[CentOS] appliance to embed Centos

Thu Dec 30 21:58:49 UTC 2010
Nataraj <incoming-centos at rjl.com>

On 12/30/2010 04:34 AM, Eero Volotinen wrote:
> 2010/12/30 Steve Clark <sclark at netwolves.com>:
>> On 12/29/2010 01:23 AM, Nataraj wrote:
>>
>> On 12/28/2010 09:04 PM, Eero Volotinen wrote:
>>
>>
>> 2010/12/29 John R Pierce <pierce at hogranch.com>:
>>
>>
>> On 12/28/10 1:55 PM, Nataraj wrote:
>>
>>
>> - fast enough to do openvpn encryption on WAN links ranging from 50mb
>> to 100mb
>>
>>
>> THAT is a tough requirement.
>>
>>
>> I was going to recommend the Alix boards.  they run pfSense really
>> nicely, and should be able to run a stripped down centos install OK.
>> with pfSense, you can boot from a CF card, so no HD at all.
>>
>> The Alix cards use a 433-500Mhz AMD Geode ultra-low power processor, on
>> a 6x6 card.  they use 5 watts fully configured.
>>
>> but, 100Mbit/sec SSL encryption, ouch.    don't know.   you'd probably
>> have to benchmark that.
>>
>>
>> you need hardware encryption hardware or core2duo like processor ..
>>
>> --
>> Eero
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
>> Then the Mac mini might be what I need performancewise.  I am also
>> considering Dell R210's as I would really like an enterprise solution.
>> Anyone have any experience with Habey?
>> http://www.habeyusa.com/products.php?id=125#Menu=ChildMenu124 They have
>> a wide selection of barebones Intel Atoms, including the 1.8Ghz  Intel
>> D525's as well as Pentium 4's with broadcom ethernets and systems with
>> up to 6 ethernets.  My sense is that I will still use some of these
>> systems for firewall and management functions (i.e. firewalling Dell
>> IDRAC6 cards) even if the encryption for the vpn has to run on a faster
>> box.  50MB would probably be adequate.
>>
>> Thank you all for your responses.
>>
>> Nataraj
>>
>>
>> Hi,
>>
>> We use the following. It has hardware encryption in the EDEN Via processor.
>> We were able to get 22 mbits across an ipsec tunnel using AES encryption.
>> This more than enough unless you have a DS3 circuit.
>>
>> http://www.acrosser.com/products/detail_id_427.html
> IE only website :(
>
> So, you are using padlock hw encryption on device?
>
> --
> Eero
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I see now that there is fairly extensive support available for padlock
encryption. 
http://www.logix.cz/michal/devel/padlock/
http://www.logix.cz/michal/doc/article.xp/padlock-en

These pages are a bit old, but it appears that support for md5, sha1 and
sha256 are in the mainline linux kernel.  Openvpn has a -engine option
for invoking padlock support in openssl.  So I expect that I will order
at least one of these boxes for testing purposes and probably another
box with a somewhat faster processor for comparison.

Thanks,
Nataraj