[CentOS] regarding vpn server for 1500 clients

Robert Moskowitz rgm at htt-consult.com
Sun Dec 21 02:59:56 UTC 2008


John wrote:
>> -----Original Message-----
>> From: centos-bounces at centos.org 
>> [mailto:centos-bounces at centos.org] On Behalf Of Les Mikesell
>> Sent: Saturday, December 20, 2008 1:20 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] regarding vpn server for 1500 clients
>>
>> Dhaval Thakar wrote:
>>     
>>>> If you could use a lower CPU intensive crypt like 
>>>>         
>> blowfish, it would be easier.
>>     
>>>> Are all these trading partners in different locations or 
>>>>         
>> are there semi large
>>     
>>>> groups in the same locations?
>>>>   
>>>>         
>>> all these are end users.
>>> they connect software from home / offices.
>>>       
>> Do they actually need a generic VPN?  If they only run a few 
>> applications you might be able to use https or similar ssl based 
>> connections and avoid the routing/addressing/MTU issues.  You 
>> can still 
>> use certificate based authentication in one or both 
>> directions if you want.
>>
>> Also if the application(s) can be made to run over normal 
>> https (i.e. a 
>> web interface) you get the advantage of working though most existing 
>> proxies and firewalls, plus on the host end you have the option of 
>> scaling up with a load balancer that handles the ssl processing and 
>> reverse-proxies to a pool of backend servers.
>>     
> ---------
> Just out of my own curriosity have you gave the thought of using deadicated
> or virtual circuits for the VPN implimentation? Like Frame Relay or ATM? Are
> you passing off the connections to a secondairy network access server? Or
> how do you plan on rolling this out, configuration wise?
>   

have you and FR or ATM rollout experience? Mine is 15 years old and it 
was NOT for end user applications. Small offices was hard enough.




More information about the CentOS mailing list