John wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Les Mikesell Sent: Saturday, December 20, 2008 1:20 PM To: CentOS mailing list Subject: Re: [CentOS] regarding vpn server for 1500 clients
Dhaval Thakar wrote:
If you could use a lower CPU intensive crypt like
blowfish, it would be easier.
Are all these trading partners in different locations or
are there semi large
groups in the same locations?
all these are end users. they connect software from home / offices.
Do they actually need a generic VPN? If they only run a few applications you might be able to use https or similar ssl based connections and avoid the routing/addressing/MTU issues. You can still use certificate based authentication in one or both directions if you want.
Also if the application(s) can be made to run over normal https (i.e. a web interface) you get the advantage of working though most existing proxies and firewalls, plus on the host end you have the option of scaling up with a load balancer that handles the ssl processing and reverse-proxies to a pool of backend servers.
Just out of my own curriosity have you gave the thought of using deadicated or virtual circuits for the VPN implimentation? Like Frame Relay or ATM? Are you passing off the connections to a secondairy network access server? Or how do you plan on rolling this out, configuration wise?
have you and FR or ATM rollout experience? Mine is 15 years old and it was NOT for end user applications. Small offices was hard enough.