nanog mailing list archives

RE: VPN recommendations?

From: Ryland Kremeier <rkremeier () barryelectric com>
Date: Thu, 10 Feb 2022 22:14:50 +0000

I think my experience is unique, but wanted to put it out there anyway. I’ve actually had quite a few problems with 
Meraki equipment during the one instance I worked with them. After a few hours to days, the switches would stop 
functioning. You could still access them through the webgui and issue a reboot to resolve the issue, but the problem 
persisted even after many resets and calls with Cisco.

Again, likely some bonk hardware, but in case anyone else has had a similar experience I wanted this to be known.

Thank you,
-- Ryland

________________________________
From: NANOG <nanog-bounces+rkremeier=barryelectric.com () nanog org> on behalf of Brandon Svec via NANOG <nanog () 
nanog org>
Sent: Thursday, February 10, 2022 3:50:49 PM
To: William Herrin <bill () herrin us>
Cc: nanog () nanog org <nanog () nanog org>
Subject: Re: VPN recommendations?

Meraki may be considered expensive, requires perpetual license to operate and is difficult to get currently (very long 
lead times) but is dead.stupid.simple to install and maintain.  I have yet to find a business or home network that it 
does not work on out of the box, but if you find one it would be an issue to overcome for any solution, right? i.e. 
open some ports on the up stream device one time.

https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshooting


Brandon Svec



On Thu, Feb 10, 2022 at 10:05 AM William Herrin <bill () herrin us<mailto:bill () herrin us>> wrote:
Hi folks,

Do you have any recommendations for VPN appliances? Specifically: I need to build a site to site VPNs at speeds between 
100mpbs and 1 gbit where all but one of the sites are behind an IPv4 NAT gateway with dynamic public IP addresses.

Normally I'd throw OpenVPN on a couple of Linux boxes and be happy but my customer insists on a network appliance. Site 
to site VPNs using IPSec and static IP addresses on the plaintext side are a dime a dozen but traversing NAT and 
dynamic IP addresses (and automatically re-establishing when the service goes out and comes back up with different 
addresses) is a hard requirement.

Thanks in advance,
Bill Herrin

--
William Herrin
bill () herrin us<mailto:bill () herrin us>
<https://bill.herrin.us/>
https://bill.herrin.us/

Current thread:

Re: VPN recommendations?, (continued)
- - - Re: VPN recommendations? Sabri Berisha (Feb 10)
    - Re: VPN recommendations? Bjørn Mork (Feb 11)
- Re: VPN recommendations? David Bass (Feb 10)
- Message not available
  - Re: VPN recommendations? William Herrin (Feb 10)
- Message not available
  - Re: VPN recommendations? William Herrin (Feb 10)
    - Re: VPN recommendations? Mark Wiater (Feb 10)
- RE: VPN recommendations? James R. Price (Feb 10)
- Re: VPN recommendations? Matt Harris (Feb 10)
  - Re: VPN recommendations? Mel Beckman (Feb 10)
- Re: VPN recommendations? Brandon Svec via NANOG (Feb 10)
  - RE: VPN recommendations? Ryland Kremeier (Feb 10)
- Re: VPN recommendations? William Herrin (Feb 10)
- Re: VPN recommendations? Mark Tinka (Feb 10)
- Re: VPN recommendations? Rich Greenwood via NANOG (Feb 11)