Date: Fri, 7 Mar 2008 00:37:17 -0500 From: Geoffrey Mainland <mainland@eecs.harvard.edu> To: Ian Smith <smithi@nimnet.asn.au> Cc: Aaron Siegel <aj@siegel-tech.net>, freebsd-embedded@freebsd.org Subject: Re: Building my first gateway firewall with wireless support Message-ID: <20080307053717.GG65343@eecs.harvard.edu> In-Reply-To: <Pine.BSF.3.96.1080304230916.27590O-100000@gaia.nimnet.asn.au> References: <Pine.LNX.4.58L0.0803032023430.28241@dark.sinister.com> <Pine.BSF.3.96.1080304230916.27590O-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 04, 2008 at 11:29:24PM +1100, Ian Smith wrote: > On Mon, 3 Mar 2008, Bob Keyes wrote: > > On Mon, 3 Mar 2008, Aaron Siegel wrote: > > > My almost ten year old pc that has been running 24/7 as a firewall gateway is > > > about to die. (Of course it is running Freebsd) I would like to build a > > > embedded gateway, DNS server, with DDNS client, wireless access point, > > > IPSEC , and firewall. > > [.. lots of useful stuff ..] > > > > I am looking at Soekris 48xx and if needed the vpn board.. As of now I > > > like to stick with x86 platform. Any other suggestions? > > > > I believe that soekris stuff is coming to end-of-life. You may want to > > check out alternatives. PC Engines made something called WRAP, and there's > > a replacement board for it that's supposed to be pretty good. I used > > soekris boards quite a bit and have mixed feelings about them. Don't > > stress them too hard, and don't try to do PoE. > > Only the net-48xx series are at end-of-life, due to CPU unavailability. > Soekris are giving no indication of not proceding with everything else. > > Aaron, of course do check out all alternatives, but the net-5501 looks > likely useful for what you want to run, and takes either vpn board. > > I'm saving up .. anyone else concur with 'not streesing them too hard'? I've severely stressed the 4826 platform using the POE supplies available from Metrix. Given two nodes, each with a wired connected, a Wistrom CM9 and a Ubiquiti SR9, I ran 3 TCP streams, one per interface, full-bore from one node to the other using iperf for 5 minutes, then switched directions. I left this flip-flopping iperf test running for about 2.5 weeks and didn't have any issues. The problems people had here at Harvard with Soekris seemed to be tied to Linux, particularly the Atheros drivers. Once I swapped in FreeBSD those problems vanished. You should definitely look at the ALIX boards that have replaced the old WRAP boards. ALIX boards comparable to the 5501 also seem to be *much* (factor of 2) cheaper, but be aware that the top-end 5501-70 has twice as much RAM (512MB) and any available ALIX configuration. I assume the vpn1411 will work just fine on an ALIX board. Geoff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080307053717.GG65343>