ALIX and VPNS… VPN accelerator card?
-
Hi,
Ive used many ALIX 2D1 firewalls in the past with pfsense, and they have been rock solid.
Now i have a client who will need about 16 VPN connections from individual machines (using pptp?) and possibly a couple of ipsec site to site VPNs. This is all going to be running over a 20MB ADSL connection (2mb up).
What im wondering is whether the 2D1 will handle the throughput of this or if it will struggle? Are the vpn1411 (vpn accelerater) cards any good and are they worth it?
or alternatively does any one know of a better similar price appliance that will do the trick?
According to the spec of the 2D1 it has a crypto accelerator built in, is this any good?
Also just out of interest what do people use infront of their monowall to connect to the ADSL? Do the draytek vigor modems work well?
Thanks in advance.
Stuart
-
The 2D1 only has a 433MHz CPU vs the 500HMz of the 2D3, but I have only run numbers on the 2D3.
The number of connections doesn't matter quite as much as the total throughput. The built-in acceleration on the CPU does help, but only with certain ciphers, AES-128 to be specific. The VPN accelerator card you are talking about does improve the throughput quite a bit, but I haven't used one myself.
You should be able to pass 20Mbit of VPN traffic for sure with an accelerator card, the 2D3 passes about 30-33Mbit/s with that 1411 card in it, from what I've heard.
Some more info can be found here:
http://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported -
or alternatively does any one know of a better similar price appliance that will do the trick?
Well, there is no "similar price appliance" that is faster than the ALIX. If there was, nobody would buy the ALIX. You'll have to spend more if you want better performance, and I would recommend so if you are going to be using a lot of VPN's.
If small and fanless are primary concerns (ala ALIX), then you'll have to go up to an Atom board or something like this:
http://www.netgate.com/product_info.php?cPath=60_85&products_id=659&osCsid=711837e0c197d75c5a4285a6566682c7If size doesn't matter, then any number of more powerful PC's would do the trick. A Pentium III would be more than adequate.
