On 12/30/2010 04:34 AM, Eero Volotinen wrote:
2010/12/30 Steve Clark sclark@netwolves.com:
On 12/29/2010 01:23 AM, Nataraj wrote:
On 12/28/2010 09:04 PM, Eero Volotinen wrote:
2010/12/29 John R Pierce pierce@hogranch.com:
On 12/28/10 1:55 PM, Nataraj wrote:
- fast enough to do openvpn encryption on WAN links ranging from 50mb
to 100mb
THAT is a tough requirement.
I was going to recommend the Alix boards. they run pfSense really nicely, and should be able to run a stripped down centos install OK. with pfSense, you can boot from a CF card, so no HD at all.
The Alix cards use a 433-500Mhz AMD Geode ultra-low power processor, on a 6x6 card. they use 5 watts fully configured.
but, 100Mbit/sec SSL encryption, ouch. don't know. you'd probably have to benchmark that.
you need hardware encryption hardware or core2duo like processor ..
-- Eero _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Then the Mac mini might be what I need performancewise. I am also considering Dell R210's as I would really like an enterprise solution. Anyone have any experience with Habey? http://www.habeyusa.com/products.php?id=125#Menu=ChildMenu124 They have a wide selection of barebones Intel Atoms, including the 1.8Ghz Intel D525's as well as Pentium 4's with broadcom ethernets and systems with up to 6 ethernets. My sense is that I will still use some of these systems for firewall and management functions (i.e. firewalling Dell IDRAC6 cards) even if the encryption for the vpn has to run on a faster box. 50MB would probably be adequate.
Thank you all for your responses.
Nataraj
Hi,
We use the following. It has hardware encryption in the EDEN Via processor. We were able to get 22 mbits across an ipsec tunnel using AES encryption. This more than enough unless you have a DS3 circuit.
IE only website :(
So, you are using padlock hw encryption on device?
-- Eero _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I see now that there is fairly extensive support available for padlock encryption. http://www.logix.cz/michal/devel/padlock/ http://www.logix.cz/michal/doc/article.xp/padlock-en
These pages are a bit old, but it appears that support for md5, sha1 and sha256 are in the mainline linux kernel. Openvpn has a -engine option for invoking padlock support in openssl. So I expect that I will order at least one of these boxes for testing purposes and probably another box with a somewhat faster processor for comparison.
Thanks, Nataraj