<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
pfsense and opnsense both do fine with natted ipsec in the
environmnets i've tested.<br>
<br>
Isn't there an openvpn appliance too?<br>
<br>
<div class="moz-cite-prefix">On 2/10/2022 1:17 PM, Shawn L via NANOG
wrote:<br>
</div>
<blockquote type="cite" cite="mid:1644517075.9735312@webmail.up.net">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<font size="2" face="arial">
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;">Meraki MX series?</p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;">I don't like the way they do
their licensing (your license runs out, the box is a
paper-weight) but they do really well at establishing
site-to-site VPNs in some pretty challenging scenarios.
Dynamic IPs and NATs don't really cause them a problem. Some
CGNats do (AT&T I'm looking at you).</p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;">Shawn</p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;">-----Original Message-----<br>
From: "Keith Stokes" <a class="moz-txt-link-rfc2396E" href="mailto:keiths@salonbiz.com"><keiths@salonbiz.com></a><br>
Sent: Thursday, February 10, 2022 1:11pm<br>
To: "William Herrin" <a class="moz-txt-link-rfc2396E" href="mailto:bill@herrin.us"><bill@herrin.us></a><br>
Cc: <a class="moz-txt-link-rfc2396E" href="mailto:nanog@nanog.org">"nanog@nanog.org"</a> <a class="moz-txt-link-rfc2396E" href="mailto:nanog@nanog.org"><nanog@nanog.org></a><br>
Subject: Re: VPN recommendations?<br>
<br>
</p>
<div id="SafeStyles1644516923">Pfsense on Netgate appliances?
<div>I’ve used several of them, while not for this exact
purpose they have done the roles but maybe not the amount of
VPN traffic. <br>
<br>
<div id="AppleMailSignature" dir="ltr">--
<div>Keith Stokes</div>
<div>SalonBiz, Inc</div>
</div>
<div dir="ltr"><br>
On Feb 10, 2022, at 12:02 PM, William Herrin <<a
href="mailto:bill@herrin.us" moz-do-not-send="true"
class="moz-txt-link-freetext">bill@herrin.us</a>>
wrote:<br>
<br>
</div>
<blockquote>
<div dir="ltr">
<div dir="ltr">
<div>Hi folks,</div>
<div>Do you have any recommendations for VPN
appliances? Specifically: I need to build a site to
site VPNs at speeds between 100mpbs and 1 gbit where
all but one of the sites are behind an IPv4 NAT
gateway with dynamic public IP addresses.</div>
<div>Normally I'd throw OpenVPN on a couple of Linux
boxes and be happy but my customer insists on a
network appliance. Site to site VPNs using IPSec and
static IP addresses on the plaintext side are a dime
a dozen but traversing NAT and dynamic IP addresses
(and automatically re-establishing when the service
goes out and comes back up with different addresses)
is a hard requirement.</div>
<div>Thanks in advance,</div>
<div>Bill Herrin</div>
<br>
-- <br>
<div class="gmail_signature" dir="ltr"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>William Herrin</div>
<div><a href="mailto:bill@herrin.us"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">bill@herrin.us</a><a
href="https://bill.herrin.us/"
target="_blank" moz-do-not-send="true"><br>
</a></div>
<div><a href="https://bill.herrin.us/"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://bill.herrin.us/</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</font>
</blockquote>
<br>
</body>
</html>