From owner-freebsd-questions@FreeBSD.ORG Wed Jul 21 18:10:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87D9316A4CF for ; Wed, 21 Jul 2004 18:10:15 +0000 (GMT) Received: from mbox.ibctech.ca (dev.eagle.ca [209.167.58.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA02F43D2D for ; Wed, 21 Jul 2004 18:10:14 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: (qmail 10714 invoked by uid 1002); 21 Jul 2004 18:10:14 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (clamscan: 0.73. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 4.178361 secs); 21 Jul 2004 18:10:14 -0000 Received: from unknown (HELO webmail.ibctech.ca) (127.0.0.1) by localhost.ibctech.ca with SMTP; 21 Jul 2004 18:10:10 -0000 Received: from 209.167.16.15 (SquirrelMail authenticated user steve@ibctech.ca); by webmail.ibctech.ca with HTTP; Wed, 21 Jul 2004 14:10:10 -0400 (EDT) Message-ID: <2802.209.167.16.15.1090433410.squirrel@209.167.16.15> In-Reply-To: <2D5D66504FBF4E4FB3A199F121C862382D08DF@exch1.nfmwe.com> References: <2D5D66504FBF4E4FB3A199F121C862382D08DF@exch1.nfmwe.com> Date: Wed, 21 Jul 2004 14:10:10 -0400 (EDT) From: "Steve Bertrand" To: "Paul Hillen" User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: freebsd-questions@freebsd.org Subject: Re: Firewall, OpenVPN and Squid question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jul 2004 18:10:15 -0000 > There are 3 remote sites connecting to our network using GATEWAY to > GATEWAY > VPN and around 25 remote VPN users that must be dealt with also. Last > item, > there is a chance that I will have to connect 3 more remote sites into the > picture within the next 6 months, so this needs to be scalable to handle > the > load.. > > My question is, what is the best way to set this up. Here are my thoughts, > but not sure what is the best way. > > * Setup one FreeBSD box that contains FIREWALL, SQUID and OPENVPN or > * Setup 3 separate boxes to break up the work load. > What will the load requirements be? (How many users will require the use of squid). I have a FBSD PIII 800 w/256M RAM as a firewall for one of our clients, with 3 OpenVPN instances running simultaneously (Two are site->site, and one is an XP-client->site). The box is also performing NAT (ipfw/natd) for the internal users, which when all are accounted for equal ~120, and I find it works great. There are about 30 users through the VPN's, though usually never on all at the same time. Depending on caching requirements though, you might be better off splitting that off onto it's own box, especially if you have the hardware readily available as you suggest. YMMV. Steve > > > Many thanks in advance for being patient with what I am sure is stupid > beginner questions to most of you. > > > > When giving your choice of which setup, please point me in the direction > of > the best resource to put it all together and the hardware requirement you > would recommend. I have a truck load of PII 300 - 450's due to upgrades, > so > if I can use them great, if not, time to go on a spending spree. > > > > Thanks again > > Paul > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >