Re: VPN recommendations?

[Shawn L via NANOG <nanog () nanog org>]

Meraki MX series?
 
I don't like the way they do their licensing (your license runs out, the box is a paper-weight) but they do really well 
at establishing site-to-site VPNs in some pretty challenging scenarios.  Dynamic IPs and NATs don't really cause them a 
problem.  Some CGNats do (AT&T I'm looking at you).
 
 
Shawn
 
-----Original Message-----
From: "Keith Stokes" <keiths () salonbiz com>
Sent: Thursday, February 10, 2022 1:11pm
To: "William Herrin" <bill () herrin us>
Cc: "nanog () nanog org" <nanog () nanog org>
Subject: Re: VPN recommendations?


Pfsense on Netgate appliances?
I’ve used several of them, while not for this exact purpose they have done the roles but maybe not the amount of VPN 
traffic. 


--
Keith Stokes
SalonBiz, Inc

 On Feb 10, 2022, at 12:02 PM, William Herrin <[ bill () herrin us ]( mailto:bill () herrin us )> wrote:




Hi folks,
Do you have any recommendations for VPN appliances? Specifically: I need to build a site to site VPNs at speeds between 
100mpbs and 1 gbit where all but one of the sites are behind an IPv4 NAT gateway with dynamic public IP addresses.
Normally I'd throw OpenVPN on a couple of Linux boxes and be happy but my customer insists on a network appliance. Site 
to site VPNs using IPSec and static IP addresses on the plaintext side are a dime a dozen but traversing NAT and 
dynamic IP addresses (and automatically re-establishing when the service goes out and comes back up with different 
addresses) is a hard requirement.
Thanks in advance,
Bill Herrin
 -- 







William Herrin
[ bill () herrin us ]( mailto:bill () herrin us )[ 
 ]( https://bill.herrin.us/ )
[ https://bill.herrin.us/ ]( https://bill.herrin.us/ )