VPN recommendations?
Dave Taht
dave.taht at gmail.com
Thu Feb 10 18:25:06 UTC 2022
tailscale
On Thu, Feb 10, 2022 at 10:24 AM Mark Wiater <mark.wiater at greybeam.com> wrote:
>
> pfsense and opnsense both do fine with natted ipsec in the environmnets i've tested.
>
> Isn't there an openvpn appliance too?
>
> On 2/10/2022 1:17 PM, Shawn L via NANOG wrote:
>
> Meraki MX series?
>
>
>
> I don't like the way they do their licensing (your license runs out, the box is a paper-weight) but they do really well at establishing site-to-site VPNs in some pretty challenging scenarios. Dynamic IPs and NATs don't really cause them a problem. Some CGNats do (AT&T I'm looking at you).
>
>
>
>
>
> Shawn
>
>
>
> -----Original Message-----
> From: "Keith Stokes" <keiths at salonbiz.com>
> Sent: Thursday, February 10, 2022 1:11pm
> To: "William Herrin" <bill at herrin.us>
> Cc: "nanog at nanog.org" <nanog at nanog.org>
> Subject: Re: VPN recommendations?
>
> Pfsense on Netgate appliances?
> I’ve used several of them, while not for this exact purpose they have done the roles but maybe not the amount of VPN traffic.
>
> --
> Keith Stokes
> SalonBiz, Inc
>
> On Feb 10, 2022, at 12:02 PM, William Herrin <bill at herrin.us> wrote:
>
> Hi folks,
> Do you have any recommendations for VPN appliances? Specifically: I need to build a site to site VPNs at speeds between 100mpbs and 1 gbit where all but one of the sites are behind an IPv4 NAT gateway with dynamic public IP addresses.
> Normally I'd throw OpenVPN on a couple of Linux boxes and be happy but my customer insists on a network appliance. Site to site VPNs using IPSec and static IP addresses on the plaintext side are a dime a dozen but traversing NAT and dynamic IP addresses (and automatically re-establishing when the service goes out and comes back up with different addresses) is a hard requirement.
> Thanks in advance,
> Bill Herrin
>
> --
> William Herrin
> bill at herrin.us
> https://bill.herrin.us/
>
>
--
I tried to build a better future, a few times:
https://wayforward.archive.org/?site=https%3A%2F%2Fwww.icei.org
Dave Täht CEO, TekLibre, LLC
More information about the NANOG
mailing list