 1 location? What is the bandwidth into this location?

        username and password isn't a very secure vpn to be honest.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        Cool_CoronaC 1 Reply Last reply Reply Quote 0
        • Cool_CoronaC
          Cool_Corona @johnpoz
          last edited by

          @johnpoz I know.

          Same location and 10gbit bandwith.

          Mixed scenario (pc's and phones/tablets (Android)).

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Cool_Corona
            last edited by

            @cool_corona well only vpn I would think that would work would be ipsec since this should have default os client.

            As to how to pull out the info of connected clients for some dashboard.. Pulling the IP of the vpn client shouldn't be that difficult fro the logs, nothing built into pfsense though to display that on some map.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 1
            • AndyRHA
              AndyRH
              last edited by

              I like pfSense, but this is not a job for pfSense. There are corporate VPN providers that do this.

              o||||o
              7100-1u

              johnpozJ 1 Reply Last reply Reply Quote 1
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @AndyRH
                last edited by

                @andyrh True - quote him one of those and see if he likes the price ;) They sure ain't freaking cheap hehehe

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • AndyRHA
                  AndyRH
                  last edited by

                  I have the home version of LogonBox, nice Web UI that has a QR code to configure the client. At work we use zScaler for 25k+ users.
                  At some point if you want the pretty pictures and easy config you have to pay the ones that developed it and as you said, they are proud of their work.

                  o||||o
                  7100-1u

                  1 Reply Last reply Reply Quote 0
                  • S
                    Saqqara
                    last edited by

                    Netgate PFSense devices can not handle 10GB wan connections.

                    Cool_CoronaC M 2 Replies Last reply Reply Quote 0
                    • Cool_CoronaC
                      Cool_Corona @Saqqara
                      last edited by

                      @saqqara I run it virtualized on pretty awesome hardware.

                      :)

                      1 Reply Last reply Reply Quote 0
                      • M
                        michmoor LAYER 8 Rebel Alliance @Saqqara
                        last edited by

                        @saqqara said in Imagine you had a client with 1200 users... That wants VPN and reporting!:

                        Netgate PFSense devices can not handle 10GB wan connection

                        Are you sure about that? Without running TNSR, the limitation is up to 10Gbps on the rack based pfsense+ gear.

                        Firewall: NetGate,Palo Alto-VM,Juniper SRX
                        Routing: Juniper, Arista, Cisco
                        Switching: Juniper, Arista, Cisco
                        Wireless: Unifi, Aruba IAP
                        JNCIP,CCNP Enterprise

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @michmoor
                          last edited by

                          @michmoor better be one hell of a box that can handle 10ge over vpn connections ;)

                          From the summary page it lists the 1541 running pfsense for ipec vpn
                          IPERF3 Traffic: 9.30 Gbps

                          But imix on that drops too
                          IMIX Traffic: 1.77 Gbps

                          With the requirements of this RFP - don't believe pfsense would be best fit no.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          M 1 Reply Last reply Reply Quote 0
                          • M
                            michmoor LAYER 8 Rebel Alliance @johnpoz
                            last edited by michmoor

                            @johnpoz I interpret it as just routing at L3 for 10Gbps.
                            "With the requirements of this RFP - don't believe pfsense would be best fit no."

                            • Probably not pfsense. TNSR?

                            But IPsec VPN sustained for 10Gbps...Yikes.. Looking up big brand vendors (PA), they do have boxes that do that but you will be paying so much $$$.
                            Maybe there's a budget for that. Then again, TNSR can do 10Gbps easily for the fraction of the price.

                            Im wondering if GrayLog has the ability to do a "live map" for VPN.
                            I have a set up for Snort where I have a world map of the IPs that are tripping my sensor and their location. MaxMind license required. At a high level I can see how it could be adaptable to VPNs.

                            Firewall: NetGate,Palo Alto-VM,Juniper SRX
                            Routing: Juniper, Arista, Cisco
                            Switching: Juniper, Arista, Cisco
                            Wireless: Unifi, Aruba IAP
                            JNCIP,CCNP Enterprise

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              This is 1200 individual VPN clients?

                              Cool_CoronaC 1 Reply Last reply Reply Quote 0
                              • Cool_CoronaC
                                Cool_Corona @stephenw10
                                last edited by

                                @stephenw10 Yes.

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Mmm, that's tough because generally that means one server process. So 10G is pretty much right out with pfSense.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.