VPN

I appreciate that this is a bit of a 'how long os a piece of string' question, but assuming reasonable hardware (say, P4 3200 with 1-2GB ram) could m0n0wall go up against, say a cisco VPN 3020 (http://cisco.com/en/US/products/hw/vpndevc/ps2284/ps5480/index.html) and win? (it does about 750 IPSEC connections)

Or am i missing something important here? The cisco does LDAP integration, but m0n0 can do the same with RADIUS -> IAS -> AD

I guess load balancing / failover (for VPN access) would have to be done with clever DNS or VPN Client software


I just dont see why ppl pay $$$$$ for cisco concentrators if this is a reasonable alternative. Does anyone have any experience with m0n0 in a large scale VPN deployment?

Maybe it is the client software. I know cisco's client is very good (from an admins point of view at least), hmmmm.

PPTP doesn't even compare to IPsec, and m0n0wall doesn't do L2TP. PPTP isn't very secure. There is also a hard coded limit of 16 simultaneous PPTP sessions, though you can create custom images that increase that. I don't know of anyone running very large scale PPTP deployments.

At this time, m0n0wall is not a suitable replacement for a Cisco concentrator in most environments that have the $$ to spend on such a device, in my opinion. Improved IPsec or OpenVPN in the future may change this.

Thanks cmb, perhaps i should have a look at a BSD box running OpenVPN  - maybee pfSense would be the way to go (or is that a bad word around here?)

Thanks cmb, perhaps i should have a look at a BSD box running OpenVPN  - maybee pfSense would be the way to go (or is that a bad word around here?)

 

Nah, it's fine to mention it.

Personally, I use OpenVPN on pfsense and it works great.