firewalling with a small soekris appliance
At work, i used a Soekris Appliance, the first model(2001) : cpu 133 MHz with 64 Mo. I use it for PF and isakmpd vpn. I have also a NAS(3To) connected in our network. Clients(there are 3) send his backup at work using our vpn, and tranfert their datas to our nas (through an ipsec tunnel). Since, we put this firewall, we have some errors on copy.
I use top command on the OpenBSD firewall, and have this :
idle : 81 % ; Free MEM : 24 M
I tried to verify system with : systat and swapctl, all seems to me good. But
Do you think, that this appliance is too slow for what i do ? (transfert FTP through an ipsec tunnel).
Thank you very much for your replies!
Short answer: get fresh hardware
What kind of copy errors? Have you considered using or testing with rsync?
Did you test data transfers through this box before you dropped it into your operational environment?
In this case of old hardware, it is a good idea to run hardware tests (like memtest), and suspect the power supply (i.e. you may find that replacing the power brick-power board or power supply fixes your problem).
You also may find the NIC hardware is browning out. Where did you get this 10 year old box from? Was it working correctly when they stopped using it and did they store it correctly after they stopped using it?
What kind of bandwidth do your VPN tunnels pump these backups at? Are these VPN tunnels competing with each other? Is there errors with only 1 VPN tunnel?
Also, what release are you running on that box? OpenBSD 4.0 only gets tested on so many hardware boxes.
I use OpenBSD 4.9, and i bought it on a website who are specialized in firewalling.
Access using ssh is slowest than using a small machine like a celeron.
So i suppose it is the appliance.
Concerning the transfert :
I use isakmpd so ipsec. And servers send theirs backups using FTP.
OpenBSD Firewall redirect its packets (ftp) using ftp-proxy to a NAS.
Before use it, (the appliance) , i used a small machine : Celeron with 512 Mo, and never received errors on copy. I choose this appliance because price is low and especially it is very small.
|appliance vpn firewall bench|
|Thread||Thread Starter||Forum||Replies||Last Post|
|small guide on mutt & fdm||qmemo||Guides||0||17th May 2011 10:54 PM|
|Firewalling with PF||qmemo||OpenBSD General||0||14th February 2011 08:20 PM|
|soekris help||revzalot||OpenBSD Installation and Upgrading||6||17th December 2008 06:40 PM|
|One small question about portupgrade (and yes I HAVE read the man-pages!)||wubrgamer||FreeBSD Ports and Packages||7||20th September 2008 12:45 AM|
|Soekris Help||revzalot||General Hardware||2||27th August 2008 01:35 PM|