Imagine you had a client with 1200 users... That wants VPN and reporting!
-
How would you roll it out??
They want a "live map" or info to whom is visiting (traffic) and who is connected to the VPN and for how long.
Imagine a dashboard on a big TV screen showing this.
Easy and clickable.
They also want VPN where nothing needs to be configured at the client side other than address, username and password.
Give me your best shot.
-
@cool_corona that would be one of those no bid answers - when that rfp comes in you just don't apply for it.
So all these 1200 users are using what? Same windows, linux - phone tablet?
Is this into 1 location? What is the bandwidth into this location?
username and password isn't a very secure vpn to be honest.
-
@johnpoz I know.
Same location and 10gbit bandwith.
Mixed scenario (pc's and phones/tablets (Android)).
-
@cool_corona well only vpn I would think that would work would be ipsec since this should have default os client.
As to how to pull out the info of connected clients for some dashboard.. Pulling the IP of the vpn client shouldn't be that difficult fro the logs, nothing built into pfsense though to display that on some map.
-
I like pfSense, but this is not a job for pfSense. There are corporate VPN providers that do this.
-
@andyrh True - quote him one of those and see if he likes the price ;) They sure ain't freaking cheap hehehe
-
I have the home version of LogonBox, nice Web UI that has a QR code to configure the client. At work we use zScaler for 25k+ users.
At some point if you want the pretty pictures and easy config you have to pay the ones that developed it and as you said, they are proud of their work. -
Netgate PFSense devices can not handle 10GB wan connections.
-
@saqqara I run it virtualized on pretty awesome hardware.
:)
-
@saqqara said in Imagine you had a client with 1200 users... That wants VPN and reporting!:
Netgate PFSense devices can not handle 10GB wan connection
Are you sure about that? Without running TNSR, the limitation is up to 10Gbps on the rack based pfsense+ gear.
-
@michmoor better be one hell of a box that can handle 10ge over vpn connections ;)
From the summary page it lists the 1541 running pfsense for ipec vpn
IPERF3 Traffic: 9.30 GbpsBut imix on that drops too
IMIX Traffic: 1.77 GbpsWith the requirements of this RFP - don't believe pfsense would be best fit no.
-
@johnpoz I interpret it as just routing at L3 for 10Gbps.
"With the requirements of this RFP - don't believe pfsense would be best fit no."- Probably not pfsense. TNSR?
But IPsec VPN sustained for 10Gbps...Yikes.. Looking up big brand vendors (PA), they do have boxes that do that but you will be paying so much $$$.
Maybe there's a budget for that. Then again, TNSR can do 10Gbps easily for the fraction of the price.Im wondering if GrayLog has the ability to do a "live map" for VPN.
I have a set up for Snort where I have a world map of the IPs that are tripping my sensor and their location. MaxMind license required. At a high level I can see how it could be adaptable to VPNs. -
This is 1200 individual VPN clients?
-
@stephenw10 Yes.
-
Mmm, that's tough because generally that means one server process. So 10G is pretty much right out with pfSense.