VPN recommendations?

Matt Harris matt at netfire.net
Thu Feb 10 20:59:13 UTC 2022


Matt Harris|Infrastructure Lead
816-256-5446|Direct
Looking for help?
Helpdesk|Email Support
We build customized end-to-end technology solutions powered by NetFire Cloud.
On Thu, Feb 10, 2022 at 12:03 PM William Herrin <bill at herrin.us> wrote:

> Hi folks,
>
> Do you have any recommendations for VPN appliances? Specifically: I need
> to build a site to site VPNs at speeds between 100mpbs and 1 gbit where all
> but one of the sites are behind an IPv4 NAT gateway with dynamic public IP
> addresses.
>
> Normally I'd throw OpenVPN on a couple of Linux boxes and be happy but my
> customer insists on a network appliance. Site to site VPNs using IPSec and
> static IP addresses on the plaintext side are a dime a dozen but traversing
> NAT and dynamic IP addresses (and automatically re-establishing when the
> service goes out and comes back up with different addresses) is a hard
> requirement.
>

For OpenVPN, I like the Netgate boxes running pfsense. Works great, super
easy integrations with stuff like AC/LDAP/radius/etc for auth, frr and
others for your routing, etc. This is probably your best bet.

For IPSec I tend to stick to Juniper SRX boxes.

Good luck!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220210/c41ae8f3/attachment.html>


More information about the NANOG mailing list