> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Les Mikesell > Sent: Saturday, December 20, 2008 1:20 PM > To: CentOS mailing list > Subject: Re: [CentOS] regarding vpn server for 1500 clients > > Dhaval Thakar wrote: > >> If you could use a lower CPU intensive crypt like > blowfish, it would be easier. > >> > >> Are all these trading partners in different locations or > are there semi large > >> groups in the same locations? > >> > > all these are end users. > > they connect software from home / offices. > > Do they actually need a generic VPN? If they only run a few > applications you might be able to use https or similar ssl based > connections and avoid the routing/addressing/MTU issues. You > can still > use certificate based authentication in one or both > directions if you want. > > Also if the application(s) can be made to run over normal > https (i.e. a > web interface) you get the advantage of working though most existing > proxies and firewalls, plus on the host end you have the option of > scaling up with a load balancer that handles the ssl processing and > reverse-proxies to a pool of backend servers. --------- Just out of my own curriosity have you gave the thought of using deadicated or virtual circuits for the VPN implimentation? Like Frame Relay or ATM? Are you passing off the connections to a secondairy network access server? Or how do you plan on rolling this out, configuration wise? JohnStanley