Re: CIPE server for 100's of CIPE links?|
Andreas Billmeier <b,AT,edevau,DOT,net>|
Wed, 2 Mar 2005 09:32:30 +0100|
Brad Parker <brad,AT,heeltoe,DOT,com>|
Ede Vau & Partner|
On Fri, 18 Feb 2005 12:06:59 -0500
Brad Parker <brad,AT,heeltoe,DOT,com> wrote:
> Now I have a VPN application where I have potentially 100's of remote
> sites which could connect. The remote devices are small embedded
> systems without a lot of resources.
what kind of "small embedded remote devices" do you (plan to) use ?
I am looking for something like this since 1/2 Year.
I am currently using cipe mostly for remote administration purposes with
approx. 30 peer networks behind dsl dial-up lines, my router is on a
dedicated box connected to a leased line with fixed ip. this box is running
2.4.x and i am very happy with it.
My future plan ist to migrate currently 12 pptp and serveral (planned) ip-sec
tunnels into cipe, also. ipsec was choosen because most of these cheap
embedded dsl routers support it (more or less). ipsec should have 2.6.x on a
linux box, so i had to set up a seperate box for these ipsec links. all the
peers are all to small for setting up a dedicated linux box at the peers for
tunneling, this is the only thing which kept me from doing it with cipe.
after 2 or 3 days playing with racoon i found setting up ipsec with this kind
of routers is more complex as i thought it would be...up to now i checked 2
dlink an one smc, all experiments died with authentication problems.
The embedded pc style boxes i already checked have rtl8139-lan chips on board
(which i don´t like), or they are too expensive (>400 Eur). the ipsec project
will have 5-6 peers only for private purposes, so i hope to find a hardware
for less than 100 Eur. next most of these boxes have compact flash "disks"
with limited write lifes, so i believe i must setup a ramdisk for "/",
increasing the costs with 1 GB RAM min, overkill.
Most of these peers have one PC with XPSP2 running, there is a pending
cipe-win32 bug which makes setting up cipe-win32 there impossible. If i can´t
find a fitting router hardware, my next experiment would check out openvpn on
(surrounded with question marks)