[nycbug-talk] Soekris OpenVPN and Firewall

George Georgalis george
Wed Jun 1 15:14:46 EDT 2005


I'm planning my first Soekris deployment and was wondering how some
software fails when overloaded.  In both cases I'm planning to use
OpenBSD (or DFly) on a net4501 with a cflash card.

The first unit will only run pf rules with OpenVPN. I assume there is no
realistic limit to of the number of simultaneous (ie at least 1000s) VPN
connections, but a limit to the amount of total VPN throughput. What is
the upper limit and what happens as it is approached? Do people use some
pf rules to gracefully hit that upper limit?

The second unit will be for standard firewalling. I'm sure the available
bandwidth is quite high.

(There is no carp plans at the moment). Both units will do remote logging.
Is a 256Mb cflash a good size? Or should I consider 128, 512, 1G?

// George


-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org




More information about the talk mailing list