Re: VPN recommendations?

[Mark Wiater <mark.wiater () greybeam com>]

pfsense and opnsense both do fine with natted ipsec in the environmnets 
i've tested.

Isn't there an openvpn appliance too?

On 2/10/2022 1:17 PM, Shawn L via NANOG wrote:
> Meraki MX series?
>
> I don't like the way they do their licensing (your license runs out, 
> the box is a paper-weight) but they do really well at establishing 
> site-to-site VPNs in some pretty challenging scenarios. Dynamic IPs 
> and NATs don't really cause them a problem.  Some CGNats do (AT&T I'm 
> looking at you).
>
> Shawn
>
> -----Original Message-----
> From: "Keith Stokes" <keiths () salonbiz com>
> Sent: Thursday, February 10, 2022 1:11pm
> To: "William Herrin" <bill () herrin us>
> Cc: "nanog () nanog org" <nanog () nanog org>
> Subject: Re: VPN recommendations?
>
> Pfsense on Netgate appliances?
> I’ve used several of them, while not for this exact purpose they have 
> done the roles but maybe not the amount of VPN traffic.
>
> --
> Keith Stokes
> SalonBiz, Inc
>
> On Feb 10, 2022, at 12:02 PM, William Herrin <bill () herrin us> wrote:
>
>     Hi folks,
>     Do you have any recommendations for VPN appliances? Specifically:
>     I need to build a site to site VPNs at speeds between 100mpbs and
>     1 gbit where all but one of the sites are behind an IPv4 NAT
>     gateway with dynamic public IP addresses.
>     Normally I'd throw OpenVPN on a couple of Linux boxes and be happy
>     but my customer insists on a network appliance. Site to site VPNs
>     using IPSec and static IP addresses on the plaintext side are a
>     dime a dozen but traversing NAT and dynamic IP addresses (and
>     automatically re-establishing when the service goes out and comes
>     back up with different addresses) is a hard requirement.
>     Thanks in advance,
>     Bill Herrin
>
>     -- 
>     William Herrin
>     bill () herrin us
>     <https://bill.herrin.us/>
>     https://bill.herrin.us/