[wellylug] Linux VPN Router Hardware

Pete Black pete at marchingcubes.com
Wed Aug 3 08:43:08 NZST 2005


it depends what you mean by 'inexpensive'.

I have had good experiences with IBM x-series 1U rack servers, but if 
you want something cheaper than that, then I would say get a bunch of 
second hand desktop PCs and kit them out with an extra NIC. I have had 
good experiences with compaq deskpros, which can be had cheaply 
ex-government departments from a variety of second-hand resellers.

No x86 machine will give you particularly good power consumption in 
absolute terms, but the alternative is embedded systems which usually 
have lower performance and are less straightforward to set up and run 
with. Relatively speaking, power consumption shouldnt be a major 
problem as long as you arent running an overclocked P4 with a l33t 
gaming video card and 12 hard disks.

You dont need a lot of CPU power to route packets and run a small 
number (less than, say, 5) VPN tunnels - even a P2-300 would do this - 
but if you are looking to support large numbers of users, then it would 
be wise to get something with a bit more grunt - say a P3-800 class 
CPU. You probably want to err on the side of 'too much CPU' here if you 
need to saturate a 10Mbps pipe with encrypted packets 24x7 but assuming 
this is a point-to-point connection, any P3-class CPU should handle 
that without missing a beat.

My VPN routers had uptimes way over 2 months, you can expect to 
practically never reboot a Linux box if it is just sitting there 
routing packets.

Reliability is always an issue with second-hand PCs but second-hand 
server-class (e.g. rackmount stuff) is usually a pretty safe bet.

-Pete

On 2/08/2005, at 11:53 PM, Rob Giltrap wrote:

> I looking for recommendations for hardware to run a Linux VPN router 
> setup.
>
> I want something that is fairly reliable (like it should only have to 
> be rebooted maybe once every two months)
> It is also desirable if it has low power consumption as it'll run 24*7
> Should be inexpensive (but not at the expense of reliability)
> Can handle a full 10Mb/sec traffic load (this is critical)
> And is plentiful (i.e. I can buy 10 of them all the same)
>
> Thanks, Rob.
>
>
> -- 
> Wellington Linux Users Group Mailing List: 
> wellylug at lists.wellylug.org.nz
> To Leave:  http://lists.wellylug.org.nz/mailman/listinfo/wellylug




More information about the wellylug mailing list